Subscribe to our Mailing Lists (It's free!)
Friday, May 20, 2022
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    itf fishers

    ITF targets UK visa system in report about exploitation of fishers

    robbery callao anchorage

    Robbery at ship at Callao anchorage, Peru

    steep accommodation ladder

    Lessons learned: Steep accommodation ladder can be a safety hazard

    welfare charity for shipping

    Welfare charity announces multimillion pound grant scheme for shipping

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    vehicle terminal powered by renewable energy

    Vehicle terminal powered by renewable energy launched in Yokohama

    eu ets

    WSC: EU ETS revision on the right path, but more improvements are needed

    peru oil spill

    Peru files $4.5bn lawsuit against six companies after January oil spill

    scorpio tankers

    Asian Shipowners’ Association: Need for early entry into force of the Hong Kong Convention

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    bimco software maintenance

    BIMCO, partners to present software maintenance submission to IMO

    emsa drones

    EMSA drones to offer Denmark maritime surveillance

    TotalEnergies launches global drone-based methane and CO2 detection campaign

    TotalEnergies launches global drone-based methane and CO2 detection campaign

    remote offshore inspections

    Demonstration shows capability of drones to conduct remote offshore inspections

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    New Shanghai lockdown creates fears over supply chain disruption

    PSC Focus: Key highlights for containers (CY 2021)

    Malaysia crew change

    Identifying Challenging Ports: Key factors for consideration

    tokyo mou cic

    Tokyo MoU Remote Inspections : Lessons Learned

    PSC Focus: Deficiency Code Ranking and Spread

    PSC Focus: Deficiency Code Ranking and Spread

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    ics covid 19 impact

    ICS report analyzes impact of COVID-19 on shipping and seafarers

    jolly nero

    Book Review: How Jolly Nero aspires to lead to diligent pilotage

    merging plan

    Xeneta: Long-term reefer rates soar to all-time highs on US West Coast to Far East trades

    Malaysia crew change

    Identifying Challenging Ports: Key factors for consideration

  • Columns
    Poseidon Principles for Marine Insurance

    Poseidon Principles for Marine Insurance

    Career Paths: Catarina Fant, Wasaline

    Career Paths: Päivi Brunou, Wärtsilä Voyage 

    Career Paths: Catarina Fant, Wasaline

    Career Paths: Catarina Fant, Wasaline

    Trending Tags

    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    itf fishers

    ITF targets UK visa system in report about exploitation of fishers

    robbery callao anchorage

    Robbery at ship at Callao anchorage, Peru

    steep accommodation ladder

    Lessons learned: Steep accommodation ladder can be a safety hazard

    welfare charity for shipping

    Welfare charity announces multimillion pound grant scheme for shipping

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    vehicle terminal powered by renewable energy

    Vehicle terminal powered by renewable energy launched in Yokohama

    eu ets

    WSC: EU ETS revision on the right path, but more improvements are needed

    peru oil spill

    Peru files $4.5bn lawsuit against six companies after January oil spill

    scorpio tankers

    Asian Shipowners’ Association: Need for early entry into force of the Hong Kong Convention

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    bimco software maintenance

    BIMCO, partners to present software maintenance submission to IMO

    emsa drones

    EMSA drones to offer Denmark maritime surveillance

    TotalEnergies launches global drone-based methane and CO2 detection campaign

    TotalEnergies launches global drone-based methane and CO2 detection campaign

    remote offshore inspections

    Demonstration shows capability of drones to conduct remote offshore inspections

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    New Shanghai lockdown creates fears over supply chain disruption

    PSC Focus: Key highlights for containers (CY 2021)

    Malaysia crew change

    Identifying Challenging Ports: Key factors for consideration

    tokyo mou cic

    Tokyo MoU Remote Inspections : Lessons Learned

    PSC Focus: Deficiency Code Ranking and Spread

    PSC Focus: Deficiency Code Ranking and Spread

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    ics covid 19 impact

    ICS report analyzes impact of COVID-19 on shipping and seafarers

    jolly nero

    Book Review: How Jolly Nero aspires to lead to diligent pilotage

    merging plan

    Xeneta: Long-term reefer rates soar to all-time highs on US West Coast to Far East trades

    Malaysia crew change

    Identifying Challenging Ports: Key factors for consideration

  • Columns
    Poseidon Principles for Marine Insurance

    Poseidon Principles for Marine Insurance

    Career Paths: Catarina Fant, Wasaline

    Career Paths: Päivi Brunou, Wärtsilä Voyage 

    Career Paths: Catarina Fant, Wasaline

    Career Paths: Catarina Fant, Wasaline

    Trending Tags

    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

IACS: Recommendations for remote access to onboard IT systems

by The Editorial Team
October 26, 2018
in Cyber Security
antivirus on vessels
FacebookTwitterEmailLinkedin

IACS issued a guidance report on Remote Update/Access aiming to establish recommendations for control over remote access to onboard Information Technology (IT) and Operation Technology (OT) systems. Additionally, where remote maintenance is used, clear procedures and protective measures, which include mechanisms for validating updates prior to their deployment and simply reverting to earlier revisions in the case of corruption, should be adopted.

