The Guidelines on Cybersecurity onboard Ships/Руководство по кибербезопасности на борту судов

Издание на английском языке
The book is dedicated to improving the safety and security of seafarers, the environment, cargo and ships in the face of growing cyber threats. She offers recommendations for developing a cyber risk management strategy on ships, taking into account current regulatory requirements and best practices. In the context of the active use of digital technologies in shipping, the authors emphasize the importance of managing cyber risks, including assessing threats, vulnerabilities, and the impact of incidents. The book also focuses on the need to involve company management in a culture of cyber risk management and offers tools for assessing and prioritizing actions to mitigate these risks. In addition to the recommendations of the International Maritime Organization (IMO), the approaches of other organizations such as NIST and the importance of ships and ports working together to enhance overall cyber resilience are also being considered.

Contents
Introduction
1 Cyber security and risk management
1.1 Cyber security characteristics of the maritime industry
1.2 Senior management involvement
1.3 Roles, responsibilities and tasks
1.4 Differences between IT and OT systems
1.5 Plans and procedures
1.6 Relationship between shipowner and ship manager
1.7 Relationship between the shipowner and the agent
1.8 Relationship with vendors and other external parties
2 Identify threats
2.1 Threat actors
2.2 Types of cyber threats
2.3 Stages of a cyber incident
2.4 Quantifying the threat
General considerations
Threats against OT systems
Threats against IT systems
3 Identify vulnerabilities
3.1 Common vulnerabilities
3.2 IT and OT systems' documentation
3.3 Typical vulnerable systems.
3.4 Ship to shore interface
3.5 Ship visits
3.6 Remote access
3.7 System and software maintenance
4 Assessing the likelihood
4.1 Likelihood as the product of threat and vulnerability
4.2 Quantifying the likelihood
5 Impact assessment.
5.1 The CIA model
5.2 Quantifying the impact.
5.3 "Critical" equipment and technical systems
6 Risk assessment
6.1 Relationship between factors influencing risk
6.2 The four phases of a risk assessment
Phase 1: Pre-assessment activities
Phase 2: Ship assessment
Phase 3: Debrief and reporting
Phase 4: Manufacturer's debrief
6.3 Third party risk assessments
7 Develop protection measures
7.1 Defence in depth and in breadth
Defence in depth
Defence in breadth
7.2 Technical protection measures
Limitation to and control of network ports, protocols and services
Configuration of network devices such as firewalls, routers and switches Physical security
Satellite and radio communication
Wireless access control
Secure configuration of hardware and software
Control administrative privileges
Email and web browser protection
Phishing: The most commonly reported cyber-attack
Application software security (patch management)
7.3 Procedural protection measures
Training and awareness
Computer access for visitors
Crew's personal devices
Upgrades and software maintenance
Anti-virus and anti-malware tool management
Remote access
Use of administrator privileges
Multi/factor authentication (MFA) and passwords
Physical and removable media controls
Equipment disposal including data destruction
8 Develop detection measures
8.1 Detection, logging, blocking and alerts
8.2 Malware detection
9 Establish contingency plans
Disconnecting OT from shore network connection
10 Respond to and recover from cyber security incidents
10.1 Effective response
10.2 The four phases of incident response
Phase 1, Preparation:
Phase 2, Detection and Analysis:
Phase 3, Containment and Eradication
Phase 4, Post-Incident Recovery:
10.3 Recovery plan.
10.4 Data recovery capability
10.5 Investigating cyber incidents
10.6 Losses arising from a cyber incident
Cover for property damage.
Cover for liability.
Cyber security clause for charter parties
10.7 Reporting of cyber incidents.
Annex 1 - Onboard IT and OT systems, equipment and technologies
Communication systems
Bridge systems
Propulsion, machinery management and power control systems
Access control systems
Cargo management systems
Passenger or visitor servicing and management systems
Passenger-facing networks
Core infrastructure systems
Administrative and crew welfare systems.
Annex 2 - Cyber risk management and the safety management system
Identify
Protect
Detect
Respond
Recover
Annex 3 - Onboard networks
Physical layout
Network management
Network segmentation
Monitoring data activity
Protection measures
Annex 4 - Glossary
Annex 5 - Contributors to most recent revision of this publication
Working Group 2024
Reference Group 2024