====== UNOLS Internet Use Policy ====== **Revision: 2023-01-25** The U.S. Academic Research Fleet has established a consistent fleetwide policy for managing access to limited Internet resource on board UNOLS vessels. This policy aims to facilitate the functional, equitable and fair use of the Internet for all persons on board while ensuring the successful delivery of services necessary for science missions. The **primary purpose** of Internet resources provided on board **U.S. Academic Research Fleet** vessels is: * In support of the Funded Science Mission * In support of Vessel Operations All other uses, including personal use, is permitted on a **non-interference** basis with the primary purpose and within agreed upon Terms of Service as stated below. ===== Contact Info ===== Questions regarding this policy should be sent to: satnag@unols.org ===== Acceptable Use and Terms of Service ===== Persons onboard U.S. Academic Research Fleet vessels agree to the UNOLS Internet Use Policy and Acceptable Use and Terms of Service prior to using Internet resources. In addition to UNOLS policies, institutions operating Academic Research Fleet vessels may have additional terms of service and acceptable use policies. By using Academic Research Fleet network resources you agree to the terms of service of the UNOLS Internet Use Policy. Internet availability and capacity is provided with a best effort level of service. There are no guarantees that Internet access will be available at any given time and are not adequate for purposes concerning life and safety. ==== Cybersecurity ==== Persons using vessel Internet resources must follow the vessel's cybersecurity policy. ===== Abuse ===== Abuse of the UNOLS Internet Use Policy may result in revoking Internet access and reporting abuses to parent institutions. ===== Accounts ===== Internet access accounts are allocated on a per-person basis * Persons are accountable for the use of their accounts * Sharing account passwords or using another person's account is not permitted * Attempting to create multiple accounts is not permitted * Attempting to bypass or exceed allocated quotas is not permitted * Unauthorized access of network resources is not permitted ===== Devices ===== * Internet access may be limited to a certain number of devices per user at a time, at the discretion of the vessel operator. * Devices must be patched and updated with an up-to-date vendor supported operating system prior to putting devices on vessel networks. There is insufficient bandwidth to update devices once on vessel networks. * Devices must have updated virus protection software and/or device firewall protection prior to putting devices on vessel networks * Out-of-date, or end of life devices and operating systems should not be placed on vessel networks * Please email exceptions to satnag@unols.org ===== Monitoring ===== For the purposes of managing cybersecurity and limited Internet capacity it is necessary to monitor network usage to identify inefficiencies and high resource consumers, and cybersecurity threats. ===== Captive Portal ===== A Captive Portal is a means by which users are required to login with a username and password prior to granting Internet access. Captive portal access is the primary mode of Internet access for personal devices brought on board. * The number of active devices allowed per user may be limited at the operators discretion * Remember to log off when you are done using the Internet. Background processes can use bandwidth without your knowledge. ===== Captive Portal Accounts ===== Captive Portal Accounts are managed by each vessel operator. Please contact the respective vessel operator for Internet access accounts ===== Kiosks ===== Vessels commonly have public, science or operational kiosk systems configured with modified Internet access from which users can browse the Internet. Kiosk and clientless hosts should be limited to ~6 systems per vessel. ==== Public Kiosk ==== Shared login computers in open public spaces for use by anyone science or crew on a first come first served basis. ==== Science Use Computers ==== Typically a short list of transient science operations systems which are key to the mission and designated by the P.I. for a given cruise with a particular science need. ==== Operational Kiosk ==== Typically these are permanently installed computers on vessels in locations like the bridge, and engineering. Use of operational kiosk for personal Internet Access should be minimized in favor of Captive Portal Access or Public Kiosks. ===== Blocked Services ===== Several high bandwidth and/or high risk service may be blocked from Internet access regardless of Captive Portal or Kiosk systems. Some of these systems include: * Updates for Windows, Apple, and Android Devices * Cloud Storage and Backups: like Dropbox, iCloud, Crashplan, etc. * Disruptive services which negatively impact Internet service for science and vessel operations. **Exceptions for Science**: Please contact the operating institution for your vessel to coordinate Science mission related video streaming services such as outreach activities. This should be discussed with the vessel operating institution during the pre-cruise planning process. ===== Frequently Asked Questions ===== **How fast is the Internet onboard vessels?** Bandwidth varies by the class of the research vessel (number of berths). You can expect a //minimum// of 4Mbps on a global vessel, 2Mbps on an intermediate vessel, and 512kbps on a coastal/local vessel. This is 50x to 200x slower than a typical fiber-optic home internet connection and costs roughly 500x more. **Will my multi-factor authentication work at sea?** Multi-factor Authentication (MFA) is increasingly being used for secure logins. MFA can be problematic on ships using satellite internet. MFA that relies on SMS text-messages or voice calls will not work at sea. MFA that relies on push methods or email verification may or may not work. It is advised to use a offline supported method such as One Time Passcode (e.g. Duo or Authy OTP), or Security Key Devices (Yubikeys, etc). Be advised to test offline MFA methods prior to sailing by placing your mobile device in airplane mode. **Who pays for the Internet on Academic Research Fleet vessels?** The National Science Foundation (NSF) and Office of Naval Research (ONR) funds satellite based Internet services for the U.S. Academic Research Fleet. **Who is SatNAG?** SatNAG was formed in 2016 and has been funded and directed to review and advise NSF and ONR for ARF satellite communication considerations, and other technology directions which have broader impacts to the U.S. Academic Research Fleet. https://satnag.unols.org