(www.MaritimeCyprus.com) Cybertechnologies have become essential to the operation and management of numerous systems critical toÂ the safety and security of shipping and protection of the marine environment. In some cases, these systemsÂ have to comply with international standards and Flag Administration requirements. However, theÂ vulnerabilities created by accessing, interconnecting or networking these systems can lead to cyber risksÂ which should be addressed.
Effective cyber risk management should also consider safety and security impacts resulting from theÂ exposure or exploitation of vulnerabilities in information technology systems.Â This could result from inappropriate connection to operational technology systems or from procedural lapsesÂ by operational personnel or third parties, which may compromise these systems (e.g. inappropriate use ofÂ removable media such as a memory stick).
These rapidly changing technologies and threats make it difficult to address these risks only throughÂ technical standards. As such, this Publication recommends a risk management approach to cyber risks thatÂ is resilient and evolves as a natural extension of existing safety and security management practices.
For details and guidance related to the development and implementation of specific risk managementÂ processes, Ship-Owners should refer to specific Member Governments' and Flag Administrations'Â requirements, as well as relevant international and industry standards and best practices.
Risk management is fundamental to safe and secure shipping operations. It has traditionally been focusedÂ on operations in the physical domain, but greater reliance on digitization, integration, automation andÂ network-based systems has created an increasing need for cyber risk management in the shipping industry.
The Facilitation Committee and the Maritime Safety Committee, having considered the urgent need to raise awareness on cyber risk threats and vulnerabilities, approved the Guidelines on maritime cyber risk management, as perÂ MSC-FAL.1/Circ.3. The recommended Guidelines provide high-level recommendations for maritime cyber risk management. For the purpose of the Guidelines, maritime cyber risk refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
Predicated on the goal of supporting safe and secure shipping, which is operationally resilient to cyber risks,Â this Publication provides recommendations that can be incorporated into existing risk management processes.
You can download the guide paper by clicking on below image:
For more cyber-security related Guides and circulars, click here.