The US Coast Guard Office of Commercial Vessel Compliance has updated the Vessel Cyber Risk Management Work Instruction, to include a compliance timeline for Non Safety Management System vessels that are subject to the Marine Transportation Safety Act of 2002.
These vessels are required to address cyber security vulnerabilities within their Vessel Security Assessment no later than December 31, 2021.
On 27th October 2020, USCG issued a work instruction with guidance on implementation of IMO Resolution 428(98) and MSC-FAL.1/Circ 3, providing guidance regarding the USCG commercial vessel compliance program’s approach to assessing the cyber risk on US-flagged and foreign vessels to ensure they do not pose a risk to the Marine Transportation System due to a cyber event.
According to relevant guidance by SQE Marine, Ship Managers should:
- Implement procedures in SMS ensuring cyber risk management is appropriately addressed, no later than the first annual verification of the company’s Document of Compliance (DOC) after January 1, 2021.
- Provide adequate training for both shore and on-board staff in order to implement these procedures as required.
- Create an evaluation procedure (through internal audits/drills) in order to gain feedback for effectiveness of their procedures.
Shipboard staff should:
- Be familiar with cyber procedures as incorporated in their SMS
- Implement and follow the cyber procedures on board
- Act proactively to protect on board Information Technology (IT) and Operational Technology (OT) systems from cyber attacks
- Report to Head Office (and relevant PSC Authorities) any cyber incident as required by SMS, Flag Administration and local requirements.
Find the updated Vessel Cyber Risk Management Work Instruction herebelow: