Рабочая книга по кибербезопасности для использования на борту судна, 3-е изд. 2022 г. на английском языке


   
 
 

Cyber Security Workbook for On Board Ship Use, 3rd Edition Edition 2022

List of Checklists provided within this Workbook

Abbreviations/Definitions

Section 1 – Introduction
1.1 Cyber Security Risk Management – IMO Requirements and Guidelines
1.1.1 Supporting Regulatory Guidelines
1.2 Cyber Outlook for Shipping
1.3 Purpose of this Workbook
1.4 Checklists

Part I – Onboard Practical Considerations

Section 2 – Identifying Risks
2.1 Vulnerable Ship Systems
2.2 What is a Cyber Attack?
2.2.1 Attacker Profiles

Section 3 – Protection, Prevention and Training
3.1 Prevention of Malware Attacks
3.2 Software Updates
3.3 Endpoint Protection
3.3.1 Anti-virus
3.4 Passwords
3.4.1 Creating Passwords
3.4.2 Managing Passwords
3.4.3 User names
3.5 Cyber Security and the SMS
3.5.1 Cyber Security and the Ship Security Plan (SSP)
3.6 Crew Considerations and Training
3.6.1 Key Aspects of Crew Training
3.6.2 Unintentional Cyber Breaches by the Crew
3.6.3 Evaluating crew
3.6.4 Training for Non-Crew Members
3.6.5 Designing a Training Programme
3.6.6 Cyber Security Drills
3.6.7 Cyber Security Familiarisation
3.6.8 Example of a Cyber Security Familiarisation Checklist for New Crew Members
3.6.9 Social Media
3.6.10 Travelling in Cyber Safe Mode
3.6.11 Crew Training Cyber Security Checklist
3.7 Ship Inspections and Port State Control
3.7.1 Port State Control Inspections

Section 4 – Detect, Respond and Recover: General Principles
4.1 Detecting a Cyber Incident
4.2 Detecting a Cyber Incident Checklist
4.3 Incident Response
4.3.1 Third Party Support
4.3.2 Cyber Recovery Plan
4.3.3 Backups
4.4 Responding to a Cyber Incident On Board Checklist

Section 5 – Detect, Respond and Recover: Ship’s Business Systems
5.1 Onboard Business Computers
5.1.1 USB Ports and Drives
5.1.2 USB Port Blockers
5.1.3 USB Cleaning Stations
5.1.4 Personal Devices and USB Ports
5.1.5 Onboard Business Computer Checklist
5.2 Network Segregation On Board
5.2.1 Existing/Simple Networks
5.2.2 Segregated Networks
5.2.3 Achieving a Segregated Network
5.2.4 Maintaining a Segregated Network
5.2.5 Benefits of Network Segregation
5.2.6 Vulnerable Systems On Board
5.3 Network Segregation Checklist
5.4 Wireless Networks
5.4.1 Business WiFi
5.4.2 Crew WiFi
5.4.3 Guest Access
5.4.4 WiFi Network Security
5.4.5 Virtual Private Network (VPN)
5.4.6 Networks (Wireless and Wired)
5.5 Satellite Communications Equipment
5.5.1 Satcom Passwords
5.5.2 Admin Password Security
5.5.3 Confirming that the Satcom System is Not Available from the Public Internet
5.5.4 Is the Software Running on the Satcom System Kept Up to Date?
5.5.5 Applying Updates to Satellite Terminals
5.5.6 Physical Security of the Satellite Terminal
5.5.7 Software Security of the Satellite System
5.5.8 Satellite Communications Checklist
5.6 Mobile (Cellular) Data Connections
5.7 Connecting to Shore WiFi in Port
5.7.1 Crew Connecting to WiFi Ashore
5.7.2 Shore WiFi in Port/Shore Cellular Data Checklist

Section 6 – Detect, Respond and Recover: OT Systems
6.1 Understanding OT Systems
6.2 Engine Department Considerations
6.3 OT Systems Checklist for Crew
6.4 ECDIS Security
6.4.1 Updates
6.4.2 Physical Security
6.4.3 ECDIS Recovery
6.4.4 Recognising Genuine NAVTEX Messages
6.4.5 ECDIS Cyber Security Checklist
6.5 GNSS Security
6.5.1 GNSS Input Data
6.6 Cyber Security Checks on the Navigation Bridge during Watchkeeping

Part II – IT Department and Shoreside Management

Section 7 – Key Considerations
7.1 Cooperation between the office IT department and the technical department
7.1.1 New build or retrofit project
7.1.2 Securing the supply-chain
7.1.3 Cyber-security Working Group
7.2 Cooperation between the office and the ship crew
7.2.1 Maritime Cyber Security Management
7.2.2 Cyber Security and the Safety Management System (SMS)
7.2.3 Cyber Security and the Ship Security Plan (SSP)
7.2.4 Onboard resources according to the ship types
7.3 Ship’s Network Architecture
7.3.1 IDMZ
7.3.2 Data Diodes (unidirectional gateways)

Section 8 – OT Systems Management
8.1 OT Asset Management and Risk Assessment
8.1.1 Asset Management
8.1.2 Asset Risk Assessment
8.1.3 Asset Management and Risk Assessment Checklist
8.2 Securing OT Systems
8.3 Securing the Ethernet IP Network Used by OT Systems
8.3.1 Converter Security
8.4 Intrusion Detection Systems (IDS)
8.5 OT Systems Checklist for IT Department

Section 9 – IT Systems Management
9.1 Remote Access
9.1.1 Remote Access Checklist
9.2 Vulnerability Scanning
9.3 Disaster Recovery/Backup
9.4 Uninterruptible Power Supply (UPS) for IT/OT systems

Annexes
Annex 1 – Cyber Security Assessment
Annex 2 – Model Cyber Security Plan
Annex 3 – Checking for Windows Updates
Annex 4 – Creating User Accounts
Annex 5 – Checking for Segregated Networks
Annex 6 – How to Check that Anti-virus Software Updates are Applied
Annex 7 – Planning a Crew Training Session
Annex 8 – NMEA 0183
Annex 9 – Regional Regulatory Guidance
Annex 10 – Further Resources
Цена: 25400.00 руб.

Относительно опубликованного ИМО в ноябре нового издания Load Lines Convention 1966, 2021 Edition


(см. https://wwwcdn.imo.org /localresources/en /publications /Documents/Newsletters%20and%20Flyers /Flyers/IC701E.pdf) сообщаем, что включенные в него в дополнение к предыдущему изданию отдельные интерпретации Правил уже были включены в изданные ЦНИИМФ соответствующие Сборники Резолюций ИМО, а именно:


  • ЦИРКУЛЯР Circ.1508 – в Сборник №53
  • ЦИРКУЛЯР Circ.1534 – в Сборник №55
  • ЦИРКУЛЯР Circ.1535 – в Сборник №55
  • ЦИРКУЛЯР Circ.1535/Rev.1 – в Сборник №63


В связи с этим переиздание вып. 29 Серии «Судовладельцам и капитанам» Международная конвенция о грузовой марке 1966г, изм. Протоколом 1988 г к ней (КГМ-66/88), англо-русское 5-е изд. АО "ЦНИИМФ" 2019 г. считаем нецелесообразным.



Информер праздники сегодня
© 2002-2013, Морсар © 2002-2013, HyperMethod