Cyber Security Workbook for On Board Ship Use, 4th Edition 2023

Sale price
List price
Media Book
SKU 9781914992872
Publisher Witherby Seamanship International
ISBN 9781914992872
Pickup available at 3311 S. Andrews Ave.

Usually ready in 24 hours

View store information


Cyber risk management should be an inherent part of safety and security and should be considered at all levels of the company, including senior management ashore and onboard personnel.

This Workbook provides guidance on maritime cyber risk management and has been designed as an accessible resource for the Master and officers on board ship (Part One – Onboard Practical Considerations). It facilitates collaboration between individual ships, onshore IT departments and equipment manufacturers (Part Two – Shore Management Considerations). The Workbook is aligned with IMO Resolution MSC.428(98) and may also be useful to the wider maritime industry.

The fourth edition has been produced and supported by BIMCO, Chamber of Shipping of America, Digital Containership Association, International Association of Dry Cargo Shipowners (INTERCARGO), InterManager, International Association of Independent Tanker Owners (INTERTANKO), International Chamber of Shipping (ICS), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), Superyacht Builders Association (SYBAss) and World Shipping Council (WSC).






Section 1 – Introduction

1.1 Cyber Security Risk Management – IMO Requirements and Guidelines

1.1.1 Supporting Regulatory Guidelines

1.1.2 Regional Regulatory Guidelines

1.2 Cyber Outlook for Shipping

1.3 Purpose of this Workbook

1.4 Checklists

Part One – Onboard Practical Considerations

Section 2 – Identifying Risks

2.1 Vulnerable Ship Systems

2.2 What is a Maritime Cyber Attack?

2.3 Threats

2.3.1 Types of Cyber Attack

2.3.2 Social Engineering

Section 3 – Protection, Prevention and Training

3.1 Prevention of Malware Attacks

3.2 Software Updates

3.3 Endpoint Protection

3.3.1 Anti-virus

3.3.2 Checking for Anti-virus Software Updates

3.4 Passwords

3.4.1 Creating Passwords

3.4.2 Managing Passwords

3.4.3 Handover of Passwords

3.4.4 User Names

3.5 Cyber Security and the SMS

3.5.1 Cyber Security and the Ship Security Plan (SSP)

3.6 Crew Considerations and Training

3.6.1 Key Aspects of Crew Training

3.6.2 Cyber Security Familiarisation for Crew

3.6.3 Training for Non-crew Members

3.6.4 Designing a Training Programme

3.6.5 Unintentional Cyber Breaches by the Crew

3.6.6 Planning a Crew Training Session

3.6.7 Cyber Security Drills

3.6.8 Social Media

3.6.9 Travelling in Cyber Safe Mode

3.7 Ship Inspections and Port State Control

3.7.1 Port State Control Inspections

3.7.2 Other Inspections

Section 4 – Detect, Respond and Recover: General Principles

4.1 Detecting a Cyber Incident

4.2 Incident Response

4.2.1 Third Party Support

4.2.2 Cyber Recovery Plan

4.2.3 Backups

Section 5 – Ship’s Business Systems

5.1 Onboard Business Computers

5.1.1 USB Ports and Drives

5.1.2 USB Port Blockers

5.1.3 USB Cleaning Stations

5.1.4 Tablets

5.1.5 Personal Devices and USB Ports

5.2 Network Segregation On Board

5.2.1 Existing/Simple Networks

5.2.2 Segregated Networks

5.2.3 Achieving a Segregated Network

5.2.4 Maintaining a Segregated Network

5.2.5 Benefits of Network Segregation

5.2.6 Vulnerable Systems On Board

5.3 Wireless Networks

5.3.1 Business WiFi

5.3.2 Crew WiFi

5.3.3 Guest Access

5.3.4 WiFi Network Security

5.3.5 Virtual Private Network (VPN)

5.4 Satellite Communications Equipment

5.4.1 Satcom Passwords

5.4.2 Satcom Visibility on the Public Internet

5.4.3 Satcom Software Updates

5.4.4 Physical Security of the Satellite Terminal

5.4.5 Software Security of the Satellite System

5.5 Mobile (Cellular) Data Connections

5.6 Connecting to Shore WiFi in Port

5.6.1 Crew Connecting to WiFi Ashore

5.7 Passenger Ships

Section 6 – OT Systems

6.1 Understanding OT Systems

6.2 Engine Department Considerations

6.3 Cargo Management

6.4 ECDIS Security

6.4.1 Updates

6.4.2 Physical Security

6.4.3 ECDIS Recovery

6.4.4 Recognising Genuine NAVTEX Messages

6.5 GNSS Security

6.5.1 GNSS Input Data

6.6 Other Bridge Systems

6.6.1 VDR

6.6.2 AIS

Part Two – Shore Management Considerations

Section 7 – Key Considerations

7.1 Cooperation Between the Office IT Department and the Technical Department

7.1.1 New Build or Retrofit Project

7.1.2 Securing the Supply Chain

7.1.3 Cyber Security Working Group

7.2 Cooperation Between the Office and the Ship’s Crew

7.2.1 Maritime Cyber Security Management

