• Follow Us On Our Preferred Social Media Platform:

Cyber security document highlights risk from bunker surveying ops

13 Dec 2018

A group of shipping organisations in early December updated the Guidelines on Cyber Security onboard Ships document to offer guidance to shipowners and operators on procedures and actions to maintain the security of cyber systems in the company and onboard vessels.

Among topics covered in the updated document was an incident describing how malware could be potentially introduced to vessels during a bunker surveying operation.

“A dry bulk ship in port had just completed bunkering operations. The bunker surveyor boarded the ship and requested permission to access a computer in the engine control room to print documents for signature,” it described.

“The surveyor inserted a USB drive into the computer and unwittingly introduced malware onto the ship’s administrative network. The malware went undetected until a cyber-assessment was conducted on the ship later, and after the crew had reported a ‘computer issue’ affecting the business networks.

“This emphasises the need for procedures to prevent or restrict the use of USB devices onboard, including those belonging to visitors.”

The Guidelines on Cyber Security onboard Ships document advised there is a risk of introducing malware when transferring data from uncontrolled systems to controlled systems.

“Removable media can be used to bypass layers of defences and attack systems that are otherwise not connected to the internet. A clear policy for the use of such media devices is important; it must help ensure that media devices are not normally used to transfer information between uncontrolled and controlled systems,” it recommends.

“There are, however, situations where it is unavoidable to use these media devices, for example during software maintenance. In such cases, there should be a procedure in place to check removable media for malware and/or validate legitimate software by digital signatures and watermarks.

“Policies and procedures relating to the use of removable media should include a requirement to scan any removable media device in a computer that is not connected to the ship’s controlled networks. If it is not possible to scan the removable media on board, eg the laptop of a maintenance technician, then the scan could be done prior to boarding. Companies should consider notifying ports and terminals about the requirement to scan removable media prior to permitting the uploading of files onto a ship’s system.”

The full Guidelines on Cyber Security onboard Ships document can be downloaded here.

The following organisations and companies have participated in the development of these guidelines:

  • Anglo-Eastern Group
  • Aspida
  • Chamber of Shipping of America (CSA)
  • ClassNK
  • COLUMBIA Shipmanagement Ltd
  • Cruise Lines International Association (CLIA)
  • CyberKeel
  • International Association of Dry Cargo Shipowners (INTERCARGO)
  • International Association of Independent Tanker Owners (INTERTANKO)
  • International Chamber of Shipping (ICS)
  • International group of Protection & Indemnity clubs
  • International Union of Marine Insurance (IUMI)
  • InterManager
  • Maersk Line
  • Moran Shipping Agencies, Inc.
  • NCC Group
  • Oil Companies International Marine Forum (OCIMF)
  • SOFTimpact Ltd
  • Templar Executives
  • World Shipping Council

Published: 13 December, 2018

Related News

Featured News

Our Industry Partners

  • argus

PR Newswire