Part of the RESPOND Playbook ← Return to Hub

Internal Crisis Communication

Response Objective: To provide the Master and Senior Officers with clear, non-technical situational awareness to support decision-making regarding vessel safety and navigation.

In a cyber crisis, communication failure is often more dangerous than system failure. The ETO must provide a Cyber SITREP (Situation Report) that tells the Master exactly what they need to know: What is broken, what is at risk, and what is being done.

The “Plain Language” Rule

When briefing the Bridge, avoid acronyms like “VLAN” or “Lateral Movement.” Use operational analogies that reflect the ship’s physical safety.

Avoid (Technical) Use (Operational)
“We have lateral movement in the iDMZ.” “The infection is spreading from the office computers toward the machinery controls.”
“Implementing a port-shutdown on the core.” “I am cutting the link between the Bridge and the Engine Room to protect the engines.”
“ECDIS 1 is showing a logic bomb.” “ECDIS 1 is unreliable and may give false data. Use ECDIS 2 or Paper Charts.”

Recommendation to Shutdown

If you identify a scenario involving physical danger or backup corruption, you must immediately advise the Master to power down. Do not wait for the scheduled SITREP.

Refer to the “Red Line” Criteria for the specific technical triggers required to justify an emergency power-down.

→ View Emergency Shutdown Rules

The Cyber SITREP Template

Deliver a SITREP every 30-60 minutes during an active Level 3 incident. Use this 4-point structure:

1. Current Status

Identify which systems are 100% compromised, which are degraded, and which remain clean.

2. Safety Impact

Status of essential services: Steering, propulsion, and shore communication integrity.

3. Actions Taken

“Isolated the Crew Wi-Fi and disconnected the SATCOM link to stop data theft.”

4. Next Steps

“Verifying the integrity of the Engine Control backups before attempting a restore.”

Communication Channels

If the network is compromised, use “Out-of-Band” channels to avoid attacker monitoring:

  • Primary: Face-to-face briefings or handheld UHF/VHF radios.
  • Secondary: Sound-powered telephones (Bridge-to-Engine Room).
  • Emergency: Personal mobile via 4G/5G (if near coast) to bypass ship’s VSAT.

Master’s Advisory

The ETO informs; the Master decides. If the ETO recommends isolating the Bridge network, the Master must confirm that the current navigational environment (e.g., heavy traffic) allows for a temporary loss of electronic monitoring.

Next Section

Regulatory & Shore-Side Reporting

Regulatory & Shore-Side Reporting Response Objective: To fulfill legal and company obligations by providing timely, accu...

Scroll to Top