Subscribe to our Mailing Lists (It's free!)
Thursday, February 2, 2023
SAFETY4SEA
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    LNG reference price

    EU: Launch of global LNG reference price

    Keppel Terminal Berth accident

    Prime mover driver dies after falling into the sea at Keppel Terminal Berth

    lng carrier grounded suez canal

    LNG carrier runs aground in Suez Canal

    msc containership grounded singapore

    Watch: MSC containership grounded off Singapore

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    How are you making decisions? The 6 human needs

    How are you making decisions? The 6 human needs

    how to fall asleep

    6 tips to help you fall asleep when you wake up at night

    psychotherapy

    Working in business? How psychotherapy can be a life-changing experience

    sexual health

    Sexual health important to overall wellbeing: Key considerations

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    equinor engie hydrogen

    Equinor, Engie move forward with hydrogen project in Belgium

    LNG reference price

    EU: Launch of global LNG reference price

    capital lng tanker

    Watch: Capital receives LNG fuel-ready eco-friendly tanker

    port of corpus christi

    Port of Corpus Christi: $16.4M for carbon capture operation

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    klaveness autonomous hull cleaning

    Klaveness: Roll-out of semi-autonomous hull cleaning solution

    mol Vessel Cyber Resilience

    MOL: World’s first company to receive AiP for vessel cyber resilience

    ukho paper chart

    UKHO: Paper chart withdrawal extended beyond 2026

    hyundai Autonomous Navigation System

    HD Hyundai: Approval for autonomous navigation system

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    philippines 18 detained fuel theft

    Philippines: 18 from 3 ships detained for fuel theft

    black sea mou cic stcw

    Black Sea MoU: Preliminary results of CIC on STCW

    Keppel Offshore fines

    Keppel Offshore & Marine pays $65m in fines after corruption case

    fmc delay and disruption claims

    FMC: Increase in “Delay and Disruption” claims

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    maritime uk girls maritime careers

    Maritime UK to inspire girls to consider maritime careers

    capital lng tanker

    Watch: Capital receives LNG fuel-ready eco-friendly tanker

    port of corpus christi

    Port of Corpus Christi: $16.4M for carbon capture operation

    india sustainable maritime

    DNV: How can India achieve a sustainable maritime ecosystem

  • Columns
    Maritime Just Transition Task Force: Engaging industry in social dialogue

    Maritime Just Transition Task Force: Engaging industry in social dialogue

    Career Paths: David Tournay, Maritime Skills Alliance

    Career Paths: Sinikka Hartonen, One Sea Association

    Career Paths: David Tournay, Maritime Skills Alliance

    Career Paths: David Tournay, Maritime Skills Alliance

    Trending Tags

    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus
No Result
View All Result
  • Home
  • Safety
    • All
    • Accidents
    • Alerts
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
    LNG reference price

    EU: Launch of global LNG reference price

    Keppel Terminal Berth accident

    Prime mover driver dies after falling into the sea at Keppel Terminal Berth

    lng carrier grounded suez canal

    LNG carrier runs aground in Suez Canal

    msc containership grounded singapore

    Watch: MSC containership grounded off Singapore

  • SEAFiT
    • All
    • Intellectual
    • Mental
    • Physical
    • Social
    • Spiritual
    How are you making decisions? The 6 human needs

    How are you making decisions? The 6 human needs

    how to fall asleep

    6 tips to help you fall asleep when you wake up at night

    psychotherapy

    Working in business? How psychotherapy can be a life-changing experience

    sexual health

    Sexual health important to overall wellbeing: Key considerations

  • Green
    • All
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
    equinor engie hydrogen

    Equinor, Engie move forward with hydrogen project in Belgium

    LNG reference price

    EU: Launch of global LNG reference price

    capital lng tanker

    Watch: Capital receives LNG fuel-ready eco-friendly tanker

    port of corpus christi

    Port of Corpus Christi: $16.4M for carbon capture operation

  • Smart
    • All
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
    klaveness autonomous hull cleaning

    Klaveness: Roll-out of semi-autonomous hull cleaning solution

    mol Vessel Cyber Resilience

    MOL: World’s first company to receive AiP for vessel cyber resilience

    ukho paper chart

    UKHO: Paper chart withdrawal extended beyond 2026

    hyundai Autonomous Navigation System

    HD Hyundai: Approval for autonomous navigation system

  • Risk
    • All
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
    philippines 18 detained fuel theft

