Cyber security and MARS
Have you experienced a cyber security incident?
Maritime accident reports are a great way to learn a lesson in being safe and making sure that you don’t make the same mistakes. The risks with cyber security are so new that there are no official reports available yet – although there is plenty of evidence from people who have experienced minor incidents.
Here, we look at a MARS report that includes three incidents where unapproved computer applications were downloaded to the bridge computer and interfered with the system. Learn from and share this report.
If you have experienced an incident that involved cyber security, let us know in complete confidence so we can help keep others safe. We will not publish any of your personal or company information. Email us at: [email protected]
200812 Unauthorised computer applications
Three different vessels in our fleet reported these worrying incidents:
Vessel 1:
The OOW was found playing games on the bridge computer while navigating in congested waters. Further investigation revealed that he had apparently opened an innocuous short-cut icon on the screen entitled 'Navigation' which once opened, launched a computer game.
Vessel 2:
A non-approved programme was installed on a chart correction computer, which immobilised it. Findings revealed that a deck officer had installed an unauthorised and infected programme. As a result the system became inoperable and until it was fully restored, there was considerable delay in effecting chart corrections.
Vessel 3:
After realising that the chart correction computer was not connected via an uninterrupted power supply (UPS) unit, the ship's staff located a 'spare' UPS and decided to install it. Subsequent difficulties in email exchanges and printing chart correction tracings were later attributed to this incompatible UPS.
Corrective actions
The fleet was reminded about the following company policies:
- No unauthorized programme should be loaded on any of the ship's computers.
- All ships' computers should be regularly checked for unauthorised programmes and viruses.
- The bridge computer is installed solely for chart corrections and watch-keeper programmes and to assist deck officers in administrative tasks and should only be used in port, or only by off-duty staff while at sea.
- If any unauthorised software is detected, the company is to be consulted on determining a safe method of uninstalling such programmes without damage to equipment or loss of data.
The company should be consulted in case of any software or hardware defect or deficiency and hasty, unilateral actions must not be taken.
{preside:objectrender:activeobjects.comment:viewHandler(title=Have%20you%20experienced%20a%20maritime%20accident%3F%20Let%20us%20know%20%23NavInspire,showTitle=1,showAuthor=1,showTimestamp=1,addComment=1,approveComment=1,approverEmail=laura.nicholls%5Bat%5Dnautinst.org,paos_name=,paos_instanceid=,editactiveobject=,sfb_comment=true)}