Cyber Security Workbook for On Board Ship Use. 1st Edition 2019. (eBook)

Look Inside

Published Date

November 2019

Also available in other formats:

Cyber Security Workbook for On Board Ship Use. 1st Edition 2019. (eBook)

(Excludes any applicable taxes)

This workbook is a practical, straightforward and easy to understand guide to support the Master and the ship’s crew with cyber security risk management. Along with detailed guidance on all aspects of cyber security protection, defence and response, the book contains comprehensive checklists to assist with the day-to-day management of onboard cyber security. It will also benefit shipowners, ship managers, ports and their IT departments.


Resolution MSC.428(98) advises administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.

Be the first to review this product

In recent years, the shipping industry has undergone a digital revolution: internet connectivity on board has become common and ship’s systems are increasingly digitised and integrated. With this growing level of connection, comes greater risk. Ships are now a common target for hackers worldwide and it has become crucial that the entire crew has an understanding of how and when cyber attacks can occur.

Using detailed, step by step checklists, Cyber Security Workbook for On Board Ship Use provides a ship’s crew with the practical skills to identify cyber risks and to protect vulnerable onboard systems. It also gives guidance on how best to detect, respond and recover in the event of a cyber attack.

This publication has been produced by BIMCO, ICS (International Chamber of Shipping) and Witherby Publishing Group.




Section:1 – Introduction

Section:2 – Identifying Risks

2.1 Vulnerable Ship Systems
2.2 What is a Cyber Attack?
2.2.1 Attacker Profiles
2.2.2 Types of Cyber Attack
2.3 Cyber Security Risk Management

Section:3 – Protection, Prevention and Training

3.1 Prevention of Malware Attacks
3.2 Software Updates
3.3 Endpoint Protection
3.3.1 Anti-virus
3.4 Passwords
3.5 Cyber Security and the SMS
3.5.1 Cyber Security and the Ship Security Plan (SSP)
3.6 Crew Training
3.6.1 Cyber Security Familiarisation
3.6.2 Ship Cyber Response Drill
3.6.3 Crew Training Cyber Security Checklist

Section:4 – Detect, Respond and Recover: General Principles

4.1 Detecting a Cyber Incident
4.2 Detecting a Cyber Incident Checklist
4.3 Incident Response
4.3.1 Cyber Recovery Plan
4.4 Responding to a Cyber Incident On Board

Section:5 – Detect, Respond and Recover: Ship’s Business Systems

5.1 Onboard Business Computers
5.1.1 USB Ports and Drives
5.1.2 Personal Devices and USB Ports
5.1.3 Onboard Business Computer Checklist
5.2 Network Segregation On Board
5.3 Network Segregation
5.4 Wireless Networks
5.4.1 Business WiFi
5.4.2 Crew WiFi
5.4.3 Guest Access
5.4.4 WiFi Network Security
5.4.5 Virtual Private Network (VPN)
5.4.6 Networks (Wireless and Wired)
5.5 Satellite Communications Equipment
5.5.1 Satellite Communications
5.6 Cellular Data Connections
5.7 Connecting to Shore WiFi in Port
5.7.1 Shore WiFi in Port Checklist

Section:6 – Detect, Respond and Recover: OT Systems

6.1 Understanding OT Systems
6.1.1 OT Systems Checklist for Crew
6.2 ECDIS Security
6.2.1 Recognising Genuine NAVTEX Messages
6.2.2 ECDIS Cyber Security Checklist
6.3 GNSS Security
6.3.1 Cyber Security Checks on the Nav Bridge during Watchkeeping
6.4 Engine Department Considerations

Section:7 – OT Cyber Security: Onshore Office and IT Department Considerations

7.1 Ship’s Architecture and the IDMZ
7.2 Asset Management
7.3 How is Data Transmitted?
7.3.1 Convertor Security
7.4 OT Systems Risk Assessment
7.5 Securing OT Systems
7.6 OT Systems Checklist for IT Department/Onshore Office


Annex 1 – Regional Regulatory Guidance
Annex 2 – Checking for Windows Updates
Annex 3 – Creating User Accounts
Annex 4 – Checking for Segregated Networks
Annex 5 – How to Check that Anti-Virus Software Updates are Applied
Annex 6 – Understanding NMEA 0183
Annex 7 – EXAMPLE Cyber Security Familiarisation Checklist for New Crew Members
Annex 8 – Abbreviations/Definitions
Annex 9 – Further Resources

In 2017, the International Maritime Organization (IMO) adopted Resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management Systems (SMS).This Resolution states that an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code. It encourages administrations to ensure that cyber risks are appropriately addressed in the SMS no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.


