This Resolution says that cyber risk management should be conducted with regard to objectives and requirements of International Safety Management Code. Therefore, identifying, analysing, assessing and communicating cyber related risks, as well as suggesting mitigation measures, is recommended. Moreover, the necessary safeguards should be developed and implemented based on the risk assessment.
According to the resolution, cyber-technologies are vital for the operation of many systems, which can lead to cyber risks. The most vulnerable systems, include amongst others:
- Bridge systems
- Cargo handling and management systems
- Propulsion and machinery management and power control systems
- Access control systems
- Passenger servicing and management systems
- Passenger facing public networks
- Administrative and crew welfare systems
- Communication systems
The Guidelines on Maritime Cyber Risk Management also provide recommendations for maritime cyber risk management that must be considered when developing measures against cyber threats.
In order for a cyber risk management to be successful, a recommended approach is to assess and compare an organization's current, and desired, cyber risk management postures. This can reveal gaps that can be addressed to achieve risk management objectives, with a more effective cyber risk management plan. As a result, an organization can best apply its resources in the most effective manner.
- Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
- Protect: Implement risk control processes and measures, and contingency planning to protect against a cyberevent and ensure continuity of shipping operations.
- Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.
- Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
- Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyberevent.
Cyber risks should be appropriately addressed in the Safety Management Systems (SMS) no later than the first annual verification of the Document of Compliance (DOC) after 1st January 2021.
For further information click in the PDF herebelow