Maritime Security Test 2
Security Incident
Any suspicious act or circumstance threatening the security of a ship, including a mobile offshore drilling unit and a high-speed craft, or of a port facility or of any ship/port interface or any ship-to-ship activity.
BMP4 stands for?
Best Management Practices for Protection against Somalia Based Piracy
Legal implications of action/non action
No VSO has gotten in legal trouble for trying to do their job
T/F The USCG supported the ISPS in the wake of 9/11
True
T/F The ship security assessment comes before the ship security plan.
True
T/F The vessel must operate at least as high a level as the port it is calling.
True
T/F armed guards aboard ships is a controversial issue?
True
_______ was lead agency for USA at IMO ISPS convention
USCG
Vessel Security Logs include:
i. training, drills and exercises; ii. security threats and security incidents; iii. breaches of security; iv. changes in security level; v. communications relating to the direct security of the ship such as specific threats to the ship or to port facilities the ship is, or has been, in vi. internal audits and reviews of security activities; vii. periodic review of the ship security assessment; viii. periodic review of the ship security plan; ix. implementation of any amendments to the plan; and x. maintenance, calibration and testing of any security equipment provided on board, including testing of the ship security alert system
Vessel Security Plans require an ______ audit or if there has been a change in ________ or substantial structural modifications
annual/ownership
An Exercise is completed ___________
annually
A vessel must operate _______________ the security level of the port
at or above
Sensitive Security Information is :
information that, if publicly released, would be detrimental to transportation security
What is the objectives of drills and excercises?
ensure that shipboard personnel are proficient in all assigned security duties at all security levels and the identification of any security-related deficiencies which need to be addressed
UK government experiment; As vessel entered jamming zone, these failed=
i. DGPS ii. AIS iii. DP system iv. Gyro v. Digital selective calling system
Motivations of Cyber criminals
i. Stealing money ii. Moving cargo (theft) iii. Stealing data iv. Causing disruption
DoS may be signed by who?
master or VSO
Vessel security Log must be kept by the __________ for at least
vso/2 years
F. Early rudimentary "spoofing" aka "__________" - shipwreckers of 1700's
wrecking
What is Spoofing?
A person or program successfully masquerades as another by falsifying data
________ accelerated the implementation of ISPS/MTSA
AIS
What is the statement regarding armed guard aboard ships and their effectiveness?
"No ship has ever been taken that had armed guards on board"
Regarding SSI, you must:
- Lock up all SSI - Destroy SSI when no longer needed - Mark SSI
Breach of Security
An incident that has not resulted in a transportation security incident, in which security measures have been circumvented, eluded, or violated.
Standing Guidance / Recommendations
- Vessel Security Plan - Best Management Practices (BMP4) - MSC Circulars - BIMCO guidance; GUARDCON - Nautical Institute
What caused the speed up and development of the ISPS
-9/11 -Bombing of the french oil tanker LIMBURG
What are resources for "current intel"
-Office of naval intelligence ONI -International Maritime Bureau IMB -USCG Port Security Advisories -Marine Security Review -Combined Maritime Forces CMF -Oceans Beyond Piracy -ReCAAP
What are some significant results of ISPS/MTSA? (At the ship/mariner level)
-SSAS -AIS -TWIC
What is an Exercise
A comprehensive training event that involves several of the functional elements of the vessel security plan and tests communications, coordination, resource availability, and response
Costs associated with a piracy incident (6)
1. Injury/death of personnel 2. Damage or loss of vessel(~100m) 3. Damage of cargo 4. Time off hire 5. Damage to corporate reputation 6. Time/expense of overall crisis management process
What are the sensitive security information(SSI) requirements?(4)
1. Mandates specific and general requirements for handling and protecting SSI 2. Lock up all SSI 3. When the information is no longer needed, destroy SSI 4. Mark SSI
Costs associated with Anti-piracy measures include (7)
1. PMSC(4-8k) 2. lost hours/days for diverting 3. fuel for diverting 4. Insurance 5. equipment 6. labor associated with deployment of equipment 7. loss of man hours to routine functions
What are the recommendations to mitigate cyber threats according to THE NAVIGATOR(11)?
1. Take initiative VSP, SMS, everyday routine 2. Virus Protection 3. Data Protection 4. Susceptible to Attack 5. Connecting personal devices to ship systems 6. App awareness 7. Social media 8. Jamming and Spoofing 9. Knowing that every ship will have different risk and levels of risk 10. Vulnerable systems including cargo, bridge, propulsion, and all external communication systems 11. Using shipboard USB ports for charging cell phones
What is the main objectives of the ISPS?(4)
1. detect security threats and implement security measures 2. Establish roles and responsibilities concerning maritime security 3. Collate and promulgate security-related information 4. Provide a methodology -for security assessments -plans -procedures to react to changing security levels
What percentage of revenue is the yearly cost of anti-piracy efforts?