7.2.2 Cyber Security and the Safety Management System (SMS)

7.2.3 Cyber Security and the Ship Security Plan (SSP)

7.2.4 Onboard Resources According to Ship Type

7.3 Ship’s Network Architecture

7.3.1 IDMZ

7.3.2 Data Diodes (Unidirectional Gateways)

Section 8 – OT Systems Management

8.1 OT Asset Management and Risk Assessment

8.1.1 Asset Management

8.1.2 Asset Risk Assessment

8.2 Securing OT Systems

8.3 Securing the Ethernet IP Network Used by OT Systems

8.3.1 Converter Security

8.4 Intrusion Detection Systems (IDS)

Section 9 – IT Systems Management

9.1 Remote Access

9.2 Vulnerability Scanning

9.3 Penetration (Pen) Testing

9.4 Disaster Recovery/Backup

9.5 Uninterruptible Power Supply (UPS) for IT/OT Systems


Checklist 1 – Example of Cyber Security Familiarisation for New Crew Members

Checklist 2 – Cyber Security Crew Training

Checklist 3 – Detecting a Cyber Incident

Checklist 4 – Responding to a Cyber Incident On Board

Checklist 5 – Onboard Business Computer

Checklist 6 – Network Segregation

Checklist 7 – Networks (Wireless and Wired)

Checklist 8 – Satellite Communications

Checklist 9 – OT Systems for Crew

Checklist 10 – ECDIS Cyber Security

Checklist 11 – Cyber Security Checks on the Navigation Bridge during Watchkeeping

Checklist 12 – Asset Management and Risk Assessment

Checklist 13 – OT Systems for IT Department

Checklist 14 – Remote Access


Annex 1 – Cyber Security Assessment

Annex 2 – Creating a Cyber Security Plan

Annex 3 – Creating User Accounts

Annex 4 – Checking for Segregated Networks

Annex 5 – NMEA 0183

Annex 6 – Regional Regulatory Guidance

Annex 7 – Further Resources



Harvesting the full potential of data gathering with the implementation of digital technologies and improved connectivity can certainly bring commercial benefits. However, in parallel, cyber criminals are refining their methods and developing techniques that cause disruptions to business and create hazardous situations for ships, their crew, the environment and the cargo.

Building on the latest Guidelines on Cyber Security Onboard Ships (version 4), the Cyber Security Workbook for On Board Ship Use goes one step further and translates the high-level guidelines into operational tools and checklists for use on board ships. The Workbook is an indispensable complement to the Guidelines and is highly recommended reading for ship officers and shore staff with a cyber security risk management role.

David Loosley

Secretary General and CEO


Cyber attacks are on the rise, with criminals and State actors all setting their sights on shipping. This is a threat we cannot ignore. Our vessels have become more technologically advanced, with the growth of the Internet of Things and our shipboard systems increasingly connected to the internet and to systems ashore. Today’s modern ships are a target-rich environment for cyber attackers. A number of high-profile incidents on major shipping companies in recent years have demonstrated the serious potential for major disruption to operations and safety for maritime trade. It is essential that shipping remains resilient against these threats if it is to continue to carry the vast bulk of global trade safely and securely.

Awareness of the threat presented by cyber attack to shipping has increased, as have the mechanisms to reduce it. The IMO requirement to include cyber risk management in the Safety Management System from 1st January 2021 has brought cyber risk management into the statutory realm. Class and insurance requirements now also play a role in maintaining the cyber security of ships. Today, the shipping industry is better placed than ever to safeguard the vital service it provides from cyber attack. However, we should not grow complacent; regular risk assessments of your company’s cyber weak spots, training and awareness campaigns for staff and plans for recovery if a cyber attack occurs are all essential to stay resilient to the ever-changing threat landscape.

Cyber security is central to the safe and secure operation of ships and shipping companies, and this guidance provides a comprehensive resource to understand the threat practically and continually mitigate against the risks it presents to maritime transport.

Guy Platten

Secretary General

International Chamber of Shipping




Number of Pages: 180
Published Date: October 2022
Book Height: 297 mm
Book Width: 210 mm
Weight: 1.3 kg
Publication Date: October 2022
Author: BIMCO, International Chamber of Shipping and Witherby Publishing Group

Customer Reviews

Be the first to write a review

You may also like