Take 10 #12: Cyber security

01 Jun 2016 The Navigator

In this issue of The Navigator, cyber security has fallen under the spotlight. Here are ten key points to take in.

1 Attacks happen

Cyber security should concern everybody, even those who are not computer experts. All seafarers can make a difference.

2 Data protection

Ship’s officers must make sure they know who can access what data, and who is allowed in rooms containing key technical equipment.

3 Personal risk

Personal devices (smart phones, laptops, USB sticks) and ship systems (navigation, cargo, control, communication) are susceptible to attacks. Connecting personal devices to ship systems for exchanging data or even for charging is highly risky. Don’t do it!

4 Know your weaknesses

Vulnerable systems include cargo, bridge, propulsion, access control, passenger services, public networks, administrative and crew welfare systems, and all external communication systems.

5 Be prepared

Cyber security plans require both safety and security aspects. All procedures for cyber risk management should complement existing requirements contained in the ISM Code and ISPS Codes. Contingency plans must be ready and well rehearsed for when something goes wrong.

6 App awareness

Android software and apps have a 90% likelihood of carrying malware; iOS have an 80% likelihood, of which you will be entirely unaware until it is plugged into something else (Futurenautics Crew Connectivity Survey).

7 Social skills

Social media is a key source of viruses or information for targeting individuals. Be aware of what you post!

8 Jamming and spoofing

Global Navigation Satellite Systems (GNSS – including GPS) are vulnerable to intentional and unintentional jamming and spoofing. By following conventional best practice, such as observing radar and visual references, you can minimise the risks.

9 Risk training

Every ship will have different risks and levels of risk. All crew should be informed and trained about the risks appropriate to their roles, how to manage them and how to react to an incident. Regular onboard updates, drills and mentoring are also key.

10  Want to know more?

Good advice on cyber strategies is widely available online. Specific guidelines for cyber security onboard ships has been published by BIMCO and can be found at www.BIMCO.org

Like our top 10 tips? #NavInspire
Find more in your own language at www.nautinst.org/NavInspire

Return to listing