Professional Documents
Culture Documents
Cyber Security Procedure 2020.12
Cyber Security Procedure 2020.12
Cyber Security Procedure 2020.12
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 1 Prep: NWC App: HSU Date: 01 Apr, 2018 Page 1 of 1
6 Shipboard Equipment vulnerable to Cyber Attack and action to 8-12 01 Apr. 2018
mitigate or eliminate from attack.
Revision Record
Procedure
1. Purpose
Number of computer based systems are being used onboard. As ship safety and cyber security of the
equipment are closely linked, cyber security is becoming critical for safe operation of ship. The purpose of
this procedure is to establish Shipboard Cyber Security Procedure.
2. Responsibility
Master is responsible for the implementation of this procedure and control for cyber security.
All crew who are assigned for the use the equipment/device vulnerable to cyber-attack are responsible to the
master for the implementation of this procedure.
3. Security Terminology
Attack
In the context of computer/network security, an attack is an attempt to access resources on a computer or a
network without authorization, or to bypass security measures that are in place.
Anti-Virus Software
Software designed to detect and potentially eliminate viruses before they have had a chance to wreak havoc
within the system. Anti-virus software can also repair or quarantine files that have already been infected by
virus activity. See also Virus.
Backup
File copies that are saved as protection against loss, damage or unavailability of the primary data.
Buffer
A holding area for data.
Buffer overflow
A way to crash a system by putting more data into a buffer than the buffer is able to hold.
Browser
A client software program that can retrieve and display information from servers on the World Wide Web.
Often known as a “Web browser” or “Internet browser,” Examples include Microsoft’s Internet Explorer,
Google’s Chrome, Apple’s Safari, and Mozilla’s Firefox.
Cracker
A hacker who specializes in “cracking” or discovering system passwords to gain access to computer
systems without authorization. See also hacker.
Crash
Sudden failure of a computer system, rendering it unusable.
Spoofing
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 2 of 13
Procedure
Masquerading so that a trusted IP address is used instead of the true IP address. A technique used by
hackers as a means of gaining access to a computer system.
Jamming
A simple, highly effective method of causing a DoS on a wireless LAN. Jamming, as the name suggests,
involves the use of a device to intentionally create interfering radio signals to effectively “jam” the
airwaves.
Hacker
A person who spends time learning the details of computer programming and operating systems, how to test
the limits of their capabilities, and where their vulnerabilities lie.
Malware
Malicious software, which is designed to access or damage a computer without the knowledge of the owner.
There are various types of malware including trojans, ransomware, spyware, viruses, and worms.
Ransomware encrypts data on systems until a ransom has been paid. Malware may also exploit known
deficiencies and problems in outdated/unpatched business software. The term “exploit” usually refers to the
use of a software or code, which is designed to take advantage of and manipulate a problem in another
computer software or hardware. This problem can, for example, be a code bug, system vulnerability,
improper design, hardware malfunction and/or error in protocol implementation. These vulnerabilities may
be exploited remotely or triggered locally eg a piece of malicious code may often be executed by the user,
sometimes via links distributed in email attachments or through malicious websites.
Scanning
Searching large portions of the internet at random for vulnerabilities that could be exploited.
Spam
Unwanted, unsolicited email from someone you don’t know. Often sent in an attempt to sell you something
or get you to reveal personal information
Spyware
Software that uses your Internet connection to send personally identifiable information about you to a
collecting device on the Internet. It is often packaged with software that you download voluntarily, so that
even if you remove the downloaded program later, the spyware may remain. See also Malware.
Targeted attacks
may be more sophisticated and use tools and techniques specifically created for targeting a certain company
or ship. Examples of tools and techniques, which may be used in these circumstances, include:
- Social engineering A non-technical technique used by potential cyber attackers to manipulate insider
individuals into breaking security procedures, normally, but not exclusively, through interaction via
social media.
- Brute force. An attack trying many passwords with the hope of eventually guessing correctly. The
attacker systematically checks all possible passwords until the correct one is found.
- Credential stuffing. Using previously compromised credentials or specific commonly used passwords
to attempt unauthorized access to a system or application.
