While the benefits of new smart grid technologies are numerous, so are their cyber security implications especially when it comes to the maritime industry. Ahead of EU GDPR entry into force, aiming to protect personal data and free movement of such data across the EU from 25th May 2018 onwards, an effective Cyber Security Management Plan could provide guidance to secure shipping companies and managed vessels from potential cyber threats.
In June 2017, IMO MSC98 adopted the MSC-FAL.1/Circ.3 Guidelines on Maritime Cyber Risk Management and the Resolution MSC.428 (98) on Maritime Cyber Risk Management in Safety Management Systems (SMS) to safeguard shipping from current and emerging cyber security threats and vulnerabilities. According to this resolution, an approved Safety Management System (SMS) should consider cyber security risk management in accordance with the objectives and functional requirements of the ISM Code, considering that the objectives of the Code include the provision of safe practices in ship operation and a safe working environment, the assessment of all identified risks to ships, personnel and the environment.
Cyber security should be considered as part of holistic approach throughout a ship’s lifecycle. With this guidance, SQE MARINE consultancy firm has created a clear pathway, summarizing the various security best practices and controls that operators should consider implementing.
Therefore, shipping companies need to have a Cyber Security Policy in place to secure their premises and equipment both on board and ashore as well as their employees, through an effective cyber security plan managing all possible threats of Cyber Technology that may influence the appropriate performance of systems and operations.
SQE MARINE consultancy firm highlights the importance of developing a cyber security management plan as a best practice solution to ensure full compliance with the aforesaid legislation by providing real life documentation addressed to senior officers and crew onboard, training program and support as well as full integration of any operator specific requirements.
Specifically, the plan should define possible cyber security threats & risks, introduce a cyber security policy, feature office & vessel contingency plans and refer to measures for managing the risk.