Version 3 of ‘The Guidelines on Cyber Security Onboard Ships’, which was produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF and the WSC, provides guidance on maritime cyber risk management. While primarily aimed at addressing the safety consequences of cyber incidents on board ship, the principles and protection measures in the Guidelines are equally applicable to all organisations in the maritime industry.


These Guidelines are aligned with IMO Resolution MSC.428(98) and the IMO’s guidelines.They provide practical recommendations on maritime cyber risk management and should be read in conjunction with this workbook.


Cyber outlook for shipping

While shore based advances in internet connectivity have been substantial over the last 20 years, shipboard access to the internet has not developed at the same rate. However, due to the increased availability of affordable VSAT communications this is improving and the world fleet is increasingly better connected. In the Futurenautics Crew Connectivity Survey in 2015, it was estimated that the average availability of internet access across all fleet sectors stood at 43%. By 2018 this figure had almost doubled to 75% and it continues to rise.


However, with the comparatively rapid increase in internet connected ships comes an increased risk of cyber incidents. Existing PCs on board are often dated and are networked with no added security protocols. On board, dedicated cyber security procedures and adequate crew training are often lacking.

BIMCO is the world’s largest direct-membership organisation for shipowners, charterers, shipbrokers and agents. In total, around 59% of the world’s cargo fleet is a BIMCO member, measured by dead weight tonnes (DWT).

BIMCO is a ‘not for profit’ organisation with NGO status, headquartered in Copenhagen, Denmark, and with offices in Athens, Shanghai and Singapore.

The organisation has around 1,900 member companies across 120 countries – including large and small shipowners, shippers, oil majors, brokers, local port agents, law firms, maritime security companies and national shipowner’s associations among others. The core of the BIMCO membership is around 800 shipowner members who combined control around 83% of containership tonnage, 59% of dry bulk tonnage and 51% of tanker tonnage (all measured by DWT).

BIMCO’s goals are to secure a level playing field for the global shipping industry and to deliver practical tools, advice and guidance to its members across the main shipping sectors. BIMCO therefore works to promote and secure global standards and regulations for the maritime sector.

The organisation’s century long effort into creating standard contracts and clauses is a strong expression of that aim. BIMCO is considered the world leader in developing standard contracts and clauses in shipping.



The International Chamber of Shipping (ICS) is the principal international trade association for the shipping industry, representing shipowners and operators in all sectors and trades.


ICS membership comprises national shipowners' associations in Asia, Europe and the Americas whose member shipping companies operate over 80% of the world's merchant tonnage.


Established in 1921, ICS is concerned with all technical, legal, employment affairs and policy issues that may affect international shipping.


ICS represents shipowners with the various intergovernmental regulatory bodies that impact on shipping, including the International Maritime Organization.


ICS also develops best practices and guidance, including a wide range of publications and free resources that are used by ship operators globally.

Title: Cyber Security Workbook for On Board Ship Use. 1st Edition 2019. (eBook)
Number of Volumes: 1
Number of Pages: 260
Product Code: WS1728EA
ISBN: ISBN 13: 978-1-85609-832-8 (9781856098328), ISBN 10: 1-85609-832-X (185609832X)
Published Date: November 2019
Binding Format: Hardback

Bought this product? Why not review it?

If you have a question about this product, please contact us directly.

Windows eBooks:


To access the eBook, you need to install our free Windows eBook Reader.

The application can be downloaded from:


Standalone eBooks are supplied with 1 licence + 1 backup and are not transferable between platforms.


Remote Desktop Services (Terminal Services) and virtual environments are not supported.


The Windows eBook Reader works with Windows XP or later OS (but not Windows RT).

See more details.


Cloud (online) eBooks:


The Cloud (online) eBooks use Microsoft Silverlight browser plugin to deliver the best possible reading experience with the ability to work in offline mode.


It is an annual subscription service (i.e. each eBook is purchased for 1 year of use).

Online licences are not transferrable to Windows or iPad (or vice-versa).


Silverlight is compatible with the major web browsers used on Windows and Mac OS X operating systems.

However it is not supported on Linux, Android, Windows RT and iPad devices and therefore the Cloud eBooks use an HTML site in these instances.

The HTML site is more restricted than the Silverlight version.


See and more details.


Note for Mac Users:


Mac users can read Windows eBooks with Boot Camp or using virtual machines such as Parallels Desktop, Virtual Box, ...

Alternatively, Cloud (online) eBooks are accessible on Mac, including the Silverlight plugin with offline mode.


Note for Linux Users:


Linux users can read Windows eBooks using a virtual PC.

Alternatively, the HTML version of the Cloud (online) eBooks is accessible.


Note for Tablet Users:


Tablets owners can use the HTML version of the Cloud (online) eBooks.


Look Inside Text