The course participants will learn how to identify, analyze and manage cyber security vulnerabilities that are common in shipping today. They will gain hands-on practice applying tools that identify weak spots in their systems both onboard and in the office, and learn how to close these gaps themselves.
Who should attend:
Duration: 2 days
The shipping industry employs a unique setup of operational (OT) and information (IT) technologies. IT and OT systems on board are faced with vulnerabilities, “exploits” and threats which could be devastating not only for the vessel, but also for the crew, passengers and the environment.
This training course consists of a theoretical and a practical part; firstly, some introductory information needs to be shared and discussed in plenum, then the participants will start to get familiar with a variety of scanning tools on their own laptops during a truly hands-on workshop, in a simulated lab environment.
On completing this course, the participants will be fully aware of the cyber security vulnerabilities that are commonly found in the shipping industry today, and know how to use appropriate tools to find weak spots and close the gaps on a day-to-day basis.
Focus Pointsa) Theoretical part
- Vulnerabilities, “exploits” and threats that are relevant in the shipping industry today
- Suitable tools and methods used to identify vulnerabilities, etc. in IT and OT systems and networks onboard vessels and in the office
- Evaluating security alerts and patch information from e.g. the National Vulnerability Database
- Managing vulnerabilities, “exploits” and threats in a manner that is adapted for your own company and the harsh conditions in the shipping industry
- Using scanning tools that reveal weaknesses in switches, firewalls and the network
- Detecting server vulnerabilities like buffer overflow attacks, SQL injection, uploading rogue scripts, catching buffer overflow attacks, etc
- Revealing desktop vulnerabilities such as patch level, anti-malware configuration and update level
- Configuring scanners and generating reports (preventing false negatives, handling false positives, extracting and interpreting reporting data)
This classroom training expands and complements DNV GL's Maritime Cyber Security Services