(www.MaritimeCyprus.com)Â The third edition provides additional information which should help shipping companies carry out proper risk assessments and include measures in their safety management systems to protect ships from cyber-incidents. A new dedicated annex provides measures that all companies should consider implementing to address cyber risk management in an approved SMS.
Ships are increasingly using systems that rely on digitisation, digitalisation, integration, andÂ automation, which call for cyber risk management on board. As technology continues to develop,Â information technology (IT) and operational technology (OT) onboard ships are being networkedÂ together â and more frequently connected to the internet.
This brings the greater risk of unauthorised access or malicious attacks to shipsâ systems andÂ networks. Risks may also occur from personnel accessing systems on board, for example byÂ introducing malware via removable media.
To mitigate the potential safety, environmental and commercial consequences of a cyber incident, aÂ group of international shipping organisations, with support from a wide range of stakeholders (pleaseÂ refer to annex 5 for more details), have participated in the development of these guidelines, whichÂ are designed to assist companies in formulating their own approaches to cyber risk managementÂ onboard ships.
Approaches to cyber risk management will be company- and ship-specific but should be guided by theÂ requirements of relevant national, international and flag state regulations. These guidelines provide aÂ risk-based approach to identifying and responding to cyber threats. An important aspect is the benefitÂ that relevant personnel would obtain from training in identifying the typical modus operandi of cyberÂ attacks.
The Guidelines on Cyber Security Onboard Ships are available toÂ download. Click on below image.
For more cyber-security related Guides and circulars, click here.