There is ongoing work to develop guidelines on cyber security on board ship
The International Union of Marine Insurance (IUMI) issued its latest edition of the informative "IUMI Eye" including abstract from Nick Gooding's speech (FCII, IUMI Alternate Officer at the IMO)on cyber security presented at the Insurance Sweden Conference on 6 May 2015, in Stockholm.
''No one is immune from cyber threat and there are many attacks daily. The International Union of Marine Insurance understands that the risks of a maritime cyber security attack represent a challenge to underwriters for two key reasons. First, there is a challenge to properly understand the exposures and secondly the underwriters' products need to be tailored to meet their clients' needs.
As the global maritime community moves further into a digital environment, ports, vessels and facilities are increasingly connected to and dependent on cyber systems. Insufficiently robust cyber security practices could lead to loss of life, increased criminality in the maritime sector, and given the importance of the maritime sector to international trade and supply chains, an operational disruption with significant adverse economic consequences.
Encouragingly through the combined efforts of the International Chamber of Shipping, BIMCO, INTERTANKO, and INTERCARGO there is ongoing work to develop guidelines on cyber security on board ships. It is hoped the final guidelines will be presented to the International Maritime Organization for consideration in 2016.
These draft guidelines have been split into nine headings covering:
1) Awareness and education for all stakeholders
2) Establishing a generic risk-based framework drawing on existing standards and guidelines augmented by current intelligence and best practice.
3) Addressing the integrity, confidentiality and availability of cyber systems
4) Establishing clear guidelines on the management of key information in order to retain operational cyber capability
5) Looking at how to integrate elements of both physical and software security to ensure safety and business continuity.
6) Acknowledging the importance of identifying and mitigating third party interfaces that could compromise cyber security.
7) Investigating cyber security monitoring systems and network management
8) The development of contingency plans
9) Continued review and assessment of cyber systems to ensure their continued robustness.
The London Market Committees are all working on this issue, and only time will show how we will be able to fight this clear and present danger.''