Cybersecurity Drill: Scenario, Planning, and Post-Drill Report

1. Drill Scenario
**Scenario: Cyber Intrusion Leading to Navigation and Communication Disruption**
A malicious actor has gained unauthorized access to the ship’s network, causing disruptions
to navigational systems (ECDIS) and communication (email and satellite systems). The
ship’s crew must detect, contain, and report the breach while coordinating with the shore
office for mitigation.

2. Drill Objectives
• Assess the crew’s ability to detect and respond to a cyber intrusion.
• Test communication protocols between ship and shore.
• Ensure backup procedures are in place for critical systems.
• Identify vulnerabilities in the cybersecurity response plan.

3. Drill Planning

Pre-Drill Preparation
**Ship Side:**
✔ Inform key personnel about the drill (Master, Chief Engineer, ETO, IT Officer).
✔ Ensure backup systems (manual charts, alternative communication) are ready.
✔ Review cybersecurity procedures and response checklists.

**Shore Side:**
✔ IT department sets up a simulated cyber threat (e.g., phishing email, malware attack).
✔ Incident Response Team (IRT) is on standby for coordination.
✔ Ensure reporting and escalation mechanisms are functional.

Drill Execution Steps

**Phase 1: Incident Detection**
- Crew notices anomalies in ECDIS and communication system failures.
- ETO and IT officer conduct initial troubleshooting but find unauthorized network activity.
- Suspicious email received by crew members, potentially containing malware.

**Phase 2: Containment & Initial Response**

- ETO isolates the affected systems from the ship’s network.
- Master informs the shore team via alternative communication (VHF, Sat phone).
- Crew reverts to manual navigation and alternative communication methods.

**Phase 3: Shore Response & Coordination**

- Shore IT team analyzes logs to verify the cyber breach.
- Incident Response Team (IRT) advises ship on further isolation steps.
- Cybersecurity team monitors for further intrusions and initiates recovery procedures.

**Phase 4: Recovery & Reporting**

- IT team assists ship crew in restoring secure backups.
- Affected systems are gradually brought back online after clearance.
- Incident report is prepared, outlining the cause, response, and lessons learned.

4. Post-Drill Report
**Drill Details**
- **Drill Name:** Cyber Intrusion Leading to Navigation and Communication Disruption
- **Date of Drill:** [Insert Date]
- **Location:** [Ship Name] & [Shore Office Location]
- **Participants:**
- Ship Crew: Master, Chief Engineer, ETO, IT Officer, Navigation Team
- Shore Team: IT Department, Incident Response Team (IRT), Operations Manager
- **Drill Coordinator:** [Name of Coordinator]

**Key Findings**
- **Strengths:**
✔ Quick detection by ship’s IT Officer and ETO.
✔ Effective communication between ship and shore.
✔ Successful containment and recovery procedures.

- **Areas for Improvement:**

✖ Need for additional crew training on phishing and social engineering threats.
✖ Backup systems took longer than expected to restore.
✖ Faster response from shore IT team needed for real-time analysis.

**Recommendations & Action Plan**

- Conduct periodic cybersecurity awareness training for ship crew.
- Implement a faster escalation process for shore IT response.
- Review and enhance backup and recovery procedures.
- Test alternative communication methods regularly.

**Conclusion**
The cybersecurity drill was successfully executed, demonstrating the crew’s ability to detect
and respond to a cyber threat. While communication and containment were effective,
improvements in training, response speed, and backup restoration are recommended.
Follow-up actions will be taken to strengthen cybersecurity measures onboard.

**Approved by:**
[Name]
[Designation]
[Company Name]
[Date]