2. CYBER SECURITY
ONBOARD SHIPS
In reference to IMO
resolution:
1. MSC.428(98) –
Maritime Cyber Risk
Management in SMS
2. MSC-FAL. 1/Circ. 3 -
Guidelines On Maritime
Cyber Risk Management
And
BIMCO’s - The
Guidelines on Cyber
Security Onboard Ships
INTRODUCTION
• Ships are increasingly using systems that rely on digitization, digitalization,
integration, and automation, which call for cyber risk management on board.
• As technology continues to develop, information technology (IT) and
operational technology (OT) onboard ships are being networked together –
and more frequently connected to the internet.
• This brings the greater risk of unauthorized access or malicious attacks to
ship’s systems and networks.
• Risks may also occur from personnel accessing systems on board, for
example by introducing malware via removable media.
• Whilst the causes of a cyber safety incident may be different from a cyber
security incident, the effective response to both is based upon training and
awareness.
• Both cyber security and cyber safety are important because of their potential
effect on personnel, the ship, environment, company and cargo.
• Cyber security is concerned with the protection of IT, OT, Information and
data from unauthorized access, manipulation and disruption.
• Cyber safety covers the risks from the loss of availability or integrity of
safety critical data and OT.
3. MARITIME CYBER SECURITY INCIDENTS
9.00%
5.00%
7.00%
9.00%
9.00%
9.00%
12.00%
12.00%
12.00%
19.00%
21.00%
23.00%
28.00%
30.00%
44.00%
49.00%
0.00% 10.00% 20.00% 30.00% 40.00% 50.00% 60.00%
Other
Honeytrap/Honeypot
Loss of op. control
Data Manipulation
Network protocol
Brute force
Vulnerability exploitation
Procedure breach
Application level
Data theft
Man in the middle
Ransomware
Credential theft
Spear phishing
Malware
Phishing
Percentage
Nature of attack within the past 12 months
• 2018 IHS Market
Source: IHS Market
• Phishing, Spear phishing, and Malware continue to rank highest.
• Theft of credentials climbed the list from just a 2% response rate in 2017 to 28% in
2018, moving ahead of ransom ware, at 23%.
Source: Fairplay/BIMCO Maritime Cyber Security Survey
4. • A ship is an independent unit and a cyber attack may compromise the safety of that ship, the marine
environment and to some extent, the business continuity and reputation of the owner.
• In June 2017, A.P. Moller – Maersk fell victim to a major cyber attack caused by the Not Petya malware,
which also affected may organizations globally.
• As a result, Maersk’s operations in transport and logistics businesses were disrupted, leading to unwarranted
impact.
Impact of Cyber Attack
49,000 ALL
LAPTOPS INFECTED PRINT CAPABILITY
INACCESSIBLE
1200
APPLICATIONS WERE
INACCESSIBLE
1000
APPLICATIONS WERE
DESTROYED
FILE SHARES
UNAVAILABLE
5. • A ship with an integrated navigation bridge suffered a failure of nearly all navigation systems at sea, in a high
traffic area and reduced visibility.
• The ship had to navigate by one radar and backup paper charts for two days before arriving in port for repairs.
The cause of the failure of all ECDIS computers was determined to be attributed to the outdated operating
systems.
• During the previous port call, a producer technical representative performed a navigation software update on
the ship’s navigation computers. However, the outdated operating systems were incapable of running the
software and crashed.
• The Ship was required to remain in port until new ECDIS computers could be installed, classification
surveyors could attend, and a near miss notification had been issued as required by the company.
• The costs of the delays were extensive and incurred by the shipowner.
• This incident emphasized that not all computer failures are a result of a deliberate attack and that outdated
software is prone to failure.
• More proactive software maintenance to the ship may have prevented this incident from occurring.
Corruption of Chart Data
Virus Intrusion
• Ship communication equipment is not only a communication tool between ship and shore, but also essential
equipment for current navigation, such as weather routing, chart correction and PMS(Planned Maintenance
System).
• Along with the volume increase in ship communications, the number of ship systems that are prone to being
infected with a virus are also occurring more frequently, and the way in which viruses infect systems are now
more varied
6. 0
20
40
60
80
100
120
140
160
2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
8
15
20
24
36
48
53
61
65
76
126
144
Volume of ship communications (e-mail)
Graph 1 Volume of ship communications via e-mail by month over the last 12 years
7. Around year 2000
• Most vessels were not initially connected to an external network, potential virus blocked by the electric mail provider.