- Denial of service (DoS) prevents legitimate and authorized users from accessing information, usually
by flooding a network with data. A distributed denial of service (DDoS) attack takes control of multiple
computers and/or servers to implement a DoS attack.
- Phishing. Sending emails to a large number of potential targets asking for particular pieces of sensitive
or confidential information. The email may also contain a malicious attachment or request that a person
visits a fake website using a hyperlink included in the email.
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 3 of 13
Procedure
- Spear-phishing. Like phishing but the individuals are targeted with personal emails, often containing
malicious software or links that automatically download malicious software. In some instances, SAT-C
messages have been used to establish a sense of familiarity with a malicious sender’s email address.
- Subverting the supply chain. Attacking a company or ship by compromising equipment, software or
supporting services being delivered to the company or ship.
Trojans
The name is short for “Trojan horse,” and refers to a software program that appears to perform a useful
function, but in fact, performs actions that the user of the program did not intend or was not aware of.
Trojan horses are often written by hackers to circumvent the security of a system. Once installed, the hacker
can exploit the security holes created by the Trojan to gain unauthorized access, or the Trojan program may
perform some action such as:
Deleting or modifying files
Transmitting files across the network to the intruder
Installing other programs or viruses
Basically, the Trojan can perform any action that the user has privileges and permissions to do on the
system. This means a Trojan is especially dangerous if the unsuspecting user who installs it is an
administrator and has access to the system files.
Trojans can be very cleverly disguised as innocuous programs, such as utilities or screensavers. A Trojan
can also be installed by an executable script (JavaScript, a Java applet, Active-X control, and others) on a
web site. Accessing the site may initiate the installation of the program if the web browser is configured to
allow scripts to run automatically.
Typosquatting
Also called URL hijacking or fake URL. Relies on mistakes such as typos made by internet users when
inputting a website address into a web browser. Should a user accidentally enter an incorrect website
address, they may be led to an alternative and often malicious website.
Viruses
The most common use of the term ”virus” is any program that is installed without the awareness of the user
and performs undesired actions (often harmful, although sometimes merely annoying).Viruses may also
replicate themselves, infecting other systems by writing themselves to any floppy disk that is used in the
computer or sending themselves across the network. Viruses are often distributed as attachments to e-mail,
or as macros in word processing documents. Some activate immediately upon installation, and others lie
dormant until a specific date/time or a particular system event triggers them.
Viruses come in thousands of different varieties. They can do anything from popping up a message that says
“Hi!” to erasing the computer’s entire hard disk. The proliferation of computer viruses has also led to the
phenomenon of the virus hoax, which is a warning – generally circulated via email or websites – about a
virus that does not exist or that does not do what the warning claims it will do.
Viruses, however, present a real threat to your network. Companies such as Symantec and McAfee make
anti-virus software that is aimed at detecting and removing virus programs. Because new viruses are being
created daily, it is important to download new virus definition files, which contain information required to
detect each virus type, on a regular basis to ensure that your virus protection stays up to date.
Vulnerability
A weakness in the hardware or software or security plan that leaves a system or network open to threat of
unauthorized access or damage or destruction of data.
Worms
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 4 of 13
Procedure
A worm is a program that can travel across the network from one computer to another. Sometimes different
parts of a worm run on different computers. Technically, a worm – unlike a virus – can replicate itself
without user interaction; however, much modern documentation makes little distinction between the two, or
classifies the worm as a subtype of the virus. Worms make multiple copies of themselves and spread
throughout a network. Originally the term worm was used to describe code that attacked multiuser systems
(networks) while virus was used to describe programs that replicated on individual computers.
The primary purpose of the worm is to replicate. These programs were initially used for legitimate purposes
in performing network management duties, but their ability to multiply quickly has been exploited by
hackers who create malicious worms that replicate wildly, and may also exploit operating system
weaknesses and perform other harmful actions.
Water holing
Establishing a fake website or compromising a genuine website to exploit unsuspecting visitors.
b) Attack by Hackers
Those who hake into networks for
Just for fun
Invade the network for personnel gain, such as transfer funds to their account etc.
Revenge dissatisfied customer, disgruntled former employees etc.
So, the potential attack by hacker is considerably very low for the company ship.
Procedure
particular user/machine can be the target of denial of service attacks that hang up the client machine
and require it to be rebooted.