Read in this series

    • How to conduct proper software maintenance
    • Efficient control of software dependent systems
    • Contingency plan for onboard computer based systems
    • Guidelines on ship board network architecture
    • Data assurance of computer-based system onboard
    • Protecting network systems onboard from cyber risks
    • How to ensure proper operation of integration systems
    • Developing an inventory list of computer-based systems
    • Recommendations for remote access to onboard IT systems


Remote Access

-Ship to shore interface

For computer based systems on board that could be critical for the safety of navigation, power and cargo management, the transmissions of data which can be critical to the safety of the ship should be protected against unauthorized access.

The system integrator, producers and service providers should have an updated cyber security company policy, which includes training and governance procedures for accessible IT and OT onboard systems.

RelatedNews

USCG: FAQ to address cyber risks

Inmarsat’s solution to protect ship networks against cyber attacks

OT should have the necessary capabilities to mitigate against the risks of remote access / update. The equipment should have the capability to terminate a connection from the on board terminal and immediately revert to the known and uncorrupted state. Additionally, the Company should implement appropriate procedures for managing remote access / update.

Systems should have characteristic necessary to prevent interruptions to remote access sessions interfering with the integrity and availability of OT or the data OT uses. The shipowner should include in contracts with system integrator, producers and service providers clauses to requiring evidence of their internal governance for cyber network security.

-Configuration of network devices such as firewalls, routers and switches

Networks, that provide suppliers with remote access to allow upload of system upgrades or perform remote servicing of navigation and other OT system software on onboard, should be controlled (i.e. designed to prevent any security risks from connected devices by use of firewalls, routers and switches (reference IEC 61162-460)). Shoreside external access points of such connections should be secured to prevent unauthorised access.

-Policy and procedures

The shipowner should establish policies and procedures for control of remote access to onboard IT and OT systems. Clear guidelines should identify who has permission to access, when they can access, and what they can access. Any procedures for remote access should include close co-ordination with the ship’s master and other key senior ship personnel.

Additionally, any remote access should be initiated and confirmed by a responsible person onboard, and it should be possible at all times to terminate the remote connection by the responsible personnel onboard.

The procedures for activities on board should include steps to:

  • Document allowed methods of remote access to the information system;
  • Establish usage restrictions and implementation guidance for each allowed remote access method;
  • Monitor for unauthorized remote access to the information system;
  • Authorize remote access to the information system prior to connection; and
  • Enforce requirements for remote connections to the information system.

Remote maintenance

The Owner should implement the following safeguards for remote maintenance:

  • A permit to work system, like the one in use for hot work on board.
  • The connection for remote maintenance should always be initiated by the local IT or OT system. This can be accomplished by having the target systems call the remote maintenance location or by using an automatic call-back function.
  • All activities during remote maintenance should be monitored by in-house trained and designated IT or OT personnel. It should be possible at all times to cancel remote maintenance locally.
  • The external maintenance personnel should authenticate when beginning the maintenance session. Passwords should not be transmitted in unencrypted form. If systems cannot provide encryption, tunneling traffic through an encrypting virtual private network (VPN) should be adopted.
  • To the extent possible, remote access credentials should be personal, not shared (e.g. by a vendor’s technical support team). If this is not possible, one-time passwords should be used and reset after the session ended.
  • Procedures should be in place to ensure the remote maintenance process is ended safely, once completed.
  • Remote maintenance shall be logged. Logging information should at least contain the start and end time, persons involved during the remote maintenance and content of the maintenance.

Validating Updates

The following consideration should be included in the procedure for validating updates:

  • Remote update should only be carried out by authorised personnel;
  • Update signatures ensure the integrity and authenticity of the update;
  • Update data transfer protection (encryption or cyclic redundancy check – CRC) to prevent exposure of software image;
  • Update data decryption or CRC;
  • Malware scanning;
  • Update data validation ensures update integrity;
  • Post-update verification ensures that the system is performing appropriately.

Software and update versions should also be stored and log which records the:

  • versions that are in use,
  • versions that were in use, and
  • versions that are stored.

Explore more herebelow:

Tags: cyber securityIACSITreports

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

ics covid 19 impact

ICS report analyzes impact of COVID-19 on shipping and seafarers

May 19, 2022
vehicle terminal powered by renewable energy

Vehicle terminal powered by renewable energy launched in Yokohama

May 19, 2022
MARITIME EVENTS

Newsletter

GET THE SAFETY4SEA IN YOUR INBOX!

Explore

  • Safety
  • Green
  • Smart
  • Risk
  • Others
  • Events
  • Plus

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Contact

© 2021 SAFETY4SEA

No Result
View All Result
  • Safety
    • Alerts
    • Accidents
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Opinions
    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus

© 2021 SAFETY4SEA

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Disclaimer.