• Source of potential virus are people or crew boarding the ship.
Updating definition files
Ship’s local network
Virus from crew
E-mail with virus
Server scanning
8. Around year 2010
• Cases of virus intrusion, disrupting e-mail system.
• Result of crew members using 3G/4G when calling at port.
• Use of illegally copied software and from illegal download sites.
Ship’s local network
E-mail with virus
Server scanning
Updating definition files
Virus from crew
Private 3G/4G
connection by crew
9. Types of Cyber Risk
• External factors such as unauthorized
access and system hacking are mainly
the focus when it comes to cyber risk;
• It is important to consider internal
factors, such as the existence of
operation mistake and general system
failure.
External factors Internal factors
Unauthorized
access
VIRUSES
Social
Engineering Abuse Operation
Mistake
General
System
Failure
Cyber Security Attributes
Confidentiality
Possession
(for Control)
Safety
Resilience
Availability
(Including Reliability)
Authenticity
Utility
Integrity
Information
quality &
validity
Ship system
configuration
Continuity
Of ship’s
operations
Safety of
people &
assets
Controlling access to ship
& ship systems
operations
10. Confidentiality
• The control of access and prevention of unauthorized access to ship data, which
might be sensitive in isolation or in aggregate.
• The ship systems and associated processes should be designed, implemented,
operated and maintained to prevent unauthorized access, for example, sensitive
financial, security, commercial or personal data.
• The design, implementation, operation and maintenance of ship systems and
associated processes to prevent unauthorized control, manipulation or interference.
• An example would be the loss of an encrypted storage device – there is no loss of
confidentiality as the information is inaccessible without the encryption key, but the
owner or user is deprived of its contents.
Possession and Control
11. Integrity
• Maintaining the consistency, coherence and configuration of information and systems, and
preventing unauthorized changes to them.
• Prevent unauthorized changes being made to assets, processes, system state or the
configuration of the system itself.
• A loss of system integrity could occur through physical changes to a system.
Authenticity
• Ensuring that inputs to, and outputs from, ship systems, the state of the systems and any
associated processes and ship data, are genuine and have not been tampered with or modified.
• It should also be possible to verify the authenticity of components, software and data within
the systems and any associated processes.
• Authenticity issues could relate to data such as a forged security certificate or to hardware
such as a cloned device.
12. Utility
• Asset information and systems remain usable and useful across the lifecycle of the ship asset.
• An example of loss of utility would be a situation where a ship system has been changed or
upgraded and the file format of historic data is no longer intelligible to the system. There has
been no loss of availability, but the data is unusable.
Safety
• The design, implementation, operation, and maintenance of ship systems and related
processes to prevent the creation of harmful states which may lead to injury or loss of life, or
unintentional physical or environmental damage.
• A safety issue could arise through malware causing a failure to display or communicate ship
systems alarm states.
• For example, the failure of a motion or proximity detector or other sensors could result in
damage to property or loss of life.
Resilience
• The ability of the asset information and systems to transform, renew and recover in a timely
way in response to adverse events.
• In the event that either a system or associated process suffers disruption, impairment or an
outage occurs, it should be possible to recover a normal operating state, or acceptable
business continuity state, in a timely manner.
13. Guidelines on Maritime Cyber Risk Management
Safety Management System
• MSC. 428(98) encourages administrations to ensure that cyber risks are appropriately
addressed in SMS no later than the first annual verification of the company’s Document of
Compliance after 01 January 2021.
Maritime Cyber Risk Management
• In 2017, the IMO adopted resolution MSC. 428(98) on
Maritime Cyber Risk Management
• The Resolution stated that an approved SMS should be take
into account cyber risk management in accordance with the
objectives and functional requirements of the ISM Code.
14. Guidelines on Cyber Security Onboard Ships
• Aligned with IMO resolution MSC.428(98)
• Designed to assist companies in formulating their own approaches to cyber risk management
onboard ships.
• Provide practical recommendations on maritime cyber risk management covering both cyber
security and cyber safety.
• International shipping organizations, with support from a wide range of stakeholders have
participated in the development of these guidelines.
