Please rotate your device.

Unsupported Browser

Unfortunately, you are using an outdated browser.

Please use one of these browsers to improve your experience and security.

IMO Risk Area: Communication Systems

Risk: Onboard antennas onboard connect the ship to the outside world, making them vulnerable to attack.

Impact: Compromise of antennas could cause loss of communication, having a major impact on safety.

Risk: Antennas are controlled by tuning devices that in turn are controlled by Internet-connected software.

Impact: Compromise of tuning units by malware could enable false data transmission such as AIS spoofing.

Risk: Antennas are the receiving point for meteorological updates.

Impact: Malicious reports received by the antenna could lead to incorrect decisions on the ship’s route.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Bridge Systems

Risk: The chart navigation system is critical to ship operations and safety and must be updated regularly.

Impact: Updates often require an Internet connection, which is a potential entry point for malware.

Risk: Chart navigation system updates are sometimes installed from a USB drive or other detachable media.

Impact: USB drives may carry malware and infect the network, disrupting the navigation system.

Risk: Chart navigation systems provide live course information to the ship’s autopilot.

Impact: Incorrect information provided by malware could lead the autopilot in the wrong direction.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Bridge Systems

Risk: IPMS controls all onboard operational devices, and is vulnerable to attack when Internet-connected.

Impact: Compromise or damage to the IPMS could lead to a complete halt of the vessel for several weeks.

Risk: The IPMS server is connected to the ship’s OT network.

Impact: Any device connected to the network would send corrupted or malicious information to the server.

Risk: Live data from the IPMS server is used to inform critical human- and machine-made decisions.

Impact: Inaccurate or maliciously altered data could lead to bad decisions and put the ship at risk.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Propulsion and Machinery Management and Power Control Systems

Risk: Compromised software could provide inaccurate or intentionally altered data about the engine.

Impact: Crew or automated systems could make poor decisions and put the ship at risk.

Risk: Engine monitoring systems are often Internet-connected, providing an entry point for attackers.

Impact: This entry point could allow malicious access, causing damage to the engine software.

Risk: Related machinery (e.g., lubrication pumps) also use connected software to aid engine monitoring.

Impact: Compromised software could lead to incorrect engine operation, causing serious damage.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Network Segregation

Risk: Onboard servers control all administrative activities across the ship.

Impact: Connecting an unknown device could allow malicious software to compromise servers.

Risk: Onboard servers are Internet-facing to enable communication with shore-based offices.

Impact: Poor firewall configuration could allow malicious access or software into the ship network.

Risk: Servers are the brain of the ship’s administrative network and must be at least password protected.

Impact: Poor passwords (or those stored on sticky notes) can be easily compromised by attackers.

Risk: Vital maintenance and schedule data relating to onboard machinery is stored in the ship’s main servers.

Impact: If the ship’s network is infected with ransomware, all of this data could be lost.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Propulsion and Machinery Management and Power Control Systems

Risk: Ship switchboards are controlled by built-in software and Programmable Logic Controllers (PLCs).

Impact: Compromised or damaged software could lead to a complete blackout of the ship.

Risk: Power generators are managed by software controllers which route very high currents across the ship.

Impact: Malicious software could alter system configuration and cause the switchboard to catch fire.

Risk: Live monitoring of electricity consumption is essential to ship operations.

Impact: If an unknown device is connected, corrupted data could affect critical operations.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Propulsion and Machinery Management and Power Control Systems

Risk: Thrusters are controlled by Internet-connected software, which may be insecure.

Impact: Compromise could lead to complete loss of propulsion.

Risk: If an unknown device connects to the network, thrusters may receive faulty or malicious commands.

Impact: Worst case, control of the vessel could be lost.

Risk: Any Internet-connected device is a potential entry point to the ship’s network.

Impact: compromised devices may allow attackers access to the ship’s OT.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Propulsion and Machinery Management and Power Control Systems

Risk: Most onboard machinery uses embedded software to provide live information for monitoring purposes.

Impact: An unknown device connecting to the network could introduce malware that affects ship operations.

Risk: Winches are equipped with sensors which provide data to the crew during mission-critical operations.

Impact: Malware can cause sensors to send incorrect information, with potential safety consequences.

Risk: For vessels that use hydraulic machinery, pressure sensors enable the crew to work safely.

Impact: Malware from a USB drive could spoof control signals and reduce pressure, causing a failure.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Administrative and Crew Welfare Systems

Risk: Crew typically need access to the public Internet for personal usage.

Impact: Accessing websites may cause accidental virus downloads, damaging the ship’s network.

Risk: The OT network is the ship’s main network, and is essential to proper functioning of the ship.

Impact: Crew or visitors connecting to the OT network for personal use may cause it to slow down.

Risk: Visitors coming onboard the ship may bring unknown computers and/or devices with them.

Impact: Plugging unknown devices into the ship’s network could interfere with critical operations.

For more information and to download our IMO Cyber Risk checklist please click here.

IMO Risk Area: Passenger Servicing and Management Systems

Risk: While crew is onboard, personal information such as passport numbers must be stored.

Impact: Personal information is very valuable to hackers and must be protected.

Risk: A crew list and related data is essential (and a legal requirement) for crew safety.

Impact: Ransomware could lock this data while the ship is at sea making safety verification impossible.

Risk: Most onboard activities (e.g., payments, reservations, and orders) are managed by software.

Impact: Malware introduced to the ship’s network could shut down all entertainment systems.

For more information and to download our IMO Cyber Risk checklist please click here.