Cyber Assessment Onboard
Cyber Assessment Onboard is a service designed to assist every shipping or ship-management company lower the cyber risk onboard their vessels which is a major requirement for compliance, certification and vetting.
The service aims to assess the overall cyber hygiene onboard, including but not limited to software vulnerabilities. Starting from the external cybersecurity posture , which poses the greatest attack surface, and gradually moving inwards towards the core of the infrastructure.
Key Service Stages:
Familiarization
It is recommended to share details in prior to the assessment, like network maps, the vessel’s cybersecurity manual, procedures, crew awareness training as well as external IP addresses and domains. This assists in minimizing time spent onboard, and allows more precise results.
1
External VA
The external vulnerability assessment is the detailed examination of publicly available services.
2
Internal VA
The networks are enumerated and assets are scanned for vulnerabilities,. This includes Crew or Guest networks.
3
Vulnerability Management
Detected vulnerabilities are verified and scanned for false positives. Potential impact of each vulnerability is estimated also taking into account procedures and other non-technical aspects that could amplify effects.
4
Procedures Evaluation
Evaluation of procedures being followed by the crew is vital as statistically most attacks targets humans rather than systems. Procedures include crew awareness training and cyber culture. Messaging is also a known security hazard in shipping industry, which is examined in terms of technologies, protocols and standards used as well as delivery and relay automations.
5
Reporting
All data is further analyzed and a report is being prepared starting from executive summary overall posture of vessel, followed by extensive analysis of findings, potential attack scenarios and recommendations for cyber hardening per finding.
6