CYBER SECURITY PROCEDURE

CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 1 Prep: NWC App: HSU Date: 01 Apr, 2018 Page 1 of 1

Cyber Security Procedure Index

Chapter Procedure Title Page Date of Issue

1 Purpose 1 01 Apr. 2018

2 Responsibility 1 01 Apr. 2018

3 Security Terminology 1-4 01 Apr. 2018

4 General Cyber Security 4-5 01 Apr. 2018

5 General Protection from Cyber Attacks 5-7 01 Apr. 2018

6 Shipboard Equipment vulnerable to Cyber Attack and action to 8-12 01 Apr. 2018
mitigate or eliminate from attack.

7 Action if Attack Occurs 12-13 24 Jan. 2019

8 Training for Security Awareness 13 01 Apr. 2018

Appendix Assessment of Cyber Security (VDR) 01 Mar. 2018

Assessment of Cyber Security (ECDIS) 01 Mar. 2018

Assessment of Cyber Security (GPS) 01 Mar. 2018

Assessment of Cyber Security (AIS) 01 Mar. 2018

Assessment of Cyber Security (Email Computer) 01 Mar. 2018

Assessment of Cyber Security (Voyager Computer) 01 Mar. 2018

Assessment of Cyber Security (PMS/SPIC) 01 Mar. 2018

Assessment of Cyber Security (ODME) 01 Mar. 2018

Assessment of Cyber Security (Loading Computer) 01 Mar. 2018

Assessment of Cyber Security (Internet and Wi-Fi) 01 Mar. 2018

Cyber Attack Notification - Poster 30 Dec 2018

Use of Personal Devices Onboard - Poster 01 Jul. 2018

Responsible use of Social Media - Poster 01 Jul. 2018

 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 1 Prep: NWC App: HSU Date: 01 Apr, 2018 Page 2 of 1

Cyber Security Procedure Index

 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 1 Prep: TI App: SS Date: 01 Apr, 2018 Page 1 of 1

Revision Record

Revised Revised Document Title Rev Date Date Date Signature of

Doc. No. No. (new doc.) (old doc.) Rev. responsible person
7. Cyber Attack Notification and 2 24.Jan.2019 01.Apr.2018
Reporting

Chapter 3 Security Terminology 3 01.Dec.2020 24.Jan.2019

 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 1 of 13

Procedure

1. Purpose
Number of computer based systems are being used onboard. As ship safety and cyber security of the
equipment are closely linked, cyber security is becoming critical for safe operation of ship. The purpose of
this procedure is to establish Shipboard Cyber Security Procedure.

2. Responsibility
Master is responsible for the implementation of this procedure and control for cyber security.
All crew who are assigned for the use the equipment/device vulnerable to cyber-attack are responsible to the
master for the implementation of this procedure.

3. Security Terminology
Attack
In the context of computer/network security, an attack is an attempt to access resources on a computer or a
network without authorization, or to bypass security measures that are in place.

Anti-Virus Software
Software designed to detect and potentially eliminate viruses before they have had a chance to wreak havoc
within the system. Anti-virus software can also repair or quarantine files that have already been infected by
virus activity. See also Virus.

Backup
File copies that are saved as protection against loss, damage or unavailability of the primary data.

Buffer
A holding area for data.

Buffer overflow
A way to crash a system by putting more data into a buffer than the buffer is able to hold.

Browser
A client software program that can retrieve and display information from servers on the World Wide Web.
Often known as a “Web browser” or “Internet browser,” Examples include Microsoft’s Internet Explorer,
Google’s Chrome, Apple’s Safari, and Mozilla’s Firefox.

Cracker
A hacker who specializes in “cracking” or discovering system passwords to gain access to computer
systems without authorization. See also hacker.

Crash
Sudden failure of a computer system, rendering it unusable.

Denial of Service (DoS) Attack

The prevention of authorized access to a system resource or the delaying of system operations and
functions. Often this involves a cybercriminal generating a large volume of data requests. See also
Flooding.

Spoofing
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 2 of 13

Procedure

Masquerading so that a trusted IP address is used instead of the true IP address. A technique used by
hackers as a means of gaining access to a computer system.
Jamming
A simple, highly effective method of causing a DoS on a wireless LAN. Jamming, as the name suggests,
involves the use of a device to intentionally create interfering radio signals to effectively “jam” the
airwaves.

