IMO Prioritizes Cyber Risk Management

1242

Safety4Sea, reports that digitalization and rapid technological developments in maritime sector have provoked a speedy action to protect the well-being of seafarers and the whole of the industry as well.

What is maritime cyber risk? 

According to the IMO, ​maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.

An overview of IMO’s approach to cyber risk

Constant cyber threats to the maritime sector have made the International Maritime Organization (IMO) to issue and implement a series of regulations and guidelines on cyber risk management.  This is executed with, last but not least, the adoption of the Resolution MSC.428(98).

The present resolution urges the companies to inform any sort of cyber risk in their ISM Code not beyond January 1, 2021.

With the growing cyber risk challenges, let us see how did the landscape of cyber regulations evolve the past years?

Shipping sector vulnerable to cyber-attacks

In an interview with Safety4Sea, Mrs. Cynthia Hudson, CEO, Hudson Analytix has highlighted that as the shipping environment is being shaped upon the digital world, companies and all shipping stakeholders seem more vulnerable and exposed.

Mr. Chronis Kapalidis, Cyber Expert, Hudson Analytix, speaking during the 2019 Hellenic American Maritime Forum stated that

“Cyber security has been over the last years the first non-natural threat to the global risk landscape according to the World Economic Forum. This is only going to get worse because of rising cyber dependency. Everything that we do has a cyber element.”

Steps to strengthen cyber security

Considering the effect of cyber-attacks, the cost and time-loss to resolve operations a shipping stakeholder has to deal with, the International Maritime Organization focused on publishing a series of guidelines to help the industry cope with cyber challenges and enhance their cyber risk management.

It should be highlighted that except the IMO, additional shipping associations and classes have launched guidance and standards to assist the industry dealing with cyber risk.

How it all started

#1 June 2016 –MSC.1/Circ. 1526

The Maritime Safety Committee approved, during its 96th session, the “Interim guidelines on maritime cyber risk management”.

# 2 June 2017 –MSC.428(98)

During the 98th session, the Maritime Safety Committee urged all companies to include in their approved SMS the cyber risk management according with the objectives and functional requirements of the ISM Code.

The recommendations included in the resolution are:

Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.

Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.

Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.

Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.

Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

#3 July 2017 – MSC-FAL.1/Circ.3

In the 98th session, the MSC approved the Guidelines on maritime cyber risk management, with the guidelines referring to ship owners to be used as guidelines but remain non-compulsory.

# 2020 sees a massive change

Company’s Document of Compliance,  must reach by 1st of January 2021.

All shipping companies will be mandated to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code).

In addition, IMO’s decision is a major step towards being ready and having a risk management approach under the possibility of a cyber-attack.

Applauding IMO’s decision, Mr Kapalidis has commented that

“when we talk about cyber security, it is not a matter of if you will be attacked but when. In order to deal with that, you should have a risk management approach on it and this what the IMO is introducing”.

Did you subscribe to our daily newsletter?

It’s Free! Click here to Subscribe!

Source: Safety4Sea