Guidelines on Cyber Security Onboard Ships
15. Ship Assets and Common Vulnerabilities
Communication System
• Integrated communication system
• Satellite communication equipment
• Voice over Internet Protocols equipment
• Wireless networks
• Public address and general alarm systems
• System used for reporting mandatory information to
public authorities
Bridge System
• Integrated Navigation System
• Positioning System, ECDIS, DP
• AIS, GMDSS, RADAR, VDR
• System that interface with electronic navigation system
and propulsion/maneuvering system
• Other monitoring and data collection systems
16. Access control System
• Surveillance systems such as CCTV network
• Bridge Navigational Watch Alarm System (BNWAS)
• Shipboard Security Alarm System (SSAS)
Propulsion and machinery management and
power control systems
• Engine governor
• Power management
• Integrated control system
• Alarm system
• Emergency response system
17. Administrative and crew welfare system
• Administrative systems
• Crew Wi-fi or LAN internet access, for example where onboard personnel can
connect their own devices
Cargo Management Systems
• Cargo Control room and it’s equipment
• On board loading computers and computers used for exchange of loading information
and load plan updates with the marine terminal and stevedoring company
• Remote cargo and container sensing system
• Ballast water system
• Water Ingress alarm system
18. Common vulnerabilities
• Obsolete and unsupported operating systems
• Outdated or missing antivirus software and protection from malware
• Inadequate security configurations and best practices, including ineffective network
management and the use of default administrator accounts and passwords
• Shipboard computer networks, which lack boundary protection measures and
segmentation of networks
• Safety critical equipment or system always connected with the shore side
• In adequate access controls for third parties including contractors and service providers
19. Threats and Potential Consequences
Group Motivation Objective
Activist
(Including disgruntled
employees)
Reputational damage
Disruption of Operation
Media attention
Denial of access to the
service or system targeted
Criminals Financial gain
Commercial espionage
Industrial espionage
Selling stolen data
Ransoming stolen data
Ransoming system
Operability
Arranging fraudulent
transportation of cargo
Gathering intelligence for
more sophisticated crime,
exact cargo location, ship
transportation and handling
plans etc.
20. Threats and Potential Consequences
Group Motivation Objective
Opportunists The challenge Getting through cyber
security defenses
Financial gain
States
State sponsored
organizations
Terrorist
Political gain
Espionage
Gaining knowledge
Disruption to economies
and critical national
infastructure
21. • Connecting a personal
wireless router or PC to
the isolated network
reserved for operational
equipment is a major
security risk.
CYBER ATTACK – TOOLS AND TECHNIQUES
MIXING ISOLATED AND OPEN NETWORKS
• Hackers can invade your
systems by exploiting an
open wireless network or
one with low level security.
• They can literally sit outside
your ship’s physical location
and access critical onboard
systems through wireless
networks
22. • Connecting Personal Device to
Official System
• Opening Phishing E-mail/SMS
in personal device
• Transfer of Virus to shore
based systems
• Transfer of Virus to shore
based server
• Hacking data from shore office
servers
23. Removable Media / External Hardware
• External hard drives such as USB sticks, camera
memory cards and smart phones: perfect storage
tools for anyone to spread their malware and virus
making it possible to physically cross network
barriers that are otherwise protected by network
firewalls.
Ransomware
• Ransomware encrypts files on a computer and
demands that you pay to unlock your files. Once
the malicious software has infected one computer,
be it a personal or company computers it may
spread to others connected to the same network,
quickly making it impossible to perform common
tasks.
24. Untargeted attacks
• Where a company or a ship’s systems and data are one of many potential targets
• Untargeted attacks are likely to use tools and techniques available on the internet,
which can be used to locate, discover and exploit widespread vulnerabilities that
may also exist in a company and onboard a ship
Targeted attacks
• Targeted attacks, where a company or a ship’s systems and data are the intended target.
• Targeted attacks may be more sophisticated and use tools and techniques specifically
created for targeting a company or ship.
25. Malware
• Malicious software which is designed to access or damage a computer without the
knowledge of the owner.
• There are various types of malware including Trojans, ransomware, spyware,
viruses, and worms.
• Ransomware encrypts data on systems until a ransom has been paid. Malware
may also exploit known deficiencies and problems in outdated/unpatched
business software.
• A piece of malicious code may often be executed by the user, sometimes via links
distributed in email attachments or through malicious websites.
Phishing
• Sending emails to a large number of potential targets asking for particular pieces
of sensitive or confidential information.
• Such an email may also request that a person visits a fake website to exploit
visitors.
27. • Unauthorized access and manipulation of operational systems can create
dangerous situations.
• The navigation system can also be manipulated by electronic GPS spoofing
devices sending incorrect GPS signals, telling you that you are in a different
position than what is the actual case.
• This Type of attack does not require access to the vessel’s network or internal
systems.