Hacker
A person who spends time learning the details of computer programming and operating systems, how to test
the limits of their capabilities, and where their vulnerabilities lie.

Malware
Malicious software, which is designed to access or damage a computer without the knowledge of the owner.
There are various types of malware including trojans, ransomware, spyware, viruses, and worms.
Ransomware encrypts data on systems until a ransom has been paid. Malware may also exploit known
deficiencies and problems in outdated/unpatched business software. The term “exploit” usually refers to the
use of a software or code, which is designed to take advantage of and manipulate a problem in another
computer software or hardware. This problem can, for example, be a code bug, system vulnerability,
improper design, hardware malfunction and/or error in protocol implementation. These vulnerabilities may
be exploited remotely or triggered locally eg a piece of malicious code may often be executed by the user,
sometimes via links distributed in email attachments or through malicious websites.

Scanning
Searching large portions of the internet at random for vulnerabilities that could be exploited.

Spam
Unwanted, unsolicited email from someone you don’t know. Often sent in an attempt to sell you something
or get you to reveal personal information

Spyware
Software that uses your Internet connection to send personally identifiable information about you to a
collecting device on the Internet. It is often packaged with software that you download voluntarily, so that
even if you remove the downloaded program later, the spyware may remain. See also Malware.

Targeted attacks
may be more sophisticated and use tools and techniques specifically created for targeting a certain company
or ship. Examples of tools and techniques, which may be used in these circumstances, include:
- Social engineering A non-technical technique used by potential cyber attackers to manipulate insider
individuals into breaking security procedures, normally, but not exclusively, through interaction via
social media.
- Brute force. An attack trying many passwords with the hope of eventually guessing correctly. The
attacker systematically checks all possible passwords until the correct one is found.
- Credential stuffing. Using previously compromised credentials or specific commonly used passwords
to attempt unauthorized access to a system or application.
- Denial of service (DoS) prevents legitimate and authorized users from accessing information, usually
by flooding a network with data. A distributed denial of service (DDoS) attack takes control of multiple
computers and/or servers to implement a DoS attack.
- Phishing. Sending emails to a large number of potential targets asking for particular pieces of sensitive
or confidential information. The email may also contain a malicious attachment or request that a person
visits a fake website using a hyperlink included in the email.
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 3 of 13

Procedure

- Spear-phishing. Like phishing but the individuals are targeted with personal emails, often containing
malicious software or links that automatically download malicious software. In some instances, SAT-C
messages have been used to establish a sense of familiarity with a malicious sender’s email address.
- Subverting the supply chain. Attacking a company or ship by compromising equipment, software or
supporting services being delivered to the company or ship.

Trojans
The name is short for “Trojan horse,” and refers to a software program that appears to perform a useful
function, but in fact, performs actions that the user of the program did not intend or was not aware of.
Trojan horses are often written by hackers to circumvent the security of a system. Once installed, the hacker
can exploit the security holes created by the Trojan to gain unauthorized access, or the Trojan program may
perform some action such as:
 Deleting or modifying files
 Transmitting files across the network to the intruder
 Installing other programs or viruses
Basically, the Trojan can perform any action that the user has privileges and permissions to do on the
system. This means a Trojan is especially dangerous if the unsuspecting user who installs it is an
administrator and has access to the system files.
Trojans can be very cleverly disguised as innocuous programs, such as utilities or screensavers. A Trojan
can also be installed by an executable script (JavaScript, a Java applet, Active-X control, and others) on a
web site. Accessing the site may initiate the installation of the program if the web browser is configured to
allow scripts to run automatically.

Typosquatting
Also called URL hijacking or fake URL. Relies on mistakes such as typos made by internet users when
inputting a website address into a web browser. Should a user accidentally enter an incorrect website
address, they may be led to an alternative and often malicious website.

