The danger of cyber attacks at sea have increased recently. For this reason, the Japan Club issued the circular called “Cyber risk and cyber security,” addressing possible risks and how they can be mitigated.
The last years, ship communications have increased. Along with this, the number of ship systems that are susceptible to being infected with a virus also increased, with the way in which viruses infect systems being more varied.
[smlsubform prepend=”GET THE SAFETY4SEA IN YOUR INBOX!” showname=false emailtxt=”” emailholder=”Enter your email address” showsubmit=true submittxt=”Submit” jsthanks=false thankyou=”Thank you for subscribing to our mailing list”]
Ship communications devices and their connected onboard PCs, navigation electronics and propulsion equipment are crucial to cyber security countermeasures. However, there seems to be little known about taking a specific approach to the examination of risk assessment, revisions to the SMS or SSP.
Actions such as the use of illegally copied software and illegally downloaded sites are some of the factors which make a system may easy to be infected. Moreover, since around 2010, there have been some cases where a ship was infected as a result of a crewmember using 3G/4G when calling at port.
However, to prevent these incidents the Japan Club describes a set of actions that can provide a solution:
- Identify the IT systems: In order to list them up.
- Implementation of risk assessment: Risk assessment is to be implemented by examining the possible outcomes of a cyber attack, frequency and current management method.
- Establishment of necessary countermeasures: As a result of risk assessment, countermeasures are to be planned, implemented and operated.
- Implementation, operation and management of incidents: Check the status of additional countermeasures and verify that there are no flaws using reports of incidents and near misses from the ship, or an ISM/ISPS internal audit conducted by a superintendent.
- Incident statistical analysis: Companies have to conduct statistical analysis based on the reports of incidents and near misses from the ship, and the results reported from the ISM/ISPS internal audit.
- Review and improvement: After a statistical analysis, a review is needed as to whether the additional countermeasures are working, and if the countermeasures are not enough or if a new risk was reported, the risk assessment has to be implemented again.
For more information, click in the PDF herebelow
