Address the human factor in cyber security
With the increasing use of systems with embedded software on ships and mobile offshore platforms, cyber security is becoming critical not only for data protection, but also for reliable operations. According to Symantec Security Response, “You don’t need as many technical skills to find one person who might be willing, in a moment of weakness, to open up an attachment that contains malicious content.” 97% of attacks actually consist of trying to trick a user using social engineering techniques. Phishing and social engineering, unintentional downloads of malware, etc., are common issues.
DNV GL offers an e-learning course for your crews and shore staff to raise awareness concerning cyber security, focusing on issues such as what typical cyber-attacks are and how staff can contribute to your company’s cyber security. The e-learning course “Maritime Cyber Security Awareness” developed by DNV GL’s Maritime Academy raises awareness about threats and countermeasures, addressing your cyber security management system by encouraging the crew’s good cyber hygiene. The course explains in simple steps how and where cyber-attacks may target not only your direct IT infrastructure, but also the embedded software in assorted operational technology (OT) systems on board.
The easy-to-understand course is intended for a wider audience, the material also leverages key safety management practices and shows how they can be applied to cyber security within the maritime and offshore industries.
Your benefit – How it works
Each user will receive an individual access code for the course and an electronic certificate upon successful completion. This makes it possible to keep track of and verify who has done the training. The course is available online, which means it can run from every computer with Internet access, or on board the vessel via our Seagull CBT distributor.
What we offer – The course
The course is designed to help you address the single most important issue in cyber security – staff awareness. The course uses easy-to-understand language concepts to address the crew and staff member.
Four training modules outline the role of each individual in preventing breaches of cyber security and mitigating damage in the event of a successful cyber-attack. With the tool, the users will understand how changing their behaviour can make a real contribution to cyber security.
This course is in compliance with the new TMSA 3 element of Maritime Security.
- Module 1: Your role as a user in cyber security – This module starts with raising awareness that software is not just found in obvious IT systems, but also embedded in many types of equipment essential for operating ships and offshore assets. Concrete examples of cyber-attacks on ships and offshore platforms are used to explain the importance of each individual for cyber security and the role the crew play in protecting themselves and the company against cyber-attacks.
- Module 2: Common threats & traps – The module focuses on typical threats, such as phishing or hacker attempts trying to trick you into installing malicious software. The participant learns how to detect such cyber-attacks and what actions to take.
- Module 3: Good practices towards cyber security – Through illustrative examples, the module communicates good practices such as proper handling of personal mobile devices, USB sticks, passwords and remote connections.
In addition to the three awareness modules, we offer another module for IT managers and those involved in cyber barrier management.
- Cyber management module: Cyber security countermeasures – This module applies lessons from the first three modules. Countermeasures cover preventive measures (e.g. updating antivirus software) and reactive measures (e.g. procedures after a detected security breach). The module reminds participants that their behaviour is actually a key countermeasure in their company’s cyber security.
More than just a cyber security course
Cyber security threats have increased over the past few years in the maritime industries. DNV GL offers an immediate solution to help you train your staff to be cyber secure – it is time to act.
This course is complying with TMSA 3 element 13 and 13.2.4 KPI/best practice and encourages responsible behaviour by shore-based and vessel personnel towards:
- Locking of unattended work stations
- Safeguarding of passwords
- No use of unauthorised software
- Responsible use of social media
- Control/prevention of misuse of portable storage and memory sticks
We can adapt the course to suit your company or add specific consulting activities. Think about your cyber security needs and discuss the possibilities with us.