Tampering with Navigation System
• When an individual’s or company’s data is copied, transferred, or retrieved from a
computer or server without authorization.
• Attack mimics normal data traffic and can be very difficult to detect.
• Data theft is achieved by hackers when systems rely on vendor-set, common, or
easy-to-crack passwords.
Data Theft
28. • One of the most common forms of cyber crime is social engineering.
• This is the art of manipulating people by using methods like urgency, fear, and
curiosity.
• Reveals confidential information that can be used to gain unauthorized access to
personal or company systems.
Social Engineering/Phishing
Brute Force
• An attack trying many passwords with the hope of eventually guessing correctly.
• The attacker systematically checks all possible passwords until the correct one is
found.
29. • A distributed denial of service (DDoS) attack is when an attacker, attempts to
make it impossible for a service to be delivered.
• DoS/DDoS attacks work by drowning a system with data request.
• The result is unavailable internet bandwidth, and CPU and RAM capacity
becomes overwhelmed/unavailable.
Denial of Service (DoS/DDoS
Spear-phishing
• Like phishing but the individuals are targeted with personal emails, often
containing malicious software or links that automatically download malicious
software.
Subverting the supply chain
• Attacking a company or ship by compromising equipment, software or supporting
services being delivered to the company or ship.
30. Stages of Cyber Attack
• In 2018, it took on average 140 days between time of infection of a victim’s
network and discovery of a cyber attack, intrusion can go undetected for years.
• This figure is down from 205 days in 2015 and continues to drop because
detection is getting better.
Time of infection and discovery
Cyber attack stages
• The length of time to prepare a cyber attack can be determined by:
- the motivations and objectives of the attacker;
- the resilience of technical and procedural cyber risk controls implemented by
the company including those onboard its ships.
31. • Open/public sources are used to gain information about a company, ship or
seafarer in preparation for a cyber attack.
• Social media, technical forums and hidden properties in websites documents and
publications may be used to identify technical, procedural and physical
vulnerabilities.
• The use of open/public sources may be complemented by monitoring (analyzing-
sniffing) the actual data flowing into and from a company or a ship.
Survey/Reconnaissance
Delivery
• Attackers may attempt to access the company’s and ship’s systems and data.
• This may be done from either within the company or ship or remotely through
connectivity with the internet.
32. • Company online services, including cargo or container tracking systems.
• Sending emails containing malicious files or links to malicious websites.
• Personnel providing infected removable media, for example as part of a software
update to an onboard system
• Creating false or misleading websites, which encourage the disclosure of user
account information by personnel.
Examples of methods used to obtain access:
Breach
• The extent to which an attacker can breach a company’s or ship’s system will
depend on the significance of the vulnerability found by an attacker and the
method chosen to deliver an attack.
• It should be noted that a breach might not result in any obvious changes to the
status of the equipment.
• Depending on the significance of the breach, an attacker may be able to:
- make changes that affect the system’s operation, for example interrupt or
manipulate information used by navigation equipment, or alter operationally
important information such as loading lists.
33. - gain access to commercially sensitive data such as cargo manifests and/or crew
and passenger/visitor lists.
- Achieve full control of a system, for example a machinery management system
Pivot
• Pivoting is the technique of using an instance already exploited to be able to
“move” and perform activities.
• During this phase of an attack, an attacker uses the first compromised system to
attack otherwise inaccessible systems.
• An attacker will usually target the most vulnerable part of the victim’s system
with the lowest level of security. Once access is gained then the attacker will try
to exploit the rest of the system.
34. Usually, in the Pivot phase, the attacker may try to:
- upload tools, exploit and scripts in the system to support the attacker in the
new attack phase.
- execute a discovery of neighbor systems with scanning or network mapping tools.
- install permanent tools or a key logger to keep and maintain access to the system.
- execute new attacks on the system.
Cyber Security Protection Measures
Threats
• Malicious actions (e.g. hacking or introduction of malware).
• Unintended consequences of benign actions (e.g. software maintenance or user permissions).
• In general, these actions expose vulnerabilities (e.g. outdated software or ineffective
firewalls) or exploit a vulnerability in operational or information technology.
• Effective cyber risk management should consider both kinds of threat.
35. Cyber Security Protection
• The collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies that
can be used to protect the cyber environment and organization and user’s assets.
What to
protect?
Ship, platform, organization,
people
What to
Protect against?
Terrorists, cyber crime
How to
protect?
People, Processes and
Technology
Assets Threats Protective measures
Vulnerability and
Risk assessment
Probability
Detection, testing,
monitoring, review
Acceptable
risk?