Viruses
The most common use of the term ”virus” is any program that is installed without the awareness of the user
and performs undesired actions (often harmful, although sometimes merely annoying).Viruses may also
replicate themselves, infecting other systems by writing themselves to any floppy disk that is used in the
computer or sending themselves across the network. Viruses are often distributed as attachments to e-mail,
or as macros in word processing documents. Some activate immediately upon installation, and others lie
dormant until a specific date/time or a particular system event triggers them.
Viruses come in thousands of different varieties. They can do anything from popping up a message that says
“Hi!” to erasing the computer’s entire hard disk. The proliferation of computer viruses has also led to the
phenomenon of the virus hoax, which is a warning – generally circulated via email or websites – about a
virus that does not exist or that does not do what the warning claims it will do.
Viruses, however, present a real threat to your network. Companies such as Symantec and McAfee make
anti-virus software that is aimed at detecting and removing virus programs. Because new viruses are being
created daily, it is important to download new virus definition files, which contain information required to
detect each virus type, on a regular basis to ensure that your virus protection stays up to date.

Vulnerability
A weakness in the hardware or software or security plan that leaves a system or network open to threat of
unauthorized access or damage or destruction of data.

Worms
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 4 of 13

Procedure

A worm is a program that can travel across the network from one computer to another. Sometimes different
parts of a worm run on different computers. Technically, a worm – unlike a virus – can replicate itself
without user interaction; however, much modern documentation makes little distinction between the two, or
classifies the worm as a subtype of the virus. Worms make multiple copies of themselves and spread
throughout a network. Originally the term worm was used to describe code that attacked multiuser systems
(networks) while virus was used to describe programs that replicated on individual computers.
The primary purpose of the worm is to replicate. These programs were initially used for legitimate purposes
in performing network management duties, but their ability to multiply quickly has been exploited by
hackers who create malicious worms that replicate wildly, and may also exploit operating system
weaknesses and perform other harmful actions.

Water holing
Establishing a fake website or compromising a genuine website to exploit unsuspecting visitors.

4. General Cyber Security

a) Cyber-attack by Physical Access
Accessing to resources on computer or network is cyber-attack. Therefore, the control of physical
access is important. Physical access are:
 Physical access to the sever (not applicable to ship)
 Physical access to networked workstation (Bridge-Navigation System and Computer,
Master’s office – Email and internet system, CCR, ECR)
 Physical access to network devices ( Routers, Hubs )
 Physical access to the cable ( this is ignorable on the ship )
 Access to wireless media (Wi-Fi fitted onboard)
 Access to computers ( All computer )
 Allowing data to be printed out
 Access to CD, DVD, USB etc.

b) Attack by Hackers
Those who hake into networks for
 Just for fun
 Invade the network for personnel gain, such as transfer funds to their account etc.
 Revenge dissatisfied customer, disgruntled former employees etc.
So, the potential attack by hacker is considerably very low for the company ship.

c) Denial of Service Attacks

Denial of Service (DOS) attacks are one of the most popular choices of Internet hackers who want
to disrupt a network’s operations. Although they do not destroy or steal data as some other types of
attacks do, the objective of the DOS attacker is to bring down the network, denying service to its
legitimate users. DOS attacks are easy to initiate; software is readily available from hacker websites
and warez newsgroups that will allow anyone to launch a DOS attack with little or no technical
expertise.
The purpose of a DOS attack is to render a network inaccessible by generating a type or amount of
network traffic that will crash the servers, overwhelm the routers or otherwise prevent the network’s
devices from functioning properly. Denial of service can be accomplished by tying up the server’s
resources, for example, by overwhelming the CPU and memory resources. In other cases, a
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 5 of 13

Procedure

particular user/machine can be the target of denial of service attacks that hang up the client machine
and require it to be rebooted.
 Warez is a term used by hackers and crackers to describe bootlegged software that has
been “cracked” to remove copy protections and made available by software pirates on the
Internet, or in its broader definition, to describe any illegally distributed software.

d) GPS/AIS Spoofing
A spoofing attack is where a person or program successfully masquerades as another by falsifying
data (sending false information) Example: A GPS spoofing attack deceives a GPS receiver by
broadcasting counterfeit GPS signals - cause the receiver to estimate its position to be somewhere
other than where it actually is - alter the course of the vessel.

e) GPS Jamming
The intentional interference with GPS signals – Stops, blocks or “jams” GPS signals – Instead of
providing false data or information (spoofing), the GPS signals are blocked • AIS, ECDIS, VDR,
VTS – all affected when GPS is “lost” - without GPS, vessels cannot provide a range or bearing to
surrounding vessels - affects other navigation systems as well.

f) Cyber Attacks during using of internet.

