Beruflich Dokumente
Kultur Dokumente
QUEEN PROTOCOL
IMO 9260031
This plan should be kept with the IT manager (In office) & the
Master (On Board) and used as a practical guide regarding CYBER
SECURITY, in supplement to the company Safety Management
System.
The present manual is property of the manager of the vessel and may not be removed from the vessel or
reproduced wholly or partly in any manner without the prior agreement of the manager of the vessel.
SECTION CSMP
CYBER SECURITY PAGE NO. 2
MANAGEMENT PLAN REVISION 0
ISSUE DATE 14/09/2018
A. On board vessel shall be kept secured by the Master in his Cabin (Identified
as Restricted Area). Only Master, Ship Security Officer/Cyber Security
Officer, Company Security Officer shall have access to this plan
B. Within Company’ premises shall be kept by Company Security officer. Only
Top Management, head of departments, CSO and IT personnel assigned,
shall have access to this plan.
INDEX
ALL DOCUMENTS LISTED BELOW ARE CONTROLLED
a) The aim of this document is to offer guidance to office and ship staff on how to assess
their operations and put in place the necessary procedures and actions to maintain the
security of cyber systems on board their ships and in office.
How to raise awareness of the safety, security and commercial risks if no cyber security
measures are in place
How to protect shipboard IT infrastructure and connected equipment;
How to manage users, ensuring appropriate access to necessary information;
How to protect data used onboard ships and office, according to its level of sensitivity;
c) Company recognizes that due to fast changes to IT technologies this guidance is not the
best solution. Hence continuous efforts are being made to understand and develop the
required counter measures as and when possible.
d) Company would like to draw attention about the Cyber Security Guidelines as available
in MDCS which are to be referred to part of these guidelines
a) Master on board ships shall be responsible to ensuring compliance with company cyber
security guidelines and security
b) IT manager in each office shall be the designated Cyber Security officer (CySO) for
ensuring cyber security and procedures. Overall command of Cyber Security shall be in
Indonesia head office.
b) While assessing the risk related to Cyber Security following systems have been included
which are vulnerable to cyber-attack or may be affected from a successful cyber-attack
on board ships:
SECTION CSMP
CYBER SECURITY PAGE NO. 5
MANAGEMENT PLAN REVISION 0
ISSUE DATE 14/09/2018
ECDIS
GPS
AIS
VDR
RADAR
Inmarsat
Iridium Phone
Wireless communication system
Email communication PC / systems
Data
Engine Console
Alarm Systems
Power Management
Real Time data collection
SSAS
BNWA
CCTV
Crew Communication PC
c) Company may take external expert assistance for cyber security related issues and
planning.
SECTION CSMP
CYBER SECURITY PAGE NO. 6
MANAGEMENT PLAN REVISION 0
ISSUE DATE 14/09/2018
a) While assessing the risk related to Cyber Security following systems have been included
which are vulnerable to cyber-attack or may be affected from a successful cyber-attack
in offices:
What measures to be taken in case of disabling systems identified as vulnerable for cyber
attack
How to secure data
How to verify that data is intact in cases where penetration is suspected but not
confirmed
What to do if it’s know that data is compromised
Procedures for handling ransomware incidents
Procedures when data is lost on board or in office
Chain of responsibilities and decision-making authority under such scenario
b) Company shall ensure that procedures and contingency planning / actions are available
in hard copy format in each office and on board each ship.
c) Indonesia Head Office: Office internet is protected with hardware firewall router-
Fortigate, all client computers protected with TrendMicro business anti-virus. All servers
are located in Azure cloud service with regularly backups and recovery enable.
Conducting Cyber awareness training throughout group and branch offices. Each office
Intranet is protected by hardware firewalls against intrusion, computers by updated
antivirus software and data by cloud-based off-site data storage servers.
d) Singapore Branch: Office internet system is protected with a hardware firewall router –
FortiGate, all servers/client computers protected with Symantec Endpoint Protection
anti-virus system installed. Regular backups are available with password protected
images in NAS for recovery.
e) Delhi Branch: Office internet system is protected with a hardware firewall router –
FortiGate, all computers additionally have Trend Business anti-virus system installed.
Head office regularly conducts Cyber awareness training
SECTION CSMP
CYBER SECURITY PAGE NO. 7
MANAGEMENT PLAN REVISION 0
ISSUE DATE 14/09/2018
b) Aggregate all relevant information into IT Team. IT Team reviews the content and
immediately takes the necessary action.
c) Company recognizes that investigating cyber incidents can be a complex and challenging
task. It Manager, after discussing with top management shall decide which incidents are
to be investigated.
d) Industry guidelines on Cyber security shall be referred to under such circumstances.
e) Company may use external expert assistance to investigate such incidents as appropriate.
Ref:
It shall be reviewed at every six months as a minimum or after an incident of breach in cyber
security or cyber theft.