Activity 4:

STAGES OF A CYBER ATTACK

Name:

Course:

Date:

Questions

Self-Assessment Questions (SAQ)

Pretest

True or False; Write True if the statement is correct, otherwise, False, if it is wrong.

1. The extent to which an attacker can breach a company’s or ship’s system will depend
on the significance of the vulnerability found by an attacker and the method chosen to deliver
an attack.

2. Companies should evaluate the cyber risk management processes for both new and
existing contracts

3. A set of cyber risk requirements that reflect the company’s expectations should be
indistinct and ambiguous to vendors.

4. The use of open/public sources that may be complemented by monitoring actual data
flowing into and from a company or a ship is called spoofing.

5. Pivoting is the technique of using an instance already exploited to be able to “move” and
perform other activities.

6. Stand-alone systems are more vulnerable to external cyber-attacks compared to those

attached to uncontrolled networks or directly to the internet.

7. Usually, in the Pivot phase, the attacker may try to execute a discovery of neighbor systems
with scanning or network mapping tools.

8. It should be noted that a breach might result in any obvious changes to the status of the
equipment.

9. Open/public sources are used to gain information about a company, ship or seafarer in
preparation for a cyber-attack.
 10. The length of time to prepare a cyber-attack can be determined by how the system handle
the risk.

Self-Assessment Questions (SAQ)

Answer briefly the following questions:

Classify the most common vulnerabilities that might occur on the given onboard systems below.

Systems Vulnerabilities
Cargo management systems

Bridge systems

Propulsion and machinery

management and power control
systems
Access control systems

Passenger servicing and

management systems
Administrative and crew
welfare systems
Communication systems
Suggested Enrichment Activity

Write a one paragraph reflection about your learnings in this lesson.