Scribd Logo
Upload

Welcome to Scribd!

  • ISPS Ship Shore Exercise Cyber Security

    Uploaded by

    Alex Kenkadze
    5 views3 pages
    A ship was loading cargo in port when a shore worker accessed the chief officer's phone and computer without authorization, inserting a thumb drive and crashing the ship's computer systems. This included systems on the bridge, control room, and engine control room. The master declared an emergency exercise to test the ship's cyber security response, increasing security levels and contacting technical experts to investigate and restore systems. Actions included identifying the incident, restricting access, investigating unauthorized devices, setting up alternate communications, and debriefing the exercise.

    Original Description:

    Scenario & Format for S&S security Exercise

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    A ship was loading cargo in port when a shore worker accessed the chief officer's phone and computer without authorization, inserting a thumb drive and crashing the ship's computer systems. This included systems on the bridge, control room, and engine control room. The master declared an emergency exercise to test the ship's cyber security response, increasing security levels and contacting technical experts to investigate and restore systems. Actions included identifying the incident, restricting access, investigating unauthorized devices, setting up alternate communications, and debriefing the exercise.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views3 pages

    ISPS Ship Shore Exercise Cyber Security

    Uploaded by

    Alex Kenkadze
    A ship was loading cargo in port when a shore worker accessed the chief officer's phone and computer without authorization, inserting a thumb drive and crashing the ship's computer systems. This included systems on the bridge, control room, and engine control room. The master declared an emergency exercise to test the ship's cyber security response, increasing security levels and contacting technical experts to investigate and restore systems. Actions included identifying the incident, restricting access, investigating unauthorized devices, setting up alternate communications, and debriefing the exercise.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Cyber Security

    ISPS Exercise 2018

    SCENARIO
    Ship in port loading Cargo, C/O’s personal mobile phone left in Office room
    next to CCR. Shore personal who boarded with Loading Master for collecting
    cargo sample accessed C/O’s mobile phone and noted down the user ID and
    password of Office computer. Later shore personal accessed to the Office
    computer with C/O’s user ID and password, insert a thumb drive to the PC.
    Later C/O discovered Office computer crashed and noted thumb drive access
    point breached (unlocked). He informed Master.
    Master checked other computers as ship’s office computer is connected to
    PC’s located on bridge, CCR and ECR, these PC’s (including PC for email)
    also corrupted.

    Master announced and sounded signal for Mustering for Emergency Exercise
    keeping Gangway access control and security measures in level 2.

    Master called CSO and inform Ship’s all Computers and e-mail
    communication system crashed and possible Illegal access of ship’s computer
    system. NOVACO (Notices to Mariner) and Electronic Chart correction
    receiving system not available.

    ON SCENE COMMANDER: Ship Master


    EXERCISE CONTROLLER: Capt. Mesbah
    SHORE CONTROLLER: CSO Ng Kwang Chiau / Alternate CSO Clifton
    ASSISTING ASHORE: Capt. Ghazi / Capt. Zaman

    ACTIONS TO BE TAKEN

    1.Call Company’s 24 Hrs Emergency contact number +65 83380272


    Or please call the following number before commencement of the
    Exercise
    1. Capt. Clifton +65 82227228
    2. Capt. Mesbah +65 91552510
    3. Capt. Ghazi +65 98347933
    4. Capt. Zaman +65 88692807
    2.Immediately Increase the security measure to level 2
    3.Be aware of the Cyber security Policy (OT-TK-12.1) and user
    responsibilities
    4. Immediately inform technical Dept

    Page 1 of 3
    5. All access control to Critical information to be suspended by all on board
    users
    6. Conduct an Extraordinary Security Meeting with All Crew (Explain Cyber
    Security Objective and Policy OT-TK-12.1).
    7.Investigate if any Shipboard user used/ attached unauthorized devise for
    any purpose?
    8.Visitor log to be seized and check the details of the person boarded with
    Loading master and others.
    9. As email system collapsed therefore Master to setup alternate
    communication method. e.g IMARSAT C.
    10. Master to arrange with local agent to get Notices to Mariners for
    passage Plan for the intended voyage.
    11. Company to identify the nature of cyber security incident
    12. Master to follow the IT Dept advice to try to restore and access to the
    applications and Databases needs immediate attention.
    13. Office to demonstrate activating various concerned party in accordance
    Cyber security service provide.
    14. Keep record details and on board timing
    15. Conduct a debriefing of the exercise with captain
    16. Record the exercise in SSP appendix 14.3

    1. GENERAL

    1.1 Exercise would commence at anytime Master/SSO feel appropriate.


    Exercise can be conducted while preparing/transiting High Risk Piracy
    Areas as per SOP.
    1.2 To avoid misrepresentation, all communication by RT, telephone, fax,
    or verbal must be prefixed by:
    “THIS IS AN ISPS PIRACY EXERCISE OCEAN TANKERS / REPEAT
    FOR EXERCISE OCEAN TANKERS”

    2. OBJECTIVES:

    2.1 To comply with ISPS code Part A 3.5, part B 13.7, company
    regulation OT-SSP-14/3 and SOP.
    2.2 Cyber Security is the preventative techniques used to protect the
    integrity of networks, programs and data from attack, damage, or
    unauthorised access.

    3. ABORTION OF EXERCISE:
    3.1 Ocean tankers OSC will issue:
    “THIS IS ISPS EXERCISE OCEAN TANKERS ABORT,
    REPEAT EXERCISE OCEAN TANKERS ABORT”

    3.2 If above exercise happen to escalate to a real incident, the


    following announcement will be made:
    “THIS IS ISPS EXERCISE OCEAN TANKERS REAL, REPEAT
    EXERCISE OCEAN TANKERS REAL”

    Page 2 of 3
    4. TERMINATION OF EXERCISE

    4.1 Ocean tankers OSC will issue:

    “ISPS EXERCISE OCEAN TANKERS IS TERMINATED,


    REPEAT ISPS EXERCISE OCEAN TANKERS TERMINATED”

    5. DEBRIEFING:

    This meeting will be held at the vessel meeting room. All major
    participants are requested to attend. Participants who cannot attend is
    requested his comments on the exercise by another person.
    Minimum points to discuss in debriefing;
    1. Strength; what are the things went well, any Best Practice?
    2. Weakness; what are the things went wrong.
    3. Recommendation of improvement.

    ON COMPLETION EXERCISE MASTER TO KEEP ALL


    RECORDS
     Exercise Scenario
     15.1
     Form- Ship-Shore Exercise (Appx 14.3)

    List of Photos required to be submitted

    1. Photos of crew performing security meeting.


    2. Master calling CSO
    3. Investigation of Breached Computer
    4. Visitor log

     File in SSP and send all photo-copies (including pictures) to Office


    (IAD) through Email.

    Page 3 of 3

    You might also like