IEC 63154:2021 specifies requirements, methods of testing and required test results where standards are needed to provide a basic level of protection against cyber incidents (i.e. malicious attempts, which actually or potentially result in adverse consequences to equipment, their networks or the information that they process, store or transmit) for: a) shipborne radio equipment forming part of the global maritime distress and safety system (GMDSS) mentioned in the International Convention for Safety of Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the Safety of Fishing Vessels as amended, and to other shipborne radio equipment, where appropriate; b) shipborne navigational equipment mentioned in the International Convention for Safety of Life at Sea (SOLAS) as amended, and by the Torremolinos International Convention for the Safety of Fishing Vessels as amended, c) other shipborne navigational aids, and Aids to Navigation (AtoN), where appropriate.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 2<\/td>\n | undefined <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Annex ZA(normative)Normative references to international publicationswith their corresponding European publications <\/td>\n<\/tr>\n | ||||||
| 7<\/td>\n | English CONTENTS <\/td>\n<\/tr>\n | ||||||
| 10<\/td>\n | FOREWORD <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | INTRODUCTION <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | Figure 1 \u2013 Some examples of data transfer <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 1 Scope 2 Normative references <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | 3 Terms, definitions and abbreviated terms 3.1 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 18<\/td>\n | 3.2 Abbreviated terms <\/td>\n<\/tr>\n | ||||||
| 19<\/td>\n | 4 Module A: Data files 4.1 General 4.2 Requirements 4.2.1 Transport integrity 4.2.2 Source authentication <\/td>\n<\/tr>\n | ||||||
| 20<\/td>\n | 4.3 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | 5 Module B: Execution of executables 5.1 General 5.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | 5.3 Methods of testing and required test results 6 Module C: User authentication 6.1 General 6.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 24<\/td>\n | 6.3 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 25<\/td>\n | 7 Module D: System defence 7.1 General 7.2 Malware protection 7.2.1 Requirements <\/td>\n<\/tr>\n | ||||||
| 28<\/td>\n | 7.2.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 30<\/td>\n | 7.3 Denial of service protection 7.3.1 Requirements <\/td>\n<\/tr>\n | ||||||
| 32<\/td>\n | 7.3.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 34<\/td>\n | 8 Module E: Network access 8.1 General 8.2 Equipment which connects to a network 8.2.1 Requirements 8.2.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 35<\/td>\n | 8.3 Equipment providing network access between controlled networks 8.3.1 Requirements 8.3.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 36<\/td>\n | 8.4 Equipment providing network access between controlled and uncontrolled networks 8.4.1 Requirements 8.4.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 37<\/td>\n | 9 Module F: Access to operating system 9.1 General 9.2 Requirements 9.3 Methods of testing and required test results 10 Module G: Booting environment 10.1 General 10.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 38<\/td>\n | 10.3 Methods of testing and required test results 11 Module H: Maintenance mode 11.1 General 11.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 39<\/td>\n | 11.3 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 40<\/td>\n | 12 Module I: Protection against unintentional crash caused by user input 12.1 General 12.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 41<\/td>\n | 12.3 Methods of testing and required test results 13 Module J: Interfaces for removable devices including USB 13.1 General 13.2 Requirements 13.2.1 Physical protection <\/td>\n<\/tr>\n | ||||||
| 42<\/td>\n | 13.2.2 Operational protection 13.3 Methods of testing and required test results 13.3.1 Physical protection 13.3.2 Operational protection <\/td>\n<\/tr>\n | ||||||
| 43<\/td>\n | 14 Module K: IEC 61162-1 or IEC 61162-2 as interface 15 Module L: IEC 61162-450 as interface 15.1 General 15.2 IEC 61162-1 sentences 15.3 IEC 61162-450 used for file transfer <\/td>\n<\/tr>\n | ||||||
| 44<\/td>\n | 16 Module M: Other interfaces 17 Module N: Software maintenance 17.1 General <\/td>\n<\/tr>\n | ||||||
| 45<\/td>\n | 17.2 Software maintenance in maintenance mode 17.2.1 Requirements 17.2.2 Methods of testing and required test results 17.3 Semi-automatic software maintenance by the crew onboard the vessel 17.3.1 General 17.3.2 Requirements <\/td>\n<\/tr>\n | ||||||
| 46<\/td>\n | 17.3.3 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 47<\/td>\n | 18 Module O: Remote maintenance 18.1 General 18.2 Requirements 18.3 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 48<\/td>\n | 19 Module P: Documentation 19.1 Requirements 19.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 49<\/td>\n | Annex A (informative)Guidance on implementing virus and malwareprotection on type approved equipment <\/td>\n<\/tr>\n | ||||||
| 51<\/td>\n | Annex B (normative)File authentication B.1 General B.2 Digital signatures B.2.1 Requirements <\/td>\n<\/tr>\n | ||||||
| 52<\/td>\n | B.2.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 53<\/td>\n | B.3 Symmetric means based upon pre-shared secret keys B.3.1 Requirements <\/td>\n<\/tr>\n | ||||||
| 54<\/td>\n | B.3.2 Methods of testing and required test results <\/td>\n<\/tr>\n | ||||||
| 56<\/td>\n | Annex C (informative)Methods of authentication of data files and executables \u2013 Examples C.1 General C.2 Explanations of terms C.3 Asymmetric cryptography <\/td>\n<\/tr>\n | ||||||
| 57<\/td>\n | C.4 Digital signatures <\/td>\n<\/tr>\n | ||||||
| 58<\/td>\n | C.5 Public key infrastructure C.5.1 General theory <\/td>\n<\/tr>\n | ||||||
| 60<\/td>\n | C.5.2 Notes about shipboard use C.6 Symmetric key authentication based on “pre-shared secret key” <\/td>\n<\/tr>\n | ||||||
| 62<\/td>\n | Annex D (normative)USB class codes Table D.1 \u2013 USB class codes <\/td>\n<\/tr>\n | ||||||
| 63<\/td>\n | Annex E (informative)Cyber security configuration document for equipment E.1 General for the document E.2 Document parts E.2.1 Hardening of the operating system E.2.2 Update strategy for cyber security reasons E.2.3 Strategies for detecting and reacting to future vulnerabilities <\/td>\n<\/tr>\n | ||||||
| 64<\/td>\n | Annex F (informative)Guidance on interconnection between networks F.1 General F.2 Guidance <\/td>\n<\/tr>\n | ||||||
| 65<\/td>\n | Figure F.1 \u2013 Examples for different types of network andassociated interconnecting devices <\/td>\n<\/tr>\n | ||||||
| 66<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Maritime navigation and radiocommunication equipment and systems. Cybersecurity. General requirements, methods of testing and required test results<\/b><\/p>\n |