15-25%
SOLAS amendments 1983- 1985- 1986- 1988- Which incident caused these reforms?
1983 - Piracy and Armed Robbery against ships 1985 - Unlawful acts which threaten safety of ships and security of passengers 1986 - Unlawful acts against Passengers and Crew aboard ships 1988 - suppression of unlawful acts against the safety of maritime navigation Achille Lauro
How much was the estimate yearly cost of anti-piracy industry wide, according to INTERTANKO?
2.2-2.3 billion
If more than ____% crew changes, a drill must be conducted
25
A drill must be completed every _________ or when over _____% of the crew changes
3 months/25
MTSA is found in
33CFR-subchapter H-Parts 104 and 105
DoS is valid for:
5 years
Ship Security Certificates are valid for:
5 years
What is a drill?
A training event that tests at least one component of the vessel security plan and is used to maintain a high level of security readiness
A.B.S. class notations for Cyber Security CS3:
Adaptive Cybersecurity Implementation
SSI is NOT ___________
Classified
CFR
Code of Federal Regulations
Who is responsible for the Ship Security Assessment?
Company security officer
An agreement reached between a ship and either a port facility or another ship with which it interfaces, specifying the security measures each will implement
Declaration of Security
Created captains of the port. During WWI
Espionage Act of 1917
_______ does not promulgate security levels
IMO
TWIC is not required by _______
ISPS
ISPS is found:
In chapter XI-2 of solas
A.B.S. class notations for Cyber Security CS1:
Informed Cybersecurity Implementation
Once the VSA and VSP are in place then the ship can apply for ________
International Ship Security Certificate
ISPS and the difference between part A and B
International Ship and Port Facility Security Code -Part A is mandatory -Part B is recommended
What is the Port Facility
Location determined by government or designated authority where port interface takes place. Includes areas such as anchorages, waiting berths and approaches from seaward
Government Activity: MFIC's
Maritime Intelligence Fusion Centers
Government Activity: MOTR Process
Maritime Operational Threat Response
Government Activity: MSSPs
Maritime Safety and Security Personnel
MTSA
Maritime Transportation Security Act
According to BMP4, what is the policy regarding AIS in high risk areas?
Master's discretion to switch off the AIS but is recommended to be left on for Naval/Military to be provided with tracking information.
Who is the CSO
Means the person designated by the Company for ensuring that a SHIP SECURITY ASSESSMENT is carried out; that a ship security plan is developed, submitted for approval, and thereafter implemented and maintained, and for liaison with port facility security officers and the ship security officer.
Who is the Port Facility Security Officer?
Means the person designated by the Company for ensuring that a ship security assessment is carried out; that a ship security plan is developed, submitted for approval, and thereafter implemented and maintained, and for liaison with port facility security officers and the ship security officer.
Who is the VSO
Means the person on board the ship, accountable to the master, designated by the Company as responsible for the security of the ship, including implementation and maintenance of the SHIP SECURITY PLAN, and for liaison with the company security officer and port facility security officers.
ISPS initially made no direct mention of:
Piracy or Cyber Threats
MARSEC levels ares set by the:
Port Facility Security Officer
PMSC stands for?
Private Maritime Security Company
A.B.S. class notations for Cyber Security CS2:
Rigorous Cybersecurity Implementation
SOLAS
Safety Of Life At Sea
Gave Captains of the port control of anchorages and movement of any vessel in the navigable waters of the US. Put the COTP in charge with security of US ports. Created in WWII.
Safety of Naval Vessels Act of 1941
What is the SSAS
Ship Security Alert System;panic button
______________ must be completed before the Ship Security Plan
Ship Security Assessment
What are some significant results of ISPS/MTSA? (VSO/CSO,FSO requirements)
VSO/CSO/FSO requirements -Training of VPDSDs -Drills/excercises -security incident recognition/reporting -Knowledge of MARSEC level -Est/adjustment of vessel security level -Declaration of security -security equipment -handling security sensitive information
What is the ISPS definition of "Port Facility"
a location, as determined by the contracting government or by the designated authority, where the ship/port interface takes place. This includes areas such as anchorages, waiting berths and approaches from seaward, as appropriate
What is the Declaration of Security
an agreement reached between a ship and either a port facility or another ship with which it interfaces, specifying the security measures each will implement.
What is a Recognized Security Organization
an organization with appropriate expertise in security matters and with appropriate knowledge of ship and port operations authorized to carry out an assessment, or a verification, or an approval or certification activity, required by this chapter or by part A of the ISPS Code.