How should a BDOC respond to a suspected cyber intrusion affecting sensors?

• A. Isolate affected systems, switch to backups, preserve evidence, notify command, and initiate cyber incident response plan.
• B. Ignore the anomaly and continue operations.
• C. Power down the entire ship immediately.
• D. Only document the event and wait for further orders.

Answer: (A)

Responding to a suspected cyber intrusion affecting sensors requires immediate containment, continuity, and coordinated escalation. The best action is to isolate the affected systems to stop further spread, switch to backups to maintain sensor capability and keep operations running, preserve evidence for forensics to determine how the intrusion occurred and its scope, notify the chain of command so leadership can coordinate with cyber and operational teams, and initiate the cyber incident response plan to activate established playbooks, assign roles, and document the response. This approach protects critical sensing, maintains mission capability, and provides a structured, auditable path for containment and recovery. Ignoring the anomaly, powering down the entire ship immediately, or only documenting and waiting for orders fail to contain the threat, risk loss of crucial data, and delay coordination plus recovery.