Please scroll down for English translation.
San Diego, Californiaに於いてサイバーリスクマネジメントに関するUSCG指摘の情報を入手いたしました。指摘内容は下記です。
Ø Vessel failed to install Blocker on USB Ports on all terminals including Main Server on Bridge
Ø Vessel terminal do not have timed session locks/screen saver after extended period of user inactivity
Ø Computer System has generic login
これらの指摘は下記USCG Work Instruction CVC-WI-027(2)に基づく指摘と考えます。
USCG Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI) Vessel Cyber Risk management Work Instruction CVC-WI-027(2) Org. Date 27OCT20, Rev. Date 18FEB2021F. Vessels subject to the ISM Code (U.S. & Foreign Vessels).
1. Basic Cyber Hygiene. The MI/PSCO shall identify when basic cyber hygiene procedures are not in place onboard. These include, but not limited to the following:
a. Poor cyber hygiene
1) Username / Password openly displayed
2) Computer system appears to require a generic login or no login for access
3) Computer system does not appear to automatically log out after extended period of user inactivity
4) Heavy reliance on flash drive/USB media use
【推奨】
1. 使用していないUSBポートへのUSBポートブロックの使用
2. 一定時間経過後の自動ログアウト/スクリーンセーバーの設定
3. 専用Passwordを用いたWindows ログインの使用
米国寄港前にUSCG Work Instruction CVC-WI-027(2) のその他の項目
についても事前チェックされることを推奨いたします。
お困りごとがございましたら、弊社までお気軽にご相談ください。
Dear Valued Customers & Business Partners,
USCG Deficiency on Vessel Cyber Risk Management
We have received the latest information regarding Cyber Security Risk Management Deficiencies issuedby USCG.
This vessel was in San Diego, California, and the detailed items pointed out by USCG are as follows.
Ø Vessel failed to install Blocker on USB Ports on all terminals including Main Server on Bridge
Ø Vessel terminal do not have timed session locks/screen saver after extended period of user inactivity
Ø Computer System has generic login
These deficiencies are considered to be based on the USCG Work Instruction CVC-WI-027(2) as follows:
USCG Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI) Vessel Cyber Risk management Work Instruction CVC-WI-027(2) Org. Date 27OCT20, Rev. Date 18FEB2021F. Vessels subject to the ISM Code (U.S. & Foreign Vessels).
1. Basic Cyber Hygiene. The MI/PSCO shall identify when basic cyber hygiene procedures are not in place onboard. These include, but not limited to the following:
a. Poor cyber hygiene
1) Username / Password openly displayed
2) Computer system appears to require a generic login or no login for access
3) Computer system does not appear to automatically log out after extended period of user inactivity
4) Heavy reliance on flash drive/USB media use
【Recommendation】
1. USB Port Blockers should be installed on USB Ports not in use.
2. Automatic logout/screen saver should be set up.
3. Windows Login with non-generic password to be used.
Other items on USCG Work Instruction CVC-WI-027(2) should be checked prior to call USA ports.
If you have any concern about cyber security for your vessels, please feel free to contact us.