Your biggest onboard considerations will always be about USBs…
Even if you have…
• The most advanced reactive mechanisms.
• All measures taken on network perimeters.
• Air-gapped every single ICS, OT and IT systems.
You cannot control the content of USBs, and you are aware that Cyber Security incidents are mainly onboard generated.
VTalos = Regulate and control incoming USB files as simple as 1-2-3.
For a monthly fee…
VTalos Answering on Physical and Logical Level.
BV Class Notation: “(a) Perimeter protection: Following the intention to check compliance and to train crew members, cyber managed also checks usage of external digital devices on the ship networks. The objective is to define procedures in order to verify ingoing equipment such as USB media or laptops. (b) Serial interface monitoring mechanisms includes USB (Universal Serial Bus) activity, removable media usage, restriction or limitation and any other kind of serial link usage. (c) Media scan: A policy about malicious software scanning on removable or mobile digital assets is to be defined in the Cyber Security Policy.”
DNV-GL RP-046 Cyber security resilience management: “Spreading via unsuspecting and insufficiently trained users in combination with unsecured internet access or insufficiently protected use of portable storage devices like USB sticks, the infection thrives. Typical questions to help determine systems to spot check. Are personal USB and data storage devices allowed on the company network? Are USB sticks scanned? Cleaned? Blocked?”
ABS Cybersecurity Implementation: OTB8-6 No access to OT systems via USB port is allowed without prior testing of the device and/or data to be transferred by that port.
ISM Code: 220.127.116.11 Industry Guidelines: Controlling the use of removable media, access points and the creation of ad-hoc or uncontrolled data flows. This may be achieved by restrictions on the use of removable media.
TMSA 3 Article 13.2.4: Encourage responsible behaviour by shore-based personnel, vessel personnel and third parties. Such behaviour may include: Control/prevention of misuse of portable storage and memory sticks.