Date(s) – 08/02/2022
10 a.m. – 4 p.m.
For more information, please contact:
E-mail: [email protected]
The course is designed to develop understanding and awareness of key aspects of cybersecurity in response to ships’ vulnerability to cybersecurity risks. Based on a risk-based approach to cybersecurity, shipowners and ship operators are informed on how to assess their operations and develop procedures and actions to maintain the security of cyber systems on board. The course will help the company to establish procedures, plans and instructions, if any, for the main relevant onboard operations.
According to IMO Directive MSC 96/4/1 of February 4, 2016, measures to enhance maritime safety have been introduced.
The course is designed to develop understanding and awareness of key aspects of cybersecurity in response to ships’ vulnerability to cyber risks and is not intended to provide technical advice to the ship or personnel on board.
Based on a risk-based approach to cybersecurity, shipowners and operators are advised on how to assess their operations and develop procedures and actions to maintain the security of cyber systems on board.
The course will help the company establish procedures, plans and instructions, including checklists, where applicable, for the main relevant onboard operations.
1) Introduction to cybersecurity on board
2) Identification and response to:
– Risks related to emails and how to behave in a safe way (phishing attacks where the user clicks on a link to a malicious site
– Risks related to the use of the Internet where the movements of data are less controlled and monitored (social networks, discussion forums, file storage in the cloud)
– Risks of using own devices (missing security patches and controls, such as antivirus) that can transfer risk to the environment they are connected to
– Risks related to the installation and maintenance of software on company hardware, where the infection can spread, from infected hardware (removable media) or software (infected package)
– Risks related to poor software and data security practices when no virus checks or authenticity checks are performed
4) Protect user information, passwords and digital certificates
5) Cyber risks related to the physical presence of non-company personnel, for example, when third-party technicians are left to work on equipment without supervision
6) Detect suspicious activity and how to report if a possible cyber incident is in progress.
7) Awareness of the consequences/impact of cyber incidents on the safety and operation of the vessel
8) Understand how to implement preventative maintenance routines such as antivirus and anti-malware, patches, backups, and incident response planning and testing
9) Procedures to protect removable media from service providers before they are allowed to be connected to ship’s systems