The Maritime and Port Authority Singapore (MPA) issued a circular providing information on the requirement to incorporate maritime cyber risk management in the safety management systems (SMS) of companies operating Singapore-registered ships.
To remind, the International Maritime Organization (IMO) issued and implemented a series of regulations and guidelines on cyber risk management, with, last but not least, the adoption of the Resolution MSC.428(98). This resolution calls companies to report any cyber risk in their ISM Code no later than January 1, 2021.
Therefore, MPA Singapore reminds that the ISM company is required to demonstrate that they have appropriately incorporated the five functional elements to address maritime cyber risks, namely:
- Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when
disrupted, pose risks to ship operations; - Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of
shipping operations; - Detect: Develop and implement activities necessary to detect a cyberevent in a timely manner;
- Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services
impaired due to a cyber-event; - Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
MPA highlights that
ISM companies of Singapore-registered ships are reminded to review the identified risks to its ships, personnel and the environment and to establish appropriate safeguards to ensure that maritime cyber risks are appropriately addressed in the SMS, and that the five functional elements stated in para 5 have been incorporated into their risk management framework.
Concluding, explore more by clicking herebelow