36. Lack of access control
to computers and
networks
Networks not
Segregated
Lack of intrusion
detection
Low quality hardware
used to construct
networks
Outdated/unpatched
software
Lack of cyber security
and safety policies
Obsolete Operating
Systems
37. Elements of Cyber Risk Management
1. Identify: Define personnel roles and responsibilities for cyber risk management and
identify the systems, assets, data and capabilities that, when disrupted, pose risks to
ship operations.
2. Protect: Implement risk control processes and measures
3. Detect: Develop and implement activities necessary to detect a cyber-event in a
timely manner.
4. Respond: Develop and implement activities and plans to provide resilience and to
restore systems necessary for shipping operations or services impaired due to a
cyber-event.
5. Recover: Identify measures to back-up and restore cyber systems necessary for
shipping operations impacted by a cyber-event.
38. Procedural Controls
Procedural controls are focused on how personnel use the onboard systems.
• Plans and procedures that contain sensitive information should be kept confidential and
handled according to company policies
• Personnel have a key role in protecting IT and OT systems but can also be careless
• For example by using removable media to transfer data between systems without taking
precautions against the transfer of malware.
Training and Awareness
Limiting Access for Visitors
• Visitors such as authorities, technicians, agents, port and terminal officials, and owner
representatives should be restricted with regards to computer access while on board.
• Unauthorized access to sensitive OT network computers should be prohibited.
• If access to a network by a visitor is required and allowed, then it should be restricted in
terms of user privileges.
39. • Access to certain networks for maintenance reasons should be approved and coordinated
following appropriate procedures as outlined by the company/ship operator.
• If a visitor requires computer and printer access, an independent computer, which is air-
gapped from all controlled from all controlled networks, should be used.
• To avoid unauthorized access, removable media blockers should be used on all other
physically accessible computers and network ports.
Upgrades and Software Maintenance
Hardware or software that is no longer supported by tis producer or software developer will
not receive updates to address potential vulnerabilities, should be carefully evaluated by the
company.
• Relevant hardware and software installations should be updated.
• Procedures for timely updating of software.
• Software includes computer operating systems.
• Routers, switches and firewalls, and various OT devices may require regular updates.
40. Anti-virus and anti-malware tool updates
• In order for scanning software tools to detect and deal with malware, they need to be
updated.
• Procedural requirements should be established to ensure updates are distributed to ships
on a timely basis and that all relevant computers on board are updated.
Control over remote access
Policy and procedures should be established for control over remote access to onboard IT
and OT systems.
• Who has permission to access
• When they can access
• What they can access
• Co-ordination with the ship’s master and other key senior ship personnel
• Remote access occurrence should be recorded for review
41. Limit of administrator privileges
Access to information should only be allowed to relevant authorized personnel.
• Appropriately trained personnel
• Limited to functions requiring such access
• Expiration of user privileges
• Change user account name when for each change of authorized personnel
Physical and removable media controls
• When transferring data from uncontrolled systems to controlled systems, there is a risk of
introducing malware.
• Removable media can be used to bypass layers of defenses and attack systems that are
otherwise not connected to the internet.
• A clear policy for the use of such media devices is important.
42. Equipment disposal, including destruction
• Obsolete equipment can contain data which is commercially sensitive or confidential.
• Prior to disposal of the equipment, the company should have a procedure in place to
ensure that the data held in obsolete equipment is properly destroyed and cannot be
retrieved.
Shore support and contingency plans
• Ships should have access to technical support in the event of a cyber attack.
• Details of this support and associated procedures should be available on board.
43. • When travelling around with the WiFi turned on but disconnected from a network, it will
broadcast a list of access points it has previously been connected to.
• In the possibility of an attacker intercepting the broadcast, it will be easy for them to
connect to the device, monitor traffic and collect data.
WiFi
• Free wifi in airports, public places, shipping ports etc. are not secure and can be accessed
by anyone.
• There is always a danger of cyber attacks in such open and vulnerable systems.
Personal Cyber Security
Free WiFi
44. • Although Bluetooth attacks are a rare case, they can easily occur.
• The majority of Bluetooth attacks steal information from the device, such as files or
contacts or monitoring your communications through a headset or microphone.
• Keep Bluetooth off when not used.
Bluetooth
• Camera is commonly used in penetration testing to demonstrate how invasive malware
can be controlled by a human attacker.
• A quick solution is a small square piece of opaque sticky tape. It’s also easy to remove if
you want to have a video chat and replace when you’re done.
