News

30.04.2020

Alpha Marine Consulting - Cyber Risk Management in Safety Management Systems

Cyber Security in the Maritime Industry

The IMO Maritime Safety Committee, at its 98th session in June 2017 adopted Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems. The Resolution

“encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.

Cyber risk management is the process of identifying, analyzing, assessing and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders.

Recommendations:

Shipping Companies should develop Cyber Security Policy and Procedures within their Safety Management System in order to raise awareness on cyber risk threats and vulnerabilities covering all Company’s activities onboard and ashore. The Cyber Security Plan aims to protect the Company's information assets from all identified cyber threats, whether internal or external, deliberate or accidental, to ensure operations continuity, to minimize damage and to maximize return on investments and relevant industry opportunities. All Shipping Companies, no later than the first annual verification of their DoC after 1 January 2021, should ensure that:

 

  • Information Technology (IT) and Operational Technology (OT) Systems identified as vulnerable to cyber attacks are protected from a loss of confidentiality, integrity and availability.
  • Cyber Security Contingency Plans have been developed.
  • Cyber Security training is available to all staff.
  • All breaches of information security, actual or suspected, will be reported and investigated.

 

AMC has developed numerous Cyber Security Plans for shipping companies, successfully covering IMO, TMSA 3, VIQ 7 and RIGHTSHIP’s requirements during office audits and vetting inspections.