Warez is a term used by hackers and crackers to describe bootlegged software that has
been “cracked” to remove copy protections and made available by software pirates on the
Internet, or in its broader definition, to describe any illegally distributed software.
d) GPS/AIS Spoofing
A spoofing attack is where a person or program successfully masquerades as another by falsifying
data (sending false information) Example: A GPS spoofing attack deceives a GPS receiver by
broadcasting counterfeit GPS signals - cause the receiver to estimate its position to be somewhere
other than where it actually is - alter the course of the vessel.
e) GPS Jamming
The intentional interference with GPS signals – Stops, blocks or “jams” GPS signals – Instead of
providing false data or information (spoofing), the GPS signals are blocked • AIS, ECDIS, VDR,
VTS – all affected when GPS is “lost” - without GPS, vessels cannot provide a range or bearing to
surrounding vessels - affects other navigation systems as well.
Password should
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 6 of 13
Procedure
e) Email
Email is the primary method for spreading viruses and malware and it is one of the easiest to defend
against. Email-filtering services set at ship’s email service. Ensure that automatic updates are
enabled on ship’s email application, email filter and anti-virus programs. Ensure that filters are
reviewed regularly so that important email and/or domains are not blocked in error.
- Company shall send urgent bulletins when new virus are detected.
- Avoid opening unexpected text messages from unknown senders
- Do not open unidentified links or unfamiliar sits.
- Never respond to incoming message requesting private information.
g) Access control
For the prevention of unauthorized access, the following control is required onboard.
1) Securing Workstation
Many navigation equipment are vulnerable to attack. The access to the navigation bridge
should be restricted in the port.
Email system and/or internet system is in Master’s Office. The access to Master’s Office
should be restricted. It is recommended to lock the door of master’s office whenever he
leave his office in the port.
Cargo Control Room (CCR) has several systems vulnerable to attack such as Loading
Computer, Deck Work Computer, ODME, Nitrogen Control System etc. CCR should not
be left unmanned by duty officer or responsible officer in the port.
2) Access to the hub placed at Master’s Office or Navigation Bridge needs to be restricted.
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 7 of 13
Procedure
3) Effective Password
4) Access to computer, ship’s equipment which are venerable to attract should be restricted. This
access control incudes the use of unauthorized USB, CD, DVD and any devices.
5) All computers onboard should be protected by appropriate password.
6) Wi-Fi should be protected by appropriate password and only the password assigned for visitor
must be disclosed to visitors.
7) Removable Storage Device such as CD, DVD except training CD/DVD and USB should be
kept secured.
i) Backup
Important file copies should be saved as protection against loss, damage or unavailability of the
primary data. Saving methods include high-capacity tape, separate disk sub-systems or on the
Internet. Off-site backup storage is ideal, sufficiently far away to reduce the risk of environmental
damage such as flood, which might destroy both the primary and the backup if kept nearby. The
installation CD of all ship’s computing system such as loadcom, PMS, SPICS, Watchkeeper should
be well stored securely.
6. Shipboard Equipment vulnerable to Cyber Attack and action to mitigate or eliminate from
attack.
Some ship’s equipment are vulnerable. The affecting equipment are:
VDR
ECDIS
AIS
GPS
ODME
Load Computer
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 8 of 13
Procedure
E-mail System
Internet & Wi-Fi
Voyager Computer
PMS/SPICS Computer
ECDIS
1. Vulnerability
Physical access to the VDR aboard ship ( Crew member, visitor, service technician)
Fake information is transferred from GPS, AIS due to spoofing or jamming which may put ship in
dangerous situation.
Feeding of malware into ECDIS during updating of ENC chars by USB
Feeding of malware into ECDIS when charging phone or any other devices
Feeding of malware into ECDIS by loading of crew’s personnel files on ECDIS
2. Action to eliminate or mitigate of risk
Physical access to ECDIS should be restricted except navigation officers.
Crosschecking of navigational information in particular during costal navigation (GPS, RADAR, AIS)
ECDIS should not be used for any purpose except for Navigation and Passage Planning.
USB storage must not be used for the updating of ENC charts, use DVD provided onboard.
Never charge phone or other electric devices by using the USB Ports of ECDIS
Crew’s file must not be loaded on ECDIS.
