Maritime Cyber Security - Vessel Assessment

 
 

Vessel Security Assessment

Analysis and assessment of the cyber security posture and protection of critical assets onboard vessels

Improsec delivers an independent security analysis and assessment of the cyber security posture of IT and OT infrastructure onboard vessels. The security assessment is, among other recognized resources, based on guidelines from BIMCO, etc. on cyber security onboard ships, combined with our own experience performing vessel assessments.

Value

  • Analysis and assessment of the cyber security posture and protection of critical assets onboard vessels

  • Determine if the IT and OT infrastructure of the vessel is configured according to cyber security best practices

  • Recommendations to strengthen the security level, mitigate identified misconfigurations, vulnerabilities, as well as insufficient controls and procedures

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for managements and decision makers

  • A technical section including detailed observations and tangible recommendations to improve the security level and hardening of the IT and OT infrastructure

Method

The vessel security assessment is, among other recognized resources, based on guidelines from BIMCO, etc. on cyber security onboard ships, combined with our own experience performing vessel assessments.

The assessment is based on your specific setup and will be planned accordingly. Typically, the assessment will cover the following types of systems:

  • Bridge systems

  • Propulsion and machinery management and power control systems

  • Electronic Chart Display and Information Systems (ECDIS)

  • Automatic Identification System (AIS)

  • Access control systems

  • Cargo management systems

  • Core infrastructure systems

  • Administrative and crew welfare systems

  • Communication systems

As part of the cyber security assessment, a review of the IT and OT infrastructure onboard and how it compares to original blueprints and documentation can be performed. Furthermore, the current state of compromise from malware, virus, etc. can be assessed together with the effectiveness of implemented security controls.

Involvement

For an effective execution of the engagement, the delivery requires involvement of your IT- and OT-team, who can answer technical questions about the infrastructure.


 
 

Download full description as PDF file