Maritime UK MASS CoP v2
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
10.6.5 Security measures include:<br />
n Security by design, using best practice principles;<br />
n Use of safe operating system (or no operating system at all), as many cyber-attacks exploit the operating<br />
system itself;<br />
n Air-gapping (denial of communications so that the firmware, once programmed, is safe). This eliminates<br />
backdoor attacks and is effectively applied to many sensors such as GPS, heading and depth sensors;<br />
n Command link encryption;<br />
n Use of multiple command links, effectively providing command link backup.<br />
n BIT testing to verify the integrity of firmware and mission and configuration data at run time.<br />
10.6.6 A Cyber Security Analysis shall be conducted to identify possible security vulnerabilities and their effects on the<br />
vital systems and the performance of the craft or vessel, including but not limited to the command link, the<br />
generation and dissemination of waypoints, steering, and the ability to initiate Emergency Stop.<br />
10.6.7 The Cyber Security Analysis shall be interpreted and acted upon in a manner similar to the Risk Assessment,<br />
in terms of identifying the need to apply corrective measures to reduce risk to an acceptably low level.<br />
54<br />
<strong>MASS</strong> <strong>UK</strong> Code of Practice Version 2