• no one locks their computers. ever. vessel operators or resident EPCs. i've never seen a computer lock itself from Group Policy enforced idle limits (other than our own)
  
• no doors, cabinets, cupboards or lockers are ever locked, with the exception of the lock-out/tag-out master lock safe. everything else is accessible by anyone
  
• of all the vessels i've been on only one has advised to having CCTV cameras however the chief sec officer admitted that the quality of the footage from these cameras was too poor to make out ppls faces.
  
• you can use anyone's computer and no one says poo poo. say i'm the client and i walk up to one of the vessel operator's computers, which is on a different net, and try to use it. no one will say poo poo and i've had ppl politely wait until i was finished doing w/e i felt like
  
• you can go wherever you want. offices, ops bridge, nav bridge/room, equipment/comms rooms. many of them have signs on them saying "no unauthorised entry" but all of those are accessible and no one will ask you any questions if you are there. the only places you cant really go are ones which involve a significant HSE component (mechanical/engine rooms and voids/confined space).
  
• you can touch whatever you want. i've personally brought down primary VSAT comms for a vessel because i was allowed unattended into a core comms area and their poo poo was not properly labelled and i was not escorted by someone who was properly apprised as to the intricacies of the bs rats nest of cabling. sure i gone hosed up but despite my trying there was no one to escort me into this area or advise me that the cable i was janking was for the VSAT.
  
• this is kinda a general housekeeping gripe but semi opsec related: patch panels are always unequivocally absolute loving messes. every single vessel i've been on has had absolute garbage patch areas with insufficient cable mgmt and poor prior cabling by the operators/fitters.
  
• vessel operators rarely ever have an "IT" guy deployed on-board. usually they'll have a chief electrician with one or more underlings who are only versed in general Layer 1 Ethernet plus maybe single/multi-mode fibre plus more than likely only coax. normally the operators rely on someone onshore (usually several continents away) with Layer 2+3 and server experience to render support and apprise them as to the operability of IM&T systems onboard.
  
• no one asks why you are in a space. you can be in server rooms/elec equip rooms with expensive gear that doesn't belong to you and no one will ever ask why you are in that space if they see you. i've been in situations where i'm enthusiastically unplugging poo poo and there are employees of the vessel operator in the same room and they do not care.
  
• this is more HSE but as an expansion on the above, no one cares whether you have a permit-to-work or engages stop-work authority if you're doing "IT" stuff. this is an endemic problem across the whole industry where indoors IM&T activities are not usually considered to fall under ISSOW but fuckin hell they should because it's dangerous and gently caress you
  
• PII is left everywhere. critical and important information is also left lying all over the loving place
  
• Win XP is alive and well in vessel bridge systems, particularly Kongsberg DP systems (But prolly more, Kongsberg is a quite yet diverse and very important corp for offshore vessel poo poo)
  
• the vessel operator networks rarely ever implement any Layer 2 security. at a minimum they'll do MAB with ACS. but usually it's no 802.1x, no BPDU guard and no DHCP snooping. i have seen serious issues arise from people bringing consumer network devices on-board and connecting them to the operator network
  

• MODU operators will often engage third-parties to provide MWD (Measurement While Drilling) services. this usually involves deployment of terminals which display drilling data in offices around the vessel (e.g. OIM offie, CSR office, tool pusher office, geo office, senior drilling supervisor (SDSV), etc.). the third-parties who deploy the MWD systems and the terminals often insist on establishing their own network which more often than not consists of a garbage netgear/tplink/belkin layer 2 unmanaged switch which the MWD feed (From either wireline unit or the drill) is connected along with the MWD terminals which display the data. there is zero security on this network and if someone got on it and injected lovely MWD data they could convince the SDSV to make an extremely dangerous decision. btw from what i've observed these MWD systems have no "secondary feeds" for providing a reference source.
  

Pile Of Garbage fucked around with this message at 16:41 on Jun 17, 2017

Pile Of Garbage fucked around with this message at 19:08 on Jun 17, 2017