Disconnect the system if connected system is infected, or fake information is transferred or suspected.
When the transferring of data from ECDIS Data to USB, the USB should be formatted before inserting
or use new USB.
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 9 of 13
Procedure
When the use of USB is inevitable from the update of ENC Charts due to the malfunction of DVD
burning system on the data receiving computer, ensure that the data receiving computer is not infected.
GPS
1. Vulnerability
Incorrect indication of ship’s position due to Spoofing of GPS which can lead to run a grounding
Incorrect indication of ship’s position due Jamming of GPS which can lead to run a grounding
2. Action to eliminate or mitigate of risk
Cross check of ship’s position by using other position fixing method such as Radar, Visual, and
Observation of celestial body.
Position fixing more frequently during transit of the high risk area.
AIS
1. Vulnerability
Incorrect indication of ship’s position due to Spoofing of GPS which resulted in the failure of
Modification of all ship details, position, course, cargo, speed, name
Creation of “ghost” vessels at any global location, which would be recognized by receivers as
genuine vessels
Trigger a false collision warning alert, resulting in a course adjustment
2. Action to eliminate or mitigate of risk
Cross check of ship’s position by using other position fixing method such as Radar, Visual, and
Observation of celestial body etc.
Monitor ECDIS, Radar for identifying of fake information
Appropriate look out for identifying of fake information or the ship with no AIS or switched off AIS.
E-mail Computer
1. Vulnerability
Physical access to the Email Computer aboard ship and destroy, delete or alter in the E-mail
Computer. ( Crew member, visitor, service technician)
Feeding of malware into E-mail computer by when use infected portable storage devise such as
USB or other memory card.
Feeding of malware, virus etc. to Email computer through email communication.
Feeding of malware into Email Computer during inter-communication within ship
2. Action to eliminate or mitigate of risk
Physical access to the computer should be restricted except assigned crew for using.
Secure computer with pass ward. The secure password should be at least 8 deferent types of
characters.
Check the identity of the sender. Do not open attachment and do not click on internet links coming
from suspects or unknown senders
Save data on a regular bases - Prepare for a breakdown or a data theft by backing up data regularly,
using dedicated external storage, and kept safe.
Control installed software on IT devices – install only software actually needed, and always with prior
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 10 of 13
Procedure
approval of company. Download software only from thrusted websites and perform regular update.
All computer used for intercommunication should be scanned periodically.(for the ship equipped
SATCOM communication system)
Infected portable storage device should not be used and scan the device before opening.
ODME
1. Vulnerability
There is no risk of destroy, delete or alter the data/setting of ODME by malware when an infected
USB-Memory Stick is inserted for the transfer of record and the illegal conversion of system
program is very low as it can be made only manufacturer’s technician.
Incorrect indication of ship’s position due to Spoofing or Jamming of GPS
2. Action to eliminate or mitigate of risk
Restrict access to ODME except the crew in charge of ODME.
In case of the spoofing or jamming of GPS, the OOW on the bridge to notice the crew in charge of
operation if ODME is being operated and enter the position manually
Loading Computer
1. Vulnerability
1) Physical access to the Loading Computer aboard ship and destroy, delete or alter in the Loading
Computer ( Crew member, visitor, service technician)
2) Install/use other software in the loading computer can lead to alter the loading program.
3) Feeding of malware into Loading Computer by when use infected portable storage device such as
USB or other memory card.
Above 1)-3) can lead to exceed the maximum allowable ship’s stability and stress due to wrong result of loadcom
calculation, which reduce ship’s seaworthiness.
1) Damage stability information is not immediate available in an emergency situation.
This can lead ship to dangerous ship situation.
2. Action to eliminate or mitigate of risk
Physical access to the computer should be restricted except assigned crew for using.
CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 11 of 13
Procedure
Procedure
Procedure
10. If, after all of these steps, you’re still having problems with a possible infection, feel free to contact
company
Reference
1) DNV Cyber security resilience management for ships and mobile offshore units in operation
2) The guidelines on Cyber Security Onboard Ships – BIMCO
3) MSC 95/4/1 Measures to Enhance Maritime Security (Industry guidelines on cyber security on
board ships)