A group of shipping organisations in early December updated the Guidelines on Cyber Security onboard Ships document to offer guidance to shipowners and operators on procedures and actions to maintain the security of cyber systems in the company and onboard vessels.
Among topics covered in the updated document was an incident describing how malware could be potentially introduced to vessels during a bunker surveying operation.
“A dry bulk ship in port had just completed bunkering operations. The bunker surveyor boarded the ship and requested permission to access a computer in the engine control room to print documents for signature,” it described.
“The surveyor inserted a USB drive into the computer and unwittingly introduced malware onto the ship’s administrative network. The malware went undetected until a cyber-assessment was conducted on the ship later, and after the crew had reported a ‘computer issue’ affecting the business networks.
“This emphasises the need for procedures to prevent or restrict the use of USB devices onboard, including those belonging to visitors.”
The Guidelines on Cyber Security onboard Ships document advised there is a risk of introducing malware when transferring data from uncontrolled systems to controlled systems.
“Removable media can be used to bypass layers of defences and attack systems that are otherwise not connected to the internet. A clear policy for the use of such media devices is important; it must help ensure that media devices are not normally used to transfer information between uncontrolled and controlled systems,” it recommends.
“There are, however, situations where it is unavoidable to use these media devices, for example during software maintenance. In such cases, there should be a procedure in place to check removable media for malware and/or validate legitimate software by digital signatures and watermarks.
“Policies and procedures relating to the use of removable media should include a requirement to scan any removable media device in a computer that is not connected to the ship’s controlled networks. If it is not possible to scan the removable media on board, eg the laptop of a maintenance technician, then the scan could be done prior to boarding. Companies should consider notifying ports and terminals about the requirement to scan removable media prior to permitting the uploading of files onto a ship’s system.”
The full Guidelines on Cyber Security onboard Ships document can be downloaded here.
The following organisations and companies have participated in the development of these guidelines:
Published: 13 December, 2018
Garren Hay will be responsible for sales of the PANOLIN range of Environmentally Acceptable Lubricants for the Singapore sole distributor agent Gealubes Consulting & Trading Pte Ltd.
Universal Alliance, BMS United, Digiland International, Goodwood Associates, Southernpec (Singapore), and Taigu Energy were involved in alleged circular fictitious trades of fuel oil during July 2015.
Bunker orders of ISO 8217:2010 spec LS 380 cSt 0.5% for Nord Gemini, Nord Titan, Ocean Rosemary, and Luzern were placed through global commodities trading and logistics house Trafigura Pte Ltd.
While Covid-19 concerns are important, Captain Rahul Choudhuri was quick to note this does not mean bunker fuel related issues have indeed disappeared from the shipping sector.
‘Therefore, representing the players of the Malaysian bunker industry, we sincerely hope that this matter can be refined and reconsidered immediately so that all parties benefit together,’ says communication.
Maureen Poh, a Director of Helmsman LLC, offers plain practical tips on the differences between US and EU Sanctions and shares some thoughts on what companies could do if they are potentially exposed to sanctioned entities.