Magazine

Read the latest edition of AIR and MEIR as an Interactive e-book

Mar 2024

Marine industry publishes enhanced cyber security guidelines

Source: Middle East Insurance Review | Feb 2019

The marine industry has issued the third edition of the industry cyber risk management guidelines which addresses the requirement to incorporate cyber risks in ships’ safety management systems.
 
This edition of Guidelines on Cyber Security Onboard Ships, produced by leading associations in the shipping industry, reflects a deeper experience with risk assessments of operational technology (OT) – such as navigational systems and engine controls – and provides more guidance for dealing with cyber risks to ships that arise from third parties in the supply chain.
 
“The industry will soon be under the obligation to incorporate measures to deal with cyber risks in the ship’s safety management system. This had not been tackled in the previous versions,” said BIMCO’s cyber security working group chair and director of Columbia Ship Management Ltd Dirk Fry.
 
The third edition provides additional information to help shippers carry out proper risk assessments and includes measures in their safety management systems to protect ships from cyber incidents. A new dedicated annex provides measures that all companies should consider implementing to address cyber risk management in an approved safety management system.
 
Operational technology
A second key expansion in the guidelines is around OT. Ships have more and more OT which is integrated with information technology (IT) and which can be connected to the internet, but the risks associated with OT are different from IT systems.
 
For example, malfunctioning IT may cause significant delay of a ship’s unloading or clearance, but with malfunctioning or inoperative OT, there can be a real risk of harm to people, the ship or the marine environment.
 
On a ship, the job may be less focused on protecting data as protecting operational systems working in the real world has direct safety implications. If the systems, or software controlling an engine are hit with malware, or if they break down due to lack of compatibility after an update of software, it can lead to dangerous situations, said Mr Fry.
 
Real world lessons
Another new element in the guidelines is the number of examples of actual incidents (anonymised) to demonstrate some of the real-world situations shipowners and operators face.
 
Supply chain risks
A third new focus area is the risk of malware infecting the ship’s systems via the many parties associated with the operation of a ship and its systems.
 
“The ships are not just sitting there in the middle of the ocean. More and more ships are also closely connected to security systems in the companies’ offices and shippers’ offices and agents’ offices,” said Mr Fry.
 
The recommendations include evaluating the security of service providers, defining a minimum set of requirements to manage supply chain or third-party risks and making sure that agreements on cyber risks are formal and written.
 
The guidelines also underline the need for ships to be able to disconnect quickly and effectively from shore-based networks, where required. M 
 
| Print
CAPTCHA image
Enter the code shown above in the box below.

Note that your comment may be edited or removed in the future, and that your comment may appear alongside the original article on websites other than this one.

 

Recent Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.