    Philippines: 18 from 3 ships detained for fuel theft

    black sea mou cic stcw

    Black Sea MoU: Preliminary results of CIC on STCW

    Keppel Offshore fines

    Keppel Offshore & Marine pays $65m in fines after corruption case

    fmc delay and disruption claims

    FMC: Increase in “Delay and Disruption” claims

  • Others
    • All
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
    maritime uk girls maritime careers

    Maritime UK to inspire girls to consider maritime careers

    capital lng tanker

    Watch: Capital receives LNG fuel-ready eco-friendly tanker

    port of corpus christi

    Port of Corpus Christi: $16.4M for carbon capture operation

    india sustainable maritime

    DNV: How can India achieve a sustainable maritime ecosystem

  • Columns
    Maritime Just Transition Task Force: Engaging industry in social dialogue

    Maritime Just Transition Task Force: Engaging industry in social dialogue

    Career Paths: David Tournay, Maritime Skills Alliance

    Career Paths: Sinikka Hartonen, One Sea Association

    Career Paths: David Tournay, Maritime Skills Alliance

    Career Paths: David Tournay, Maritime Skills Alliance

    Trending Tags

    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Resilience
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus
No Result
View All Result
SAFETY4SEA

Cyber security enters SMS: A new era from January 2021

by The Editorial Team
December 24, 2020
in Cyber Security
cyber security
FacebookTwitterEmailLinkedin

Every business and every individual can be subject to cyber threats. Cyber-crime is a massive business; hackers are very well-organized, and they put a lot of time and effort before launching a cyber-attack. The last couple years, cyber security has become a significant challenge for the maritime industry as well. In this regard, IMO took the decision to embed cyber security into Safety Management Systems; not much time has left for this new requirement and one thing is for sure: from next year, a new era begins for ship operators.

Even though we have witnessed several cyber attacks during the last years, cyber-criminal activities seem to have increased, exploiting the vulnerability of users working from home. In this context, The Nautical Institute hosted a Cyber Security webinar in November which referred to the new cyber-attack trends. These are the following: malware attacks, encrypted threats, crypto jacking, intrusion attempts, ransomware attacks and IoT malware. So, what shipping players should be doing in order to name themselves as cyber-secured?

The new IMO Requirement

According to Resolution MSC.428(98), operators need to ensure that their existing SMS appropriately address cyber risks by their 2021 annual verification. The risks as explained above are too many. With MSC-FAL 1/ Circ 3, IMO provides guidelines which consist of six pages and provide detailed recommendations on maritime cyber risk identification and management to safeguard shipping from current and emerging cyber threats and vulnerabilities.

RelatedNews

MOL: World’s first company to receive AiP for vessel cyber resilience

Allianz: Cyber risks the most important risk globally

The recommendations are designed to be incorporated into existing SMS manuals and procedures and associated ISPS systems so as to update and enhance these processes. ‘’The overall goal is to support safe and secure shipping, which is operationally resilient to cyber risks.’’, IMO explains.

In particular, IMO issued “Guidelines on Maritime Cyber Risk Management”, to provide the required guidance on how a Company should respond to MSC. 428 (98), with reference to the following:

  • Guidelines on Cyber Security Onboard Ships issued by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.
  • ISO/IEC 27001 standard on Information technology
  • United States National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework).

Key Items to be addressed

Safety Management System is the key document of every shipping company, explaining how to conduct safe operations, based on the ISM code and the required policies for safe operations, protection of people, ship, cargo and environment. In essence, SMS are dynamic systems, meaning that they need to adapt to new requirements and address current needs and possible risks.

Addressing cyber risks in Safety Management System, requires additional focus, a new approach and more interaction between company and vessels. The real focus point of the system is to achieve the protection of Company (office) and onboard installed systems from cyber threats (of any kind). The aim is to have specific procedures in place and a cyber security culture to minimize the possibility of being attacked or affected by an attack. Additionally, operators can create response technics to overcome challenges from a cyber attack, ensuring continuity of operations.

The new IMO requirements can either addressed as a stand-alone system (Cyber Security Management Plan as part of existing SMS) or a revised SMS which will incorporate all required steps.

