Количество
и сумма товаров
в корзине

Каталог изданий

 

Cyber Security Workbook for On Board Ship Use, 2nd Edition, 2021
Cyber Security Workbook for On Board Ship Use, 2nd Edition, 2021
Cyber Security Workbook for On Board Ship Use, 2nd Edition, 2021
Just Published
Рабочая книга по кибербезопасности для использования на борту судна, 2-е изд., 2021.
Вышла из печати в октябре 2020 г.
This publication has been produced by
BIMCO,
ICS (International Chamber of Shipping) and
Witherby Publishing Group.

Цена, руб.: 18900
 –  + 
в наличии

 

Год издания: 2021 eng
Издатель: BIMCO, ICS, Witherby Publishing Group

This workbook is a practical, straightforward and easy to understand guide to support the Master and the ship’s crew with cyber security risk management.

Now in its second edition , the workbook provides detailed guidance on all aspects of cyber security protection, defence and response (including brand new sections on remote access, intrusion detection systems and engine department considerations).

Fully revised , comprehensive checklists are also included to assist with the practical, day-to-day management of onboard cyber security. This workbook is an essential tool in helping to ensure that cyber risks are appropriately addressed in onboard safety management systems (as required by IMO Resolution MSC.428(98)). It will also benefit shipowners, ship managers, ports and their IT departments.

'Cyber Security Workbook for On Board Ship Use' is referenced in ISGOTT Sixth Edition as a source of practical guidance for Masters and ship’s crew (ref: ISGOTT 6, section 6.4, para.3)

YouTube Video 1

YouTube Video 2

См. MSC.428(98) * - Управление киберрисками в морской отрасли в системах управления безопасностью (СУБ) = Maritime Cyber Risk Management in Safety Management Systems.
В ней говорится, что в утвержденных СУБ должно учитываться управление киберрисками и функциональными требованими МКУБ (ISM Code).
ИМО призывает администрации обеспечить надлежащее устранение киберрисков существующих СУБ не позднее первой ежегодной проверки Документа о соответствии компании после 1 января 2021 г.

*) указанная резолюция не опубликована в Сборнике № 57 резолюций ИМО .

Contents

Section 1 – Introduction

1.1 Cyber Security Risk Management – IMO Requirements and Guidelines
1.1.1 Supporting Regulatory Guidelines
1.2 Cyber Outlook for Shipping
1.3 Purpose of this Workbook
1.4 Checklists

Section 2 – Identifying Risks

2.1 Vulnerable Ship Systems
2.2 What is a Cyber Attack?
2.2.1 Attacker Profiles
2.2.2 Types of Cyber Attack

Section 3 – Protection, Prevention and Training

3.1 Prevention of Malware Attacks
3.2 Software Updates
3.3 Endpoint Protection
3.3.1 Anti-virus
3.4 Passwords
3.5 Cyber Security and the SMS
3.5.1 Cyber Security and the Ship Security Plan (SSP)
3.6 Crew Training
3.6.1 Ship Cyber Security Drill
3.6.2 Cyber Security Familiarisation
3.6.3 Crew Training Cyber Security Checklist

Section 4 – Detect, Respond and Recover: General Principles

4.1 Detecting a Cyber Incident
4.2 Detecting a Cyber Incident Checklist
4.3 Incident Response
4.3.1 Third Party Support
4.3.2 Cyber Recovery Plan
4.3.3 Backups
4.4 Responding to a Cyber Incident On Board

Section 5 – Detect, Respond and Recover: Ship’s Business Systems

5.1 Onboard Business Computers
5.1.1 USB Ports and Drives
5.1.2 USB Cleaning Stations
5.1.3 Personal Devices and USB Ports
5.1.4 Onboard Business Computer Checklist
5.2 Network Segregation On Board
5.2.1 Existing/Simple Networks
5.2.2 Segregated Networks
5.2.3 Achieving a Segregated Network
5.2.4 Maintaining a Segregated Network
5.2.5 Benefits of Network Segregation
5.2.6 Vulnerable Systems On Board
5.3 Network Segregation Checklist
5.4 Wireless Networks
5.4.1 Business WiFi
5.4.2 Crew WiFi
5.4.3 Guest Access
5.4.4 WiFi Network Security
5.4.5 Virtual Private Network (VPN)
5.4.6 Networks (Wireless and Wired)
5.5 Satellite Communications Equipment
5.5.1 Satcom Passwords
5.5.2 Admin Password Security
5.5.3 Confirming that the Satcom System is Not Available from the Public Internet
5.5.4 Is the Software Running on the Satcom System Kept Up to Date?
5.5.5 Applying Updates to Satellite Terminals
5.5.6 Physical Security of the Satellite Terminal
5.5.7 Software Security of the Satellite System
5.5.8 Satellite Communications
5.6 Cellular Data Connections
5.7 Connecting to Shore WiFi in Port
5.7.1 Crew Connecting to WiFi Ashore
5.7.2 Shore WiFi in Port/Shore Cellular Data Checklist

Section 6 – Detect, Respond and Recover: OT Systems

6.1 Understanding OT Systems
6.2 Engine Department Considerations
6.3 OT Systems Checklist for Crew
6.4 ECDIS Security
6.4.1 Updates
6.4.2 Physical Security
6.4.3 ECDIS Recovery
6.4.4 Recognising Genuine NAVTEX Messages
6.4.5 ECDIS Cyber Security Checklist
6.5 GNSS Security
6.5.1 GNSS Input Data
6.6 Cyber Security Checks on the Navigation Bridge during Watchkeeping

Section 7 – OT Cyber Security: Onshore Office and IT Department

Considerations

7.1 Ship’s Network Architecture
7.1.1 IDMZ
7.1.2 Data Diodes (unidirectional (single direction) gateways)

7.2 OT Asset Management and Risk Assessment
7.2.1 Asset Management
7.2.2 Asset Risk Assessment
7.2.3 Asset Management and Risk Assessment Checklist

7.3 Securing OT Systems

7.4 Securing the Ethernet IP Network Used by OT Systems
7.4.1 Converter Security

7.5 Remote Access
7.5.1 Remote Access Checklist

7.6 Intrusion Detection Systems (IDS)

7.7 OT Systems Checklist for IT Department/Onshore Office

Annexes

Annex 1 – Regional Regulatory Guidance
Annex 2 – Checking for Windows Updates
Annex 3 – Creating User Accounts
Annex 4 – Checking for Segregated Networks
Annex 5 – How to Check that Anti-virus Software Updates are Applied
Annex 6 – NMEA 0183
Annex 7 – Example of a Cyber Security Familiarisation Checklist for New Crew Members
Annex 8 – Planning a Crew Training Session
Annex 9 – Further Resources