Cyber safety is as significant as cyber security. Both have equal potential to affect the safety of onboard personnel, ships, and cargo. Cyber security is concerned with the protection of IT, OT and data from unauthorised access, manipulation and disruption. Cyber safety covers the risks from the loss of availability or integrity of safety critical data and OT.
When incorporating cyber risk management into the company SMS, consideration should be given to whether, in addition to a generic risk assessment of the ships it operates, a particular ship needs a specific risk assessment. The company should consider the need for a specific risk assessment based on whether a particular ship is unique within their fleet. This should consider factors, including but not limited to the extent to which IT and OT is used on board, the complexity
of system integration and the nature of operations.
The Guidelines on Cyber Security Onboard Ships second edition, includes information on insurance issues and how to effectively segregate networks, as well as new practical advice on managing the ship to shore interface, and how to handle cyber security during port calls and when communicating with the shore side.
The chapters on ‘contingency planning’ and ‘responding to and recovering from cyber incidents’ have been rewritten to reflect the fact that the guidelines are aimed specifically at ships and the remote conditions prevailing if a ship’s defences have been breached.
The Guidelines on Cyber Security Onboard Ships have also been aligned with the recommendations given in the International Maritime Organization’s (IMO) Guidelines on cyber risk management which were adopted in June 2017.
A new subchapter on insurance has been added, looking at coverage after a cyber incident as this is an important part of the risk assessment which shipowners should now take into consideration. Finally, the Annex, which explains about networks, has been rewritten based on real experience of shipowners segregating networks on their ships.
Angus Frew, BIMCO Secretary General and CEO said:
Cyber security is certainly a hot topic for all of us now, and this latest guidance includes valuable information, applying a risk based approach to all of the areas of concern, highlighting how an individual’s unwitting actions might expose their organisation.
The first version of the guidelines was well received by the industry and acknowledged by the IMO and we really do believe that the update offers the most comprehensive guidance for the shipping industry today.
In the light of recent events we urge everyone across the industry to download it - it's available free of charge - and to consider the risk cybercrime may pose to their ships and operations. Ignorance is no longer an option, as we are all rapidly realising.
The Guidelines on Cyber Security Onboard Ships are available to download. Click on below image.
The joint industry working group members are: BIMCO, Cruise Lines International Association (CLIA), International Chamber of Shipping (ICS), International Association of Dry Cargo Shipowners (INTERCARGO), International Association of Independent Tanker Owners (INTERTANKO), International Union of Maritime Insurance (IUMI) and Oil Companies International Marine Forum (OCIMF).
For more cyber-security related Guides and circulars, click here.