IMO Resolution

In the face of emerging cybersecurity threats to the industry and with the MSC resolution in mind, IMO has taken the decision to incorporate mandatory cybersecurity requirements into the International Safety Management Code, ISM.

As of January 1, 2021, cybersecurity must be addressed by all players in the shipping industry and incorporated into their Safety Management Systems, SMS.

One organisation which was quick to respond to these new circumstances was the Oil Companies International Marine Forum, OCIMF. Beginning in January 2018 the OCIMF updated Tanker Management and Self Assessment, TMSA, version 3, with a 13th Performance Element. This new element deals specifically with cybersecurity.

What do developments like these mean for the worldwide maritime sector? More specifically, what does the ISM Code, a SOLAS requirement, and TMSA version 3, best industry practice, require when it comes to preventing cyber crime at sea?

The ISM Code requires modification to a company’s SMS and should now include the following.

• • Cybersecurity measures to be adopted in the company´s Health, Safety & Environment, Security & Equality / HSES&Q Policy Statement.
  • Risk assessments of all OT and IT systems onboard and ashore
  • Policy in place for the uses of removable storage.
  • Policy and procedure in place regarding network communications and WiFi for vessel crews.
  • Policy and procedure in place for monitoring and updating navigation and communication systems.
  • Policy in place regarding authorization criteria for remote connections.
  • Inventory of all OT systems.
  • Internet access policy in place outlining restrictions relating to operations currently being performed onboard.
  • Contingency Plans for Emergency Response developed and in place.
  • Items identified by TMSA and listed below.

In order to comply to ISM Cyber Security requirements and develop specific analysis six steps have to be followed: