North P&I Club warns of a 'raft' of new shipping regulations on cyber risks

The North P&I Club says shipowners and operators should be prepared for a new 'raft' of regulations relating to cyber security. As well as compromising vessel safety, a lack of on-board firewalls and other cyber security measures could soon expose shipowners to heavy fines and penalties, according to an article co-authored with Clyde & Co partner Joe Walsh in the latest issue of the Club's loss prevention newsletter Signals.

Norths deputy director of loss prevention Colin Gillespie says, The safe operation of ships is increasingly dependent on sophisticated electronic systems, so it is vital these systems are properly secured and protected from external risks. According to the Club, the US Coast Guards new cyber strategy also looks set to be a catalyst for new national and international regulations relating to cyber security on ships.

The US Coast Guard published its cyber strategy in June this year in response to what it perceives is one of the most serious threats to US economic and national security interests, says Gillespie. The International Maritime Organization has also now recognised the threat to global maritime safety and commerce, and is expected to review industry guidelines at it maritime safety committee in May next year.

Gillespie says the US strategy makes it clear that cyber risk prevention and response should be an integral part of a ship operators responsibilities. The strategy calls on owners and operators to establish a reasonably viable cyber risk management programme, including continuous assessment, coordinated planning, investment, benchmarking, training, and possibly risk transference such as insurance.

The article points out that while there is currently no requirement to adopt the US Coast Guards strategy, it is likely US authorities will soon require cyber risks and security to be managed on ships trading to the USA in much the same way as oil spill risks have to be managed under the US Oil Pollution Act 1990.

OPA 90 focused attention on prevention and response. Shipowners trading to the USA would thus be well advised to start assessing and mitigating their potential cyber vulnerabilities related to network access and data protection, and considering and planning how to respond to a cyber event which might trigger, or relate to, a safety, security or environmental incident, says Gillespie. Given the interconnected nature of modern technology, all shipping company systems that interface with a vessel will also need to be secure.