What’s in the Standard
This document applies to passenger ships, cargo ships, mobile offshore units, high speed craft, and fixed or floating offshore production assets. If requested, ABS will certify the cybersecurity program of any vessel and its associated facilities in accordance with this Guide.
The authors of the document stress that blanket application of Information Technology (IT) management principles to an OT system is “not only sub-optimal, but may very well be hazardous”. Operators must have an understanding of the differences between OT-specific maritime cybersecurity and IT practices and their appropriate application. Ships and facilities that implement their own cyber policies and procedures must distinguish between managing an OT network or system versus traditional IT security methods.
The best practices matrix for implementation are located in a Capability Matrix: unidirectional gateways are mentioned in reference to protecting critical components or systems under (#32) Exercise Communications Management.
When it comes to the distinction between protecting OT systems vs. protecting IT systems – these guys get it. They understand industrial systems and the need for a different approach with OT security versus IT security and the potential for grave consequences if IT protections are employed.
Unidirectional gateways are mentioned as an Operational Technology best practice in exercising communications management in data reporting from critical systems.