MASS UK Industry Conduct Principles and Code of Practice 2022 (V6)
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Table 5-1 Remote Control Centre<br />
Table 5-1 Vessel<br />
Domain Sub Domain Threat/Attack Vector Mitigation procedure<br />
CREWED<br />
Access Control policy<br />
Keycards<br />
Domain Sub Domain Threat/Attack Vector Mitigation procedure<br />
Security zoning depending on role<br />
Security patrols during quiet times<br />
Security cameras/recording <strong>and</strong><br />
erasing policy<br />
Regular log <strong>of</strong> events<br />
Personnel<br />
See Domain 1<br />
on page 38<br />
Remote<br />
Control<br />
Centre<br />
Building<br />
security<br />
Equipment<br />
Access Control<br />
Security<br />
Security breach procedure<br />
Reference list <strong>of</strong> emergency contact<br />
numbers<br />
Duty call out register<br />
Procedures to follow in an emergency<br />
Separate recreation area where staff<br />
can access net for social media for<br />
personal access - not connected to<br />
operational networks<br />
Robust IT/OT policy, encryption,<br />
regular tests<br />
IT <strong>and</strong> communications equipment,<br />
servers <strong>and</strong> routers<br />
In secure, access controlled location<br />
Regular security exercises to check<br />
staff responses<br />
Monitor for unusual activity/response<br />
Consider segmenting network to<br />
ensure that staff net access is not<br />
connected to operational systems<br />
Regular checks to ensure no devices<br />
have been added<br />
Regular system scans for run<br />
authorised s<strong>of</strong>tware<br />
System components specifically<br />
designed to be integrated to ensure<br />
correct functionality<br />
Back-up power supplies<br />
Alternative networks available<br />
Vessel<br />
UNCREWED<br />
Vessel Access<br />
See Building<br />
security in<br />
Domain 2<br />
on page 39<br />
Equipment<br />
See equipment<br />
section on<br />
page 39<br />
Operations<br />
See operations<br />
in Domain 2<br />
on page 39<br />
Shoreside security<br />
Appropriate control for emergency<br />
services, pilots etc<br />
Secure dockside location with<br />
access control<br />
Domain Sub Domain Threat/Attack Vector Mitigation procedure<br />
Equipment security<br />
Control, network, <strong>and</strong> communications<br />
equipment located in secure, access<br />
controlled compartments<br />
Equipment Specification<br />
Suitable spare equipment level<br />
maintained<br />
Ensure equipment compliance with<br />
appropriate st<strong>and</strong>ards for cyber/<br />
communications etc<br />
Ensure adequate cooling<br />
Ensure adequate fire suppression<br />
system<br />
Robust access <strong>and</strong> security policy<br />
Appropriate training <strong>and</strong> qualifications<br />
Maintain environment appropriate to<br />
operations<br />
Vessel<br />
As for Crewed<br />
above<br />
Prior to deployment<br />
Full system checks <strong>and</strong> inspection for<br />
unusual devices<br />
Full IT <strong>and</strong> communications system<br />
checks for normal operations <strong>and</strong><br />
control<br />
Full system checks <strong>and</strong> inspection for<br />
unusual devices<br />
Operations<br />
Adequate back up control positions<br />
Reserve controllers available in event<br />
<strong>of</strong> illness etc<br />
Post deployment<br />
Full IT <strong>and</strong> communications system<br />
checks for normal operations <strong>and</strong><br />
control<br />
No unauthorised "Smart" devices in<br />
the operations area<br />
Equipment logs for equipment, serial<br />
no. etc<br />
Analyse all activity logs for anomalies<br />
44<br />
<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6<br />
<strong>MASS</strong> <strong>UK</strong> <strong>Industry</strong> <strong>Conduct</strong> <strong>Principles</strong> <strong>and</strong> <strong>Code</strong> <strong>of</strong> <strong>Practice</strong> Version 6<br />
45