Computer is attacked through/by various route and delete, destroy or crack files or systems, such as:
 When surfing untrusted web.
 When do online communication with a criminal organization etc.
Therefore, computer should be well protected by network security software.

5. General Protection from Cyber Attack

a) Protect against online fraud
Be sure to never request personal information or account details through email, social networking or
other online messages. Never request this kind of information through such channels and to contact
directly if have any concerns.

b) Protect against phishing

Never respond to incoming messages requesting private information. Also, to avoid being led to a
fake site, never click on a link sent by email from an untrustworthy source.

c) Develop strong password

A good password policy is the first line of defense in protecting network from intruders.
Careless password practices (choosing common passwords such as “god” or “love” or the user’s
spouse’s name; choosing short, all-alpha, one-case passwords, writing passwords down or sending
them across the network in plain text) are like leaving your car doors unlocked with the keys in the
ignition. Although some intruders may be targeting a specific system, many others are just
“browsing” for a network that’s easy to break into. Lack of a good password policy is an open
invitation to them.

Password should
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 6 of 13

Procedure

 have a minimum of eight characters

 not be “dictionary” words
 consist of a mixture of alpha, numeric and symbol characters
 be created by their users
 be easy for users to remember
 never be written down
 be changed on a regular basis
 be changed anytime compromise is suspected

d) Secure and encrypt Wi-Fi

A Wireless Local Area Network (WLAN) for the use of customers, guests and visitors to be kept
separate from the main ship’s network so that traffic from the public network cannot traverse the
internal systems at any point.

e) Email
Email is the primary method for spreading viruses and malware and it is one of the easiest to defend
against. Email-filtering services set at ship’s email service. Ensure that automatic updates are
enabled on ship’s email application, email filter and anti-virus programs. Ensure that filters are
reviewed regularly so that important email and/or domains are not blocked in error.
- Company shall send urgent bulletins when new virus are detected.
- Avoid opening unexpected text messages from unknown senders
- Do not open unidentified links or unfamiliar sits.
- Never respond to incoming message requesting private information.

f) Protect sensitive information sent via E-mail

Sensitive information never be disclosed via E-mail without company’s permission.
Sensitive information is considered to be:
- Passage plan
- Cargo information
- Contact details of company staff & crew information
- Manual etc.

g) Access control
For the prevention of unauthorized access, the following control is required onboard.
1) Securing Workstation
 Many navigation equipment are vulnerable to attack. The access to the navigation bridge
should be restricted in the port.
 Email system and/or internet system is in Master’s Office. The access to Master’s Office
should be restricted. It is recommended to lock the door of master’s office whenever he
leave his office in the port.
 Cargo Control Room (CCR) has several systems vulnerable to attack such as Loading
Computer, Deck Work Computer, ODME, Nitrogen Control System etc. CCR should not
be left unmanned by duty officer or responsible officer in the port.
2) Access to the hub placed at Master’s Office or Navigation Bridge needs to be restricted.
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 7 of 13

Procedure

3) Effective Password
4) Access to computer, ship’s equipment which are venerable to attract should be restricted. This
access control incudes the use of unauthorized USB, CD, DVD and any devices.
5) All computers onboard should be protected by appropriate password.
6) Wi-Fi should be protected by appropriate password and only the password assigned for visitor
must be disclosed to visitors.
7) Removable Storage Device such as CD, DVD except training CD/DVD and USB should be
kept secured.

h) Use of Internet ( for the ship with internet system)

 Surfing of the web is allowed to only trusted web.
 Antivirus software should be updated.
 Ship and company activity including sensitive information should not be disclose by using
social media.
 Company e-mail address and ship’s email address must not be register for, or get notices
from, social media sites.
 Social networking account should not be established by using ship’s internet.
 Online communication with a criminal organization is prohibited.
 Avoid to being led to a fake sit (never click on a link sent by email from an untrustworthy
source.
 Do not reply to fake antivirus “scareware” and other online security scams and report to
company immediately.
 Never install malware on the ship’s computer.
 Never connect web by ship’s computer.
 Not allow to connect ship’s internet system by private computer.
 Not allow to connect ship’s network by private router.

