emailNEED HELP? info@mitekltd.com

IMO Resolution

Background

THE NEW MANDATORY CYBERSECURITY REQUIREMENTS FOR ALL SHIP OWNERS


In the face of emerging cybersecurity threats to the industry and with the MSC resolution in mind, IMO has taken the decision to incorporate mandatory cybersecurity requirements into the International Safety Management Code, ISM.

As of January 1, 2021, cybersecurity must be addressed by all players in the shipping industry and incorporated into their Safety Management Systems, SMS.

One organisation which was quick to respond to these new circumstances was the Oil Companies International Marine Forum, OCIMF. Beginning in January 2018 the OCIMF updated Tanker Management and Self Assessment, TMSA, version 3, with a 13th Performance Element. This new element deals specifically with cybersecurity.

What do developments like these mean for the worldwide maritime sector? More specifically, what does the ISM Code, a SOLAS requirement, and TMSA version 3, best industry practice, require when it comes to preventing cyber crime at sea?



WHAT DOES THE ISM CODE SAY ABOUT INFORMATION SECURITY REQUIREMENTS?


The ISM Code requires modification to a company’s SMS and should now include the following.

    • Cybersecurity measures to be adopted in the company´s Health, Safety & Environment, Security & Equality / HSES&Q Policy Statement.
    • Risk assessments of all OT and IT systems onboard and ashore
    • Policy in place for the uses of removable storage.
    • Policy and procedure in place regarding network communications and WiFi for vessel crews.
    • Policy and procedure in place for monitoring and updating navigation and communication systems.
    • Policy in place regarding authorization criteria for remote connections.
    • Inventory of all OT systems.
    • Internet access policy in place outlining restrictions relating to operations currently being performed onboard.
    • Contingency Plans for Emergency Response developed and in place.
    • Items identified by TMSA and listed below.

In order to comply to ISM Cyber Security requirements and develop specific analysis six steps have to be followed:




HOW CAN YOU COMPLY WITH THE NEW CYBERSECURITY REQUIREMENTS?


Any business operating under the jurisdiction of the new ISM Code should start planning to update their SMS accordingly. The deadline is no later than the first annual verification of the company’s Document of Compliance following January 1st 2021.

For all organizations concerned the message is clear. In order to be prepared and to develop the required business cybersecurity posture, including provisions relating to third party ecosystems, start planning now for the implementation of best-practice. In support of this action IMO has updated it´s guidelines on cybersecurity.



HOW MITeK LTD CAN SUPPORT YOUR COMPANY


MITEK ltd Cyber Security team helps you to analyse the cyber security status of your operational IT and O T system both on board and ashore and to moitigate identified risks.
Our comprehensive cyber security solutions include in more detail the followings:


CYBER SECURITY MANAGEMENT




Mitek ltd
Triq Ir Rampa
Balluta Terrace
Block 10 Flat A6
San Julian
Malta



Contacts

info@mitekltd.com