Cameras
45. • In some past incidences, free pen-drives/flash drives were offered to seafarers by
unknown people as gifts when crew members visited seafarer clubs.
• It is natural not to be suspicious in such places/institutions; however, seafarers have been
taken advantage of during such visits.
Free gadgets
• Your whole drive should be encrypted, and
most popular operating systems now
provide this feature.
• In this case where your computer
physically fall into the wrong hands,
information cannot simply be copied from
the hard drive.
Drive Encryption
46. • The files run in a computer could be stored locally on a drive, on a USB key, a
mobile device or on a cloud drive.
• The solution is the same at the Drive Encryption. Meaning that one should better
encrypt the files with something strong enough that, if they ever lose the key, the
files are gone forever.
File Encryption
Email Encryption
• Personal email encryption is generally beyond what the average user is willing to do
• Yet, the user benefits from having their email encrypted at rest. Therefore, even if
the email server gets attacked, the email is unreadable to the attacker.
47. • Shor Messaging Service or SMS is also a popular way to infect the mobile device of
seafarers.
• The message may contain a free or lucrative offer along with a link which will lure the
reader to click it. Once the link is clicked, a malicious virus will get installed on the
mobile phone.
• If the same phone is connected to another device (e.g. seafarer’s personal computer), it
will get transferred to it; whereas, if the seafarer uses a pen drive to copy an important
file to the ship’s computer, the virus will get into the pen drive and then to the ship’s
computer without the seafarers knowing about it.
Short Messaging Service
48. • Scan for viruses and malware before you
connect authorized USB memory sticks to
onboard OT and other networked systems.
• Personal laptops, tablets USB memory sticks
or phones must not be connected to onboard
operational system.
Keep Unauthorized Software
away from ship systems!
POTENTIAL
THREATS
49. • Keep your crew and any passengers safe-
train for what to do if important OT systems
do not work.
• Know where to get IT and OT assistance.
• Report suspicious or unusual problems
experienced on IT and OT systems.
BE PREPARED!
INCIDENTS
50. • Use new passwords every time you sign on to a ship
• Choose complex passwords with Numbers,
Symbols, and some Capital letters. Be careful, you
have to be able to remember them.
• Keep your user names and passwords to yourself
• Change default user passwords and delete user
accounts of colleagues who have left the ship.
BE IN CONTROL!
PASSWORD
PROTECTION
*****
PASSWORD
51. BE VIGILANT WHEN YOU
COMMUNICATE!
SUSPICIOUS
ACTIVITY
• Only open emails or open attachments from
senders that you know and trust.
• Know what to do with suspicious emails.
• Think before you share information on social
media or personal email about your company,
job, ship or the crew.
52. “This bulletin is to inform the maritime industry of recent email phishing and malware
intrusion attempts that targeted commercial vessels. Cyber adversaries are attempting to
gain sensitive information including the content of an official Port State Control(PSC)
authority such as: port@ pscgov.org. Additionally, the Coast Guard has received reports of
malicious software designed to disrupt shipboard computer systems.
Vessel masters have diligently reported suspicious activity to the Coast Guard National
Response Center (NRC) in accordance with Title 33 Code of Federal Regulations
(CFR)101.305 – Reporting, enabling the Coast Guard and other federal agencies to counter
cyber threats across the global maritime network. Suspicious activity and breaches of
security must be reported to the NRC at (800) 424-8802.”
Source: U.S.C.G. MARINE SAFETY INFORMATION BULLETIN, 24 MAY 2019
MARINE SAFETY INFORMATION BULLETIN
Cyber Adversaries Targeting Commercial Vessels
53. “ In February 2019, a deep draft vessel on an international voyage bound for the Port of
New York and New Jersey reported that they were experiencing a significant cyber incident
impacting their shipboard network. An interagency team of cyber experts, led by the Coast
Guard, responded and conducted an analysis of the vessel’s network and essential control
systems.
The team concluded that although the malware significantly degraded the functionality of
the onboard computer system, essential vessel control systems had not been impacted.
Nevertheless, the interagency response found that the vessel was operating without
effective cybersecurity measures in place, exposing critical vessel control systems to
significant vulnerabilities.”
SOURCE:U.S.C.G. MARINE SAFETY INFORMATION BULLETIN, 08 JULY 2019
Marine Safety Alert
Cyber Incident Exposes Potential Vulnerabilities Onboard Commercial Vessels
Inspections and Compliance Directorate