The Shipowners’ Club publishes its final article in its cyber risks series, now focusing on the benefits of antivirus software, the importance of contingency plans in case of a cyber-attack and what actions operators can take to ensure good security practice on board their ships.
What are the benefits of using antivirus software and why must it be updated?
An antivirus software aims to check devices for viruses, by carrying out scans on devices and searching for known viruses which are stored in its database. Cyber criminals are updating and re-configuring their virus every day with more than 300 million new viruses in 2018. As a result, the antivirus software must look for the newest viruses, and it must be regularly updated.
The benefits of having an updated well configured antivirus software are:
- Detection: The user will be notified if a virus is active on a device;
- Prevention: The device will be quarantined.
It must be kept in mind that an antivirus software is only effective when used consistently. Members should have a policy of regularly scanning storage devices and equipment prior to each time they are plugged in or integrated with the system. This policy should apply to all systems and personnel without exception
the Shipowners’ Club notes.
Moreover, an antivirus does not completely prevent cyber threats and attacks. It is, therefore, of paramount importance that the antivirus is supported by good policies and procedures.
What concerns should operators consider when developing contingency plans and drills for safe operations in case of a cyber-attack?
Businesses and organisations that require minimal or close to no downtime during an event like a significant cyber-attack, should develop and maintain a sound Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). These can also be applied to on board plans and procedures.
BCPs keep the organisation operating throughout an event which threatens normal functionality. A disaster recovery plan mainly focuses on making a full or near-full recovery after a disaster has taken place. These are equally important and they should be carefully planned. When plans are developed, they should be regularly revisited, for any review or amendments.
In addition, it is very important that:
- The documents are regularly updated;
- The plans are tested regularly to determine their effectiveness in meeting their goals;
- The relevant employees are tested regularly to determine their effectiveness in the role they play in a disaster scenario. Table-top exercises and round table reviewing and assessing of the BCP and DRP should be carried out on a regular basis.
Is it important to regularly change the WI-FI password?
This is a crucial step to maintaining good security practice. The Club suggests that the non-guest Wi-Fi password should be changed every six months, or at least every year.
What is more, it is recommended that the following Wi-Fi password policies are used:
- More than 25 characters;
- Do not use dictionary words;
- Have at least one lowercase letter, uppercase letter, number and symbol;
- Temporarily block a user after five failed attempts to log in, we recommend a block time of 15 minutes;
- Use WPA2 with AES.
In case of admin access to Wi-Fi routers, it must be ensured that the Admin user name and password are changed from the default setting and that these details are shared with as few people as possible.
Should operators perform periodic run checks to make sure that the systems are updated and not infected/vulnerable?
Carrying out regular checks is a good way of reducing risks. If system expertise is not available within the organisation, experts can be consulted to perform periodic checks of systems and networks for vulnerabilities. This is known as vulnerability scanning and can be conducted by most cyber security companies.
In the cyber-security industry, vulnerability scanning is a sub-task of the wider performance of vulnerability management.
Should operators have a set of checklists to help crew comply with cyber procedures?
It is important that all crew know the risks and have the necessary tools and knowledge to fulfil a crucial cyber-security role. Thus, having a checklist, is recommended to help the crew carry out their cyber related duties on board as necessary.
To add to the checklists, a comprehensive cyber-security awareness training program might also be valuable. Considerations can be made to establish ‘playbooks’ and checklists for the crew members to review and be aware of the proper procedures in an easy and understandable format.
There should be clear and in-depth policies and procedures for everything allowed and specifically not allowed on board and the crew should also be regularly tested on these procedures
the Shipowners’ Club concluded.