Industry publishes updated cyber guidelines for vessels
The updated guidance aims to improve the safety and security of seafarers, the environment, the cargo, and the ships and assist in the development of a proper cyber risk management ...
Maritime Cyber Security admin today29 December 2020
Every business and every individual can be subject to cyber threats. Cyber-crime is a massive business; hackers are very well-organized, and they put a lot of time and effort before launching a cyber-attack. The last couple years, cyber security has become a significant challenge for the maritime industry as well. In this regard, IMO took the decision to embed cyber security into Safety Management Systems; not much time has left for this new requirement and one thing is for sure: from next year, a new era begins for ship operators.
Even though we have witnessed several cyber attacks during the last years, cyber-criminal activities seem to have increased, exploiting the vulnerability of users working from home. In this context, The Nautical Institute hosted a Cyber Security webinar in November which referred to the new cyber-attack trends. These are the following: malware attacks, encrypted threats, crypto jacking, intrusion attempts, ransomware attacks and IoT malware. So, what shipping players should be doing in order to name themselves as cyber-secured?
According to Resolution MSC.428(98), operators need to ensure that their existing SMS appropriately address cyber risks by their 2021 annual verification. The risks as explained above are too many. With MSC-FAL 1/ Circ 3, IMO provides guidelines which consist of six pages and provide detailed recommendations on maritime cyber risk identification and management to safeguard shipping from current and emerging cyber threats and vulnerabilities.
The recommendations are designed to be incorporated into existing SMS manuals and procedures and associated ISPS systems so as to update and enhance these processes. ‘’The overall goal is to support safe and secure shipping, which is operationally resilient to cyber risks.’’, IMO explains.
In particular, IMO issued “Guidelines on Maritime Cyber Risk Management”, to provide the required guidance on how a Company should respond to MSC. 428 (98), with reference to the following:
Key Items to be addressed
Safety Management System is the key document of every shipping company, explaining how to conduct safe operations, based on the ISM code and the required policies for safe operations, protection of people, ship, cargo and environment. In essence, SMS are dynamic systems, meaning that they need to adapt to new requirements and address current needs and possible risks.
Addressing cyber risks in Safety Management System, requires additional focus, a new approach and more interaction between company and vessels. The real focus point of the system is to achieve the protection of Company (office) and onboard installed systems from cyber threats (of any kind). The aim is to have specific procedures in place and a cyber security culture to minimize the possibility of being attacked or affected by an attack. Additionally, operators can create response technics to overcome challenges from a cyber attack, ensuring continuity of operations.
The new IMO requirements can either addressed as a stand-alone system (Cyber Security Management Plan as part of existing SMS) or a revised SMS which will incorporate all required steps.
Steps required
Office/Ship interaction
It is highly recommended to follow the practice of ship shore drills with cyber scenarios. The Guidelines on Cyber Security Onboard Ships produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI, version 4.0 include useful real life incidents that can be used as sample scenarios for such drills.
Additionally as COVID-19 outbreak has altered operations, more and more Companies now use remote inspections and audits to monitor their managed vessels. These actions require procedures that can affectively produce monitoring results but simultaneously protect the systems used to conduct such operations.
Actions required
Ship Managers should:
Seafarers and Office personnel should:
The industry is currently fighting with the thought whether operators are ready or not to comply. One way or another, from January 1st of January 2021, SMS will feature a new requirement, resulting to increased awareness over cyber security which is a critical issue as we have accelerated our path towards digitalization.
Source: safety4sea.com
Written by: admin
Maritime Cyber Security admin
The updated guidance aims to improve the safety and security of seafarers, the environment, the cargo, and the ships and assist in the development of a proper cyber risk management ...
Mitek ltd
Triq Ir Rampa
Balluta Terrace
Block 10 Flat A6
San Julian
Malta
Copyright 2020 @ MitekCyber
WhatsApp us
Post comments (0)