サイバーリスクマネジメントに関するUSCG指摘(2)

トップページ / KAIRIKI Circular / サイバーリスクマネジメントに関するUSCG指摘(2)
2023.05.24
Please scroll down for English translation.

サイバーリスクマネジメントに関するUSCG 指摘の情報を入手しました。指摘内容は下記です。

Ø Username and Password was openly displayed for onboard PC


この指摘は下記USCG Work Instruction CVC-WI-027(2)に基づく指摘と考えます。

F. Vessels subject to the ISM Code (U.S. & Foreign Vessels).

1. Basic Cyber Hygiene. The MI/PSCO shall identify when basic cyber hygiene procedures are not in place onboard.  These include, but not limited to the following:

a. Poor cyber hygiene

1) Username / Password openly displayed

2) Computer system appears to require a generic login or no login for access

3) Computer system does not appear to automatically log out after extended period of user inactivity

4) Heavy reliance on flash drive/USB media use

USCG Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI)
Vessel Cyber Risk management Work Instruction CVC-WI-027(2) Org. Date 27OCT20, Rev. Date 18FEB2021

【推奨】
ユーザー名/パスワードは船長もしくは指定された人物による機密事項としての管理を推奨します。
パソコン周辺を含む開放された場所での表示/掲示はされるべきではありません。


お困りごとがございましたら、弊社までお気軽にご相談ください。



Dear Valued Customers & Business Partners,

 

USCG Deficiency on Vessel Cyber Risk Management(2)

We have received the latest information regarding Cyber Security Risk Management Deficiency issued by USCG.

Detail of the deficiency as follow.

Ø Username and Password was openly displayed for onboard PC


These deficiencies are considered to be based on the USCG Work Instruction CVC-WI-027(2) as follows:

F. Vessels subject to the ISM Code (U.S. & Foreign Vessels).

1. Basic Cyber Hygiene. The MI/PSCO shall identify when basic cyber hygiene procedures are not in place onboard.  These include, but not limited to the following:

a. Poor cyber hygiene

1) Username / Password openly displayed

2) Computer system appears to require a generic login or no login for access

3) Computer system does not appear to automatically log out after extended period of user inactivity

4) Heavy reliance on flash drive/USB media use

USCG Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI)
Vessel Cyber Risk management Work Instruction CVC-WI-027(2) Org. Date 27OCT20, Rev. Date 18FEB2021

【Recommendation】
 Username / Password should to be controlled by the Master or the designated person as confidential
information. It shall not be displayed opened place including on or around the PC.


If you have any concern about cyber security for your vessels, please feel free to contact us.