What We Do
01
Regulations Compliance
The IMO (International Maritime Organization) points out some of the maritime cybersecurity compliance measures that all ships need to consider. Some of this measures are the IMO Resolution MSC.428(98), ISA/IEC 62443, ISO/IEC 27001 and TMSA.
3-Lock is focused and specialized in the compliance of the IMO Resolution MSC.428(98).
The team of 3-Lock will make sure to follow the guidelines to ensure a full compliance of the resolution, while preventing hackers and external attackers to gain any type of control or surveillance over your ship.
The IMO provides the following guidelines and recommendations for an effective cyber risk management:
1. Identify
Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that, when disrupted, pose risks to ship operations.
- Ednpoints detection
- Crew member roles and permits
- Navigation systems
- Communication systems
- Bridge Control
2. Protect
Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
Detect, develop and implement necessary activities to detect a cyber-event in a timely manner.
- Exploitation of IT and OT systems
- Monitoring and segmentation of networks
- Remote access to third-party OEMs monitored
- Physical security controls
- Satellite communications secured
3. Respond & Recover
Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.
- Likelihood of vulnerabilities reduced
- Contingency plan development
- Continuous assessment of the effectiveness of the response plan
02
Audits & Security Monitoring
Cybersecurity guidelines
3-Lock takes the approach given on the Guidelines on Cyber Security Onboard Ships to provide the best security to your ship.
Risk Identification
It’s impossible to ensure all your systems are free of vulnerabilities at any given time. Whether it’s a previously undiscovered vulnerability, a vulnerability waiting to be patched, an out-of-support system, or some other issue, vulnerabilities are there, waiting to be exploited.
- External threats
- Internal threats
- Vulnerabilities Scanning
- Inventories of onboard systems
- Network Analysis
Assess Risk Exposure
Determine the likelihood of vulnerabilities being exploited by external threats, determine the likelihood of vulnerabilities being exposed by inappropriate use, and finally determine the security and safety impact of any individual or combination of vulnerabilities being exploited.
- Security breaches extension
- Possible impact of vulnerabilities
- Crew awareness of cyber-risk
- Portfolio Architecture
- Persona/Segmentation
Security Monitoring
The monitoring of the security systems will be done according to the chosen plan for your situation, where security holes and vulnerabilities will be immediately addressed once they are detected, and a support will be available for crew employers when they need it.
- Backup systems
- Upgrade resilience on actual systems
- Cybersecurity guidelines for crew members
- Contingency Plan implementation
- 24/7 network monitoring
03
Prevention
Trainings & Cybersecurity education
Apart from preventing your ship from malicious behaviors, 3Lock offers the possibility of giving personalized trainings and education sessions about cybersecurity, risk management, assessment and good practices to avoid any unwanted outcome.
Moreover, we provide security guidelines for your crew members to make sure everyone knows what to do in a security breach, and keep control on how this breach has happened, to easily address it the next time.
We will help your crew comply with all the security measures, and guide you through all the steps alongside one of our professionals, to make sure that your systems are fully secure and protected.
Make sure that your team is fully prepared to overcome any potential thread.
Contact us to know more about our trainings.
