Cyber Attak

15.Guidelines on Maritime Cyber Risk Management are lald down in MISC-FAL.I/Cire.3.
Considering
these guideline elaborate following:
(a)Name all the onboard systems which are prone for cyber risks due to vulnerabilities created by
accessing,interconnecting or networking of such systems.
(b)Explain the Elements of Cyber risk management.
(c)With regard to Resolution MSC.428(98) on cyber risk management, what requirement is made
mandatory for shipping companies (company holding Document of Compliance). Specify since when
this requirement is enforced.
The Maritime Safety Committee, at its 98th session adopted a resolution to encourage
administrations to ensurethat cyber risks are appropriately addressed in existing safety management
systems no later than the first annual verification of the company's Document of Compliance after 1
January 2021.
In this context:
1. Define: cyber risk management and what are functional elements of cyber risk management.
2. List the various vulnerable systems on ships that can be subjected to cyber-attack
3. What are the various types of cyber-attacks?
Cyber risk management means the process of identifying, analyzing, assessing and communicating a
cyber-related risk and accépting, avoiding, transferring or mitigating it to an acceptable level,
considering costs and benefits of actions taken to stakeholders.
List the various wulnerable Systems on ships that can be subjected to cyber-attacK
Vulnerable systems could include, but are not limited to:

-1 Bridge systems;
2 Cargo handling and management systems;
3 Propulsion and machinery management and power control systems;
4 Access control systems
5 Passenger servicing and management systems;
6 Passenger facing public networks;
„7 Administrative and crew welfare systems; and
8 Communication systems.
Functional elements of cyber risk management:
1 Identify: Define personnel roles and responsibilities for cyber risk management and identify the
systems, assets,data and capabilities that, when disrupted, pose risks to ship operations.
.2 Protect: Implement risk control processes and measures, and contingency planning to protect
against a cyber-event and ensure continuity of shipping operations.
3 Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
4 Respond: Develop and implement activities and plans to provide resilience and to restore systems
necessary for shipping operations or services impaired due to a cyber-event.
5 Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations
impacted by a cyber-event.
In recognition of the urgent cyber threats to global shipping, a significant cybersecurity compliance
deadline facing the maritime industry is the IMO Resolution MSC.428(98). This resolution "encourages
administrations to ensure that cyber risks are appropriately addressed in existing safety management
systems (as defined in the ISM Code) no later than the first annual verification of the company's
Document of Compliance (pOC),after 1 January 2021.-
Types of cyber attack
In general, there are two categories of cyber attacks, which may affect companies and ships:
-untargeted attacks, where a company or a ship's systems and data are one of many potential targets
-targeted attacks, where a company or a ship's systems and data are the intended target.
Untargeted attacks are likely to use tools and techniques available on the internet, which can be used
to locate,discover and exploit widespread vulnerabilities that may also exist in a company and
onboard a ship. Examples of some tools and techniques that may be used in these circumstances
include:
-Malware.
- Malicious software which is designed to access or damage a computer without the knowledge of the
owner. There are various types of malware Including trojans, ransomware, spyware, viruses, and
worms.
-Phishing - Sending emails to a large number of potential targets asking for particular pieces of
sensitive or confidential information. Such an email may also request that a person visits a fake
website using a hyperlink included in the email.
-Water holing - Establishing à take website or compromising a genuine website to exploit visitors.
-Scanning - Attacking large portions of the internet at random.
Targeted attacks may be more sophisticated and use tools and techniques specifically created for
targeting a company or ship Examples of tools and techniques, which may be used in these
circumstances, include:
-Social engineering - A non-technical technique used by potential cyber attackers to manipulate
insider individuals into breaking security procedures, normally, but not exclusively, through
interaction via social media.
-Brute force - An attack trying many passwords with the hope of eventually guessing correctly. The
attacker systematically checks all possible passwords until the correct one is found.
-Denial of service (DoS) - Prevents legitimate and authorized users from accessing information, usually
by floodinga network with data. A distributed denial of service (DoS) attack takes control of multiple
computers and/or servers to implement a DoS attack.
-Spear-phishing - Like phishing but the individuals are targeted with personal emails, often containing
malicious software or links that automatically download malicious software.
-Subverting the supply chain - Attacking a company or ship by compromising equipment, software or
supporting services being delivered to the company or ship.

Cyber Attak

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cyber Attak

Uploaded by

Copyright:

Available Formats

15.Guidelines on Maritime Cyber Risk Management are lald down in MISC-FAL.I/Cire.3.

Vulnerable systems could include, but are not limited to:

Functional elements of cyber risk management:

Types of cyber attack

You might also like