i) Backup
Important file copies should be saved as protection against loss, damage or unavailability of the
primary data. Saving methods include high-capacity tape, separate disk sub-systems or on the
Internet. Off-site backup storage is ideal, sufficiently far away to reduce the risk of environmental
damage such as flood, which might destroy both the primary and the backup if kept nearby. The
installation CD of all ship’s computing system such as loadcom, PMS, SPICS, Watchkeeper should
be well stored securely.

6. Shipboard Equipment vulnerable to Cyber Attack and action to mitigate or eliminate from
attack.
Some ship’s equipment are vulnerable. The affecting equipment are:
 VDR
 ECDIS
 AIS
 GPS
 ODME
 Load Computer
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 8 of 13

Procedure

 E-mail System
 Internet & Wi-Fi
 Voyager Computer
 PMS/SPICS Computer

Specific Action for Ship’s Equipment

VDR (Voyage Data Recorder)
1. Vulnerability
 Physical access to the VDR aboard ship and destroy, delete or alter in the VDR (Crew member,
visitor, service technician)
 Feeding of malware into VDR by portable storage devise (USB) for transfer record.
 Attack via on-board remote access to the VDR aboard ship, through other system to the VDR (Crew
member, visitor, service technician) – Vulnerability is very low.
 Attack via remote access to the VDR from shore. Many VDRs are designed with a capability for
remote downloads Threat - Vulnerability is very low.
2. Action to eliminate or mitigate of risk
 Restrict physical access to VDR. (Crewmember, visitor, service technician)
 Security check of service technician.
 Before updating of VDR by using USB, scan the USB to prevent feeding of malware into VDR.
 Before inserting USB for data transfer, format the USB or use new USB which never been used.
 If navigation equipment connected to VDR such as ECDIS, disconnect temporary until the connected
equipment is cleaned.

ECDIS
1. Vulnerability
 Physical access to the VDR aboard ship ( Crew member, visitor, service technician)
 Fake information is transferred from GPS, AIS due to spoofing or jamming which may put ship in
dangerous situation.
 Feeding of malware into ECDIS during updating of ENC chars by USB
 Feeding of malware into ECDIS when charging phone or any other devices
 Feeding of malware into ECDIS by loading of crew’s personnel files on ECDIS
2. Action to eliminate or mitigate of risk
 Physical access to ECDIS should be restricted except navigation officers.
 Crosschecking of navigational information in particular during costal navigation (GPS, RADAR, AIS)
 ECDIS should not be used for any purpose except for Navigation and Passage Planning.
 USB storage must not be used for the updating of ENC charts, use DVD provided onboard.
 Never charge phone or other electric devices by using the USB Ports of ECDIS
 Crew’s file must not be loaded on ECDIS.
 Disconnect the system if connected system is infected, or fake information is transferred or suspected.
 When the transferring of data from ECDIS Data to USB, the USB should be formatted before inserting
or use new USB.
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 9 of 13

Procedure

 When the use of USB is inevitable from the update of ENC Charts due to the malfunction of DVD
burning system on the data receiving computer, ensure that the data receiving computer is not infected.

GPS
1. Vulnerability
 Incorrect indication of ship’s position due to Spoofing of GPS which can lead to run a grounding
 Incorrect indication of ship’s position due Jamming of GPS which can lead to run a grounding
2. Action to eliminate or mitigate of risk
 Cross check of ship’s position by using other position fixing method such as Radar, Visual, and
Observation of celestial body.
 Position fixing more frequently during transit of the high risk area.

AIS
1. Vulnerability
 Incorrect indication of ship’s position due to Spoofing of GPS which resulted in the failure of
 Modification of all ship details, position, course, cargo, speed, name
 Creation of “ghost” vessels at any global location, which would be recognized by receivers as
genuine vessels
 Trigger a false collision warning alert, resulting in a course adjustment
2. Action to eliminate or mitigate of risk
 Cross check of ship’s position by using other position fixing method such as Radar, Visual, and
Observation of celestial body etc.
 Monitor ECDIS, Radar for identifying of fake information
 Appropriate look out for identifying of fake information or the ship with no AIS or switched off AIS.

