Risk Assessment and Job Hazard Analysis Form Doc No: FM0013N

Version: 23
Forms

Save Form Email

Refer to: Hazards and Control Measure Examples

Team Master CE and SSO,
Vessel name: Seletar Spirit
composition: Shore Team and IT, all
Task name: Cyber security crew

Date: October 2018

Supervisor: Master

Step Descriptio Identify the following: Measures that are required to be put Residual Residual Residua Measures
No. n of task i. Hazards in place to prevent and/or minimize Consequenc Likelihoo l are in
step the severity of the injury or damage. e d Risk place.
ii. Who or what may be injured,
Consequences X Likelihood = (Signature
damaged or result in a loss
Risk )
iii. How would this happen.
1. Syetem i. Obsolete and unsupported operating Keep the operating system and software 4 1 4
updates systems/ software updated to the latest version/ patch released by
the developer.
ii. Ships server, computers
iii. Ransomware, malware, virus attack

2. Fire wall i. Ineffective firewall Firewall to be set up to provide maximum 4 1 4

updates security such that external access could be

UNCONTROLLED DOCUMENT Page 1 of 5

Risk Assessment and Job Hazard Analysis Form Doc No: FM0013N
Version: 23

ii. Ships server, computers prevented.

iii. Ransomware, malware, virus attack.
Computers connected to external network
could be accessed by hackers.

3. Password i. Weak passwords Passwords to be strong, containing alpha- 4 1 4

updates ii. Ships computers numeric characters and symbols.

iii. Unauthorized access to the computers Passwords to be protected from viewing by

unauthorized persons.

i. Allowing access through crew accounts 4 1 4

Crew was trained and instructed to renew
ii. Ship's computers passwords as required
iii.Crew unaware of requirement for periodical
password change

4. Network i. Lack boundary protection measures and Network to be set up with adequate barriers/ 4 1 4
Updates segmentation of networks protections.

ii. Ships server, computers Two-step authentications to be known how to

use.
iii. Ransomware, malware, virus attack
All data should be backed up in an independent
storage

5. Antivirus i. Outdated or missing antivirus software and Antivirus software to be kept updated at all times 4 1 4
Updates protection from malware
ii. Ships server, computers
iii. Corruption of data due to virus/ malware

6. Use of i. Personal laptops, tablets, USB memory Scan Personal laptops, tablets, USB memory 4 1 4
Removable sticks of external parties (surveyors, sticks for viruses and malware before
Media devices connecting to on-board computers - Information
onboard technicians etc.) connected to on-board technology/ operational technology (IT/ OT).
computers.
ii. Ships server, computers

UNCONTROLLED DOCUMENT Page 2 of 5

Risk Assessment and Job Hazard Analysis Form Doc No: FM0013N
Version: 23

iii. Malware and virus attack

i. Infecting ship's network by forreign USB Shore personnel must be allowed to use only 4 2 8
drives standalone computers for reading/printing files
ii. Ship's computers,server on board

iii. Allowing shore personnel to use LAN

connected computers for reading and printing
files from their USD flash drives

i. Infecting ship's network by forreign USB Officer on watch in CCR or on Bridge instruced
drives always to scan external USB drives before 4 1 4
ii. Ship's computers,server opening.
iii. Not scanning external flash drive with any
virus program before use. Even on stanalone
stations

7. Receving i. Phishing through emails containing Receiving emails only from the whitelisted email 4 1 4
Phishing mails hyperlinks to fake websites. Infected SPAM ids. Open emails or open attachments from
and or SPAM will automatically deleted by the firewall. senders that you know and trust. Crew email
computers should not be connected to any
ii. Ships server, computers safety critical system on board.
iii. Corruption of vulnerable data from ship's All crew to be briefed not to click on links and
computers attachments from unknown sources. Welcome
Onboard familiarization to be completed,
including Cyber security awareness.
External WI_Fi never to be used for company
emails or downloads unless protected by VPN

i. Infecting ships/corporate network by phishing Subject is regularly delivered to crew for 4 1 4

e-mails increasing awareness and vigilance and
ii. Ship's and shore computers reporting if such e-mails are received.
iii. Crew unaware of phishing e-mail existance
and lack of training

UNCONTROLLED DOCUMENT Page 3 of 5

Risk Assessment and Job Hazard Analysis Form Doc No: FM0013N
Version: 23

8. ECDIS Update i. Use of unscanned USB for data transfer on USB dedicated for use with ECDIS should be 4 1 4
by USB. ECDIS maintained on board.

ii. Ships server, computers

iii. Corruption of ECDIS chart data

i. Unauthorized access to ECDIS USB ports USB locks received and installed. Lock key in 4 1 4
possesion of Master and Nav.Officer only
ii. ECDIS and Server
iii. Meanss for locking USB ports not available

9 Crew training i. Lack of knowledge or misunderstanding of Cyber security video and presentation shown to 4 1 4
the concept of Cyber security all crew. Discussion carried out and crew
ii. Ship's computers confirmed understanding on all asspects as per
SP2266
iii.Insufficient traiing

i. Complacency as to phishing or pharming e-

mails During regular training it is reiterated that crew
must be very vigilant as to various attractive
ii. Ship equipment offers that might be received, asking to follow
iii. Insufficient traing web links or other actions that may expose
ship's systems

Master: Kiro Dzhedzhev Senior Officer : Deepak Gupta

Person in Name Signature Name Signature

Charge **:

Name Signature
Note: The degree of risk is based on an evaluation of severity and likelihood. For guidance on how to calculate the degree of risk, refer to Health, Safety, and
Environmental Hazard databases, Risk Matrix and the Risk Assessment & Job Hazard Analysis.

UNCONTROLLED DOCUMENT Page 4 of 5

Risk Assessment and Job Hazard Analysis Form Doc No: FM0013N
Version: 23

**Person in Charge’s signature indicates that the hazards, risks and control measures associated with the task have been reviewed with all persons involved
in performing the task.

**The Consequences and Likelihood columns are for the RESIDUAL consequence and likelihood AFTER counter measures have been put in place.

File in binder C/O #5

UNCONTROLLED DOCUMENT Page 5 of 5