ASTM_F_3286_-_17.pdf

Designation:F328617Standard Guide forCybersecurity and Cyberattack Mitigation1This standard is issued under the fixed designation F3286;the number immediately following the designation indicates the year oforiginal adoption or,in the case of revision,the year of last revision.A number in parentheses indicates the year of last reapproval.Asuperscript epsilon()indicates an editorial change since the last revision or reapproval.1.Scope1.1 This guide addresses the company or government orga-nizational need to mitigate the likelihood of cyberattacks andreduce the extent of potential cyberattacks,which can leavesensitive personal data,corporate information,and criticalinfrastructure vulnerable to attackers.1.2 These recommendations are meant to serve as a guide-line for corporate and government organizations to adopt forthe protection of sensitive personal information and corporatedata against hackers.1.3 Cybersecurity and cyberattacks are not limited to themaritime industry.With greater advancement in computer andinformation technology(IT),cyberattacks have increased infrequency and intensity over the past decade.These advance-ments provide hackers with more significant tools to attackvulnerable data and communication infrastructures.Cyberat-tacks have become an international issue to all governmentsand companies that interact with each other.1.4 Cybersecurity and the safety of cyber-enabled systemsare among the most prevailing issues concerning the maritimeindustry as well as the global economy.Cyberattacks couldaffect the flow of trade or goods,but operator errors incomplex,automated systems may also cause disruptions thatmay be mitigated with proper policies and personnel training.1.5 This guide is meant to provide strategies for protectingsensitive data onboard vessels and offshore operations.1.6 This standard does not purport to address all of thesafety concerns,if any,associated with its use.It is theresponsibility of the user of this standard to establish appro-priate safety,health,and environmental practices and deter-mine the applicability of regulatory limitations prior to use.1.7 This international standard was developed in accor-dance with internationally recognized principles on standard-ization established in the Decision on Principles for theDevelopment of International Standards,Guides and Recom-mendations issued by the World Trade Organization TechnicalBarriers to Trade(TBT)Committee.2.Referenced Documents2.1 Federal Standards:246 CFR 140.910 Equipment3.Terminology3.1 Definitions:3.1.1 access control,npractice of selective limiting of theability and means to communicate with or otherwise interactwith a system,use system resources to handle information,gain knowledge of the information the system contains,orcontrol system components and functions.3.1.2 application programming interface,API,nset ofroutines,protocols,and tools for building software and appli-cations.3.1.3 botnet,nnumber of internet-connected computerscommunicating with other similar machines in which compo-nents located on networked computers communicate andcoordinate their actions by command and control or by passingmessages to one another.3.1.4 capability,nability to execute a specified course ofaction.3.1.5 communications,nmeans for a vessel to communi-cate with another ship or an onshore facility.3.1.6 compression,nreduction in the number of bitsneeded to store or transmit data.3.1.7 cybersafety,nguidelinesandstandardsforcomputerized,automated,and autonomous systems that ensurethose systems are designed,built,operated,and maintained soas to allow only predictable,repeatable behaviors,especially inthose areas of operation or maintenance that can affect human,system,enterprise,or environmental safety.3.1.8 cybersecurity,nactivity or process,ability orcapability,or state whereby information and communicationsystems and the information contained therein are protectedfrom and defended against damage,unauthorized use ormodification,or exploitation.1This guide is under the jurisdiction of ASTM Committee F25 on Ships andMarine Technology and is the direct responsibility of Subcommittee F25.05 onComputer Applications.Current edition approved Dec.1,2017.Published January 2018.DOI:10.1520/F3286-17.2Available from U.S.Government Printing Office,Superintendent ofDocuments,732 N.Capitol St.,NW,Washington,DC 20401-0001,http:/www.access.gpo.gov.Copyright ASTM International,100 Barr Harbor Drive,PO Box C700,West Conshohocken,PA 19428-2959.United StatesThis international standard was developed in accordance with internationally recognized principles on standardization established in the Decision on Principles for theDevelopment of International Standards,Guides and Recommendations issued by the World Trade Organization Technical Barriers to Trade(TBT)Committee.1 3.1.9 data assurance,nperception or an assessment ofdatas fitness and integrity to serve its purpose in a givencontext.3.1.10 data,nquantities,characters,or symbols on whichoperations ar