E-mail Computer
1. Vulnerability
 Physical access to the Email Computer aboard ship and destroy, delete or alter in the E-mail
Computer. ( Crew member, visitor, service technician)
 Feeding of malware into E-mail computer by when use infected portable storage devise such as
USB or other memory card.
 Feeding of malware, virus etc. to Email computer through email communication.
 Feeding of malware into Email Computer during inter-communication within ship
2. Action to eliminate or mitigate of risk
 Physical access to the computer should be restricted except assigned crew for using.
 Secure computer with pass ward. The secure password should be at least 8 deferent types of
characters.
 Check the identity of the sender. Do not open attachment and do not click on internet links coming
from suspects or unknown senders
 Save data on a regular bases - Prepare for a breakdown or a data theft by backing up data regularly,
using dedicated external storage, and kept safe.
 Control installed software on IT devices – install only software actually needed, and always with prior
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 10 of 13

Procedure

approval of company. Download software only from thrusted websites and perform regular update.
 All computer used for intercommunication should be scanned periodically.(for the ship equipped
SATCOM communication system)
 Infected portable storage device should not be used and scan the device before opening.

Voyager Computer/PMS & SPICS Computer

1. Vulnerability
 Physical access to the Voyager Computer aboard ship and destroy, delete or alter in the PMS
computer (Crew member, visitor, service technician)
 Feeding of malware into the computer when use infected portable storage device.
2. Action to eliminate or mitigate of risk
 Physical access to the computer should be restricted except assigned crew for using.
 Secure computer with pass ward. The secure password should be at least 8 deferent types of characters
 The computer should be scanned periodically.(for the ship equipped SATCOM communication
system)
 Infected portable storage device should not be used and scan the device before opening.

ODME
1. Vulnerability
 There is no risk of destroy, delete or alter the data/setting of ODME by malware when an infected
USB-Memory Stick is inserted for the transfer of record and the illegal conversion of system
program is very low as it can be made only manufacturer’s technician.
 Incorrect indication of ship’s position due to Spoofing or Jamming of GPS
2. Action to eliminate or mitigate of risk
 Restrict access to ODME except the crew in charge of ODME.
 In case of the spoofing or jamming of GPS, the OOW on the bridge to notice the crew in charge of
operation if ODME is being operated and enter the position manually

Loading Computer
1. Vulnerability
1) Physical access to the Loading Computer aboard ship and destroy, delete or alter in the Loading
Computer ( Crew member, visitor, service technician)
2) Install/use other software in the loading computer can lead to alter the loading program.
3) Feeding of malware into Loading Computer by when use infected portable storage device such as
USB or other memory card.
Above 1)-3) can lead to exceed the maximum allowable ship’s stability and stress due to wrong result of loadcom
calculation, which reduce ship’s seaworthiness.
1) Damage stability information is not immediate available in an emergency situation.
This can lead ship to dangerous ship situation.
2. Action to eliminate or mitigate of risk
 Physical access to the computer should be restricted except assigned crew for using.
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 11 of 13

Procedure

 Never install any software in the loading computer

 Secure computer with pass ward. The secure password should be at least 8 deferent types of characters
 Infected portable storage device should not be used and scan the device before opening.
 The accuracy should be calibrated as per company procedure, for which the data in the loading manual
should be used.
 Visitor’s portable storage device should not be inserted or scanning before open.

Oily Water Separator

1. Vulnerability
1) Physical access to the OWS aboard ship and destroy, delete or alter in the OWS ( Crew member,
visitor, service technician)
2. Action to eliminate or mitigate of risk
1) Physical access to Oily Water Separator should be restricted except assigned crew for using.

Internet and Wi-Fi ( for the ship with internet )

1. Vulnerability
1) Physical access to Internet Computer aboard ship and destroy, delete or alter in the Internet
Computer ( Crew member, visitor, service technician)
2) Feeding of malware when surfing of untrusted web.
3) Feeding of malware to the failure of updating of antivirus software
4) D-Dos
5) Attack when do communication with a criminal organization
6) Attack by installing malware
7) Feeding of malware when use portable memory storage device.