Steps required

  1. Set the policy for cyber security. This is the base of cyber structure. It is a declaration of Company’s setting targets and main actions for cyber security. It may cover additional items (like General Data protection) as all such items are related.
  2. Conduct a thorough assessment both in office and on-board ships, in order to identify related systems that may be subject to cyber threat. Systems are to be identified, listed, prioritized on vulnerability as critical or not. All systems should be approved to be used for specific tasks. The supportive software should be authentic, updated and installed by competent personnel.
  3. Implement procedures for cyber policy. The procedures should include the actions for everyone related to above identified systems, setting the privileges, the authority levels and specific actions (in form Dos and Don’ts) for each position. Procedures should include as minimum:
    1. Privileges and authority, including access level for each system
    2. Password instructions
    3. Removal media instructions
    4. Third party access to systems instructions (eg agents, constructors, system technicians, pilots, terminal personnel and any other individual or organization that requires to be granted access to shore or on board systems)
  4. Set an effective response system. The system should have immediate response actions, backup procedures, rectification procedures and alternative ways of conducting day to day routine in order to retain a flawless operation.
  5. As per shipping industry’s culture, all related incidents should be investigated, and lessons learnt and best practices to be used for avoiding similar issues in the future.
  6. Conduct periodical assessment of systems and procedures through audit / management review in order to check effectiveness.

Office/Ship interaction

It is highly recommended to follow the practice of ship shore drills with cyber scenarios. The Guidelines on Cyber Security Onboard Ships produced and supported by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI, version 4.0 include useful real life incidents that can be used as sample scenarios for such drills.

Additionally as COVID-19 outbreak has altered operations, more and more Companies now use remote inspections and audits to monitor their managed vessels. These actions require procedures that can affectively produce monitoring results but simultaneously protect the systems used to conduct such operations.

Actions required

Ship Managers should:

  • Revise existing SMS to include cyber risk management and related procedures
  • Verify implementation of policies and procedures both ashore and on board
  • Provide all required resources for equipment (hardware) and/or software upgrades in order to support procedures
  • Provide ashore and on-board training to personnel for cyber threats/risks and best practices to address them.

Seafarers and Office personnel should:

  • Follow the procedures and guidance on cyber risk management
  • Do not use personal equipment on Company’s systems (ashore or onboard)
  • Be aware of all risks and threats related to cyber
  • Notify immediately authorized Company’s personnel for any suspicious or identified cyber issue in order to initiate response actions.

The industry is currently fighting with the thought whether operators are ready or not to comply. One way or another, from January 1st of January 2021, SMS will feature a new requirement, resulting to increased awareness over cyber security which is a critical issue as we have accelerated our path towards digitalization.

Tags: cyber riskcyber securitydigitalizationIMOregulatory updatesmSMS

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

klaveness autonomous hull cleaning

Klaveness: Roll-out of semi-autonomous hull cleaning solution

February 2, 2023
equinor engie hydrogen

Equinor, Engie move forward with hydrogen project in Belgium

February 2, 2023

SEAFiT Poll

What is the biggest obstacle for the social life onboard?

Stay tuned for the results!

MARITIME EVENTS

Explore

  • Safety
  • Green
  • Smart
  • Risk
  • Others
  • Events
  • Plus

Useful Links

  • About
  • Disclaimer
  • Editorial Policies
  • Advertising
  • Contact

RISK4SEA Facts

Did you know which port has the largest Detention Rate in Australia for Bulk Carriers in 2020? Port Kembla, NSW, had a Detention Rate of 14% in 58 inspections.

Learn more risk4sea.com

© 2021 SAFETY4SEA

No Result
View All Result
  • Safety
    • Alerts
    • Accidents
    • Loss Prevention
    • Maritime Health
    • Regulation
    • Safety
    • Seafarers
    • Security
  • Green
    • Arctic
    • Ballast
    • Emissions
    • Fuels
    • Green Shipping
    • Pollution
    • Ship Recycling
    • Technology
  • Smart
    • Connectivity
    • Cyber Security
    • E-navigation
    • Energy Efficiency
    • Maritime Software
    • Smart
  • Risk
    • CIC
    • Detentions
    • Fines
    • PSC Focus
    • Vetting
  • Others
    • Diversity in shipping
    • Maritime Knowledge
    • Offshore
    • Ports
    • Reports
    • Shipping
    • Sustainability
    • Videos
  • Columns
    • Opinions
    • Career Paths
    • Industry Voices
    • Maripedia
    • Maritime History
    • Seafarers Stories
    • SeaSense
  • Events
  • Plus

© 2021 SAFETY4SEA

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Disclaimer.