Cyber Security Workbook for On Board Ship Use, 1st Edition 2019

  • $315.95
  • $289.95


This workbook is a practical, straightforward and easy to understand guide to support the Master and the ship’s crew with cyber security risk management. Along with detailed guidance on all aspects of cyber security protection, defence and response, the book contains comprehensive checklists to assist with the day to day management of onboard cyber security. It will also benefit shipowners, ship managers, ports and their IT departments.

Resolution MSC.428(98) advises administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.

In recent years, the shipping industry has undergone a digital revolution: internet connectivity on board has become common and ship’s systems are increasingly digitised and integrated. With this growing level of connection, comes greater risk. Ships are now a common target for hackers worldwide and it has become crucial that the entire crew has an understanding of how and when cyber attacks can occur.

Using detailed, step by step checklists, Cyber Security Workbook for On Board Ship Use provides a ship’s crew with the practical skills to identify cyber risks and to protect vulnerable onboard systems. It also gives guidance on how best to detect, respond and recover in the event of a cyber attack.

This publication has been produced by BIMCO, ICS (International Chamber of Shipping) and Witherby Publishing Group.



Section:1 – Introduction

Section:2 – Identifying Risks

2.1 Vulnerable Ship Systems
2.2 What is a Cyber Attack?
2.2.1 Attacker Profiles
2.2.2 Types of Cyber Attack
2.3 Cyber Security Risk Management

Section:3 – Protection, Prevention and Training

3.1 Prevention of Malware Attacks
3.2 Software Updates
3.3 Endpoint Protection
3.3.1 Anti-virus
3.4 Passwords
3.5 Cyber Security and the SMS
3.5.1 Cyber Security and the Ship Security Plan (SSP)
3.6 Crew Training
3.6.1 Cyber Security Familiarisation
3.6.2 Ship Cyber Response Drill
3.6.3 Crew Training Cyber Security Checklist

Section:4 – Detect, Respond and Recover: General Principles

4.1 Detecting a Cyber Incident
4.2 Detecting a Cyber Incident Checklist
4.3 Incident Response
4.3.1 Cyber Recovery Plan
4.4 Responding to a Cyber Incident On Board

Section:5 – Detect, Respond and Recover: Ship’s Business Systems

5.1 Onboard Business Computers
5.1.1 USB Ports and Drives
5.1.2 Personal Devices and USB Ports
5.1.3 Onboard Business Computer Checklist
5.2 Network Segregation On Board
5.3 Network Segregation
5.4 Wireless Networks
5.4.1 Business WiFi
5.4.2 Crew WiFi
5.4.3 Guest Access
5.4.4 WiFi Network Security
5.4.5 Virtual Private Network (VPN)
5.4.6 Networks (Wireless and Wired)
5.5 Satellite Communications Equipment
5.5.1 Satellite Communications
5.6 Cellular Data Connections
5.7 Connecting to Shore WiFi in Port
5.7.1 Shore WiFi in Port Checklist

Section:6 – Detect, Respond and Recover: OT Systems

6.1 Understanding OT Systems
6.1.1 OT Systems Checklist for Crew
6.2 ECDIS Security
6.2.1 Recognising Genuine NAVTEX Messages
6.2.2 ECDIS Cyber Security Checklist
6.3 GNSS Security
6.3.1 Cyber Security Checks on the Nav Bridge during Watchkeeping
6.4 Engine Department Considerations

Section:7 – OT Cyber Security: Onshore Office and IT Department Considerations

7.1 Ship’s Architecture and the IDMZ
7.2 Asset Management
7.3 How is Data Transmitted?
7.3.1 Convertor Security
7.4 OT Systems Risk Assessment
7.5 Securing OT Systems
7.6 OT Systems Checklist for IT Department/Onshore Office


Annex 1 – Regional Regulatory Guidance
Annex 2 – Checking for Windows Updates
Annex 3 – Creating User Accounts
Annex 4 – Checking for Segregated Networks
Annex 5 – How to Check that Anti-Virus Software Updates are Applied
Annex 6 – Understanding NMEA 0183
Annex 7 – EXAMPLE Cyber Security Familiarisation Checklist for New Crew Members
Annex 8 – Abbreviations/Definitions
Annex 9 – Further Resources



In 2017, the International Maritime Organization (IMO) adopted Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems (SMS).This Resolution states that an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code. It encourages administrations to ensure that cyber risks are appropriately addressed in the SMS no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

Version 3 of ‘The Guidelines on Cyber Security Onboard Ships’, which was produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF and the WSC, provides guidance on maritime cyber risk management. While primarily aimed at addressing the safety consequences of cyber incidents on board ship, the principles and protection measures in the Guidelines are equally applicable to all organisations in the maritime industry.

These guidelines are aligned with IMO Resolution MSC.428(98) and the IMO’s guidelines.They provide practical recommendations on maritime cyber risk management and should be read in conjunction with this workbook.

Cyber outlook for shipping

While shore based advances in internet connectivity have been substantial over the last 20 years, shipboard access to the internet has not developed at the same rate. However, due to the increased availability of affordable VSAT communications this is improving and the world fleet is increasingly better connected. In the Futurenautics Crew Connectivity Survey in 2015, it was estimated that the average availability of internet access across all fleet sectors stood at 43%. By 2018 this figure had almost doubled to 75% and it continues to rise.

However, with the comparatively rapid increase in internet connected ships comes an increased risk of cyber incidents. Existing PCs on board are often dated and are networked with no added security protocols. On board, dedicated cyber security procedures and adequate crew training are often lacking.



Title: Cyber Security Workbook for On Board Ship Use. 1st Edition 2019.
Number of Volumes: 1
Number of Pages: 260
Product Code: WS1728K
Published Date: November 2019
Binding Format: Hardback