2. Action to eliminate or mitigate of risk

 Access to Internet Computer should be restricted
 Secure computer with pass ward. The secure password should be at least 8 deferent types of characters
and not save it in a file or in an internet browser.
 Surfing of the web is allowed to only trusted web.
 Antivirus software should be updated.
 Ship and company activity including sensitive information should not be disclose by using social
media.
 Company e-mail address and ship’s email address must not be register for, or get notices from, social
media sites.
 Social networking account should not be established by using ship’s internet.
 Online communication with a criminal organization is prohibited
 Avoid to being led to a fake sit (never click on a link sent by email from an untrustworthy source.
 Do not reply to fake antivirus “scareware” and other online security scams and report to company
immediately.
 Never install malware on the ship’s computer
 Infected portable storage device should not be used and scan the device before opening.
 Visitor’s portable storage device should not be inserted
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 12 of 13

Procedure

7. Cyber Attack Notification and Reporting

Any suspected or occurred cyber-attack MUST be immediately reported:
1) By ratings crewmembers to their Head of Department
2) By Head of Department to the Master.
3) By Master to Company Security Officer (CSO).
Refer to CSP Poster No.1 – “Cyber Attack Notification” for respective contact details.
Laminated CSP Poster No.1 must be displayed in Master’s and C/E’s Office and in both mess rooms.

Action in case computer is infected. (Recommended to consult company before taking

action)
Step 1. Use protection: Enter safe mode.
 Remove CDs and DVDs, and unplug USB drives from your computer. Then shut down.
 When you restart, press the F8 key repeatedly. This should bring up the Advanced Boot Options
menu.
 Select Safe Mode with Networking and press Enter. Only the bare minimum programs and
services are used in this mode. If any malware is programmed to automatically load when
Windows starts, entering safe mode may block the attempt.
Step 2. Back up your files, including documents, photos, and videos. Especially cat videos.
 Before back up, ensure that computer is not infected by malware.
 Do not back up program files, as those are where infections like to hide. You can always
download these programs again if files are lost.
Step 3. Download an on-demand malware scanner such as Malwarebytes Anti-Malware.
 Follow set-up instructions and install the program.
Step 4. Disconnect from the Internet. Then run a scan.
 Just go directly to the scan. If you do have an infection, your on-demand scanner should let you
know that you in danger, girl. A list of scan results tells you what malware was found and
removed.
Step 5. Restart your computer. After all, everyone deserves a second chance.
Step 6. Confirm the results of your anti-malware scan by running a full scan with another malware
detection program.
 Restart again if the program found additional infections.
Step 7. Update your operating system, browser, and applications.
 If there’s an update available on any of your software, go ahead and do it. Some of the most
dangerous forms of malware are delivered by “exploits” that take advantage of out-of-date
software.
Step 8. Reset all of your passwords.
 Before being deleted, malware could have captured your passwords and forwarded them to
hackers. Change each and every password you can think of, and make sure they’re strong. None
of this 1, 2, 3, 4, 5 business. That’s the combination an idiot would use on his luggage.
 CYBER SECURITY PROCEDURE
CSP
DORVAL SHIP MANAGEMENT K.K.
Rev.: 3 Prep: TI App: SS Date: 01 Dec. 2020 Page 13 of 13

Procedure

10. If, after all of these steps, you’re still having problems with a possible infection, feel free to contact
company

8. Training for Security Awareness

Security awareness training should be given to crew to understand the vulnerabilities shipboard system and
threats to operations that are present when using ship’s computer. It may include:
1) Understand and comply with procedure
2) Keep software update
3) Be aware of action ship’s crew can take to better protection, proper password usage, data backup,
proper antivirus protection.
4) Deter the spread of spam or virus and worms.

Reference
1) DNV Cyber security resilience management for ships and mobile offshore units in operation
2) The guidelines on Cyber Security Onboard Ships – BIMCO
3) MSC 95/4/1 Measures to Enhance Maritime Security (Industry guidelines on cyber security on
board ships)