The 96th meeting of the International Maritime Organization’s Marine Safety Committee recently took place from 11-20th May, where they approved interim guidelines on cyber security.
The Interim Guidelines on Cyber Risk Management are aimed at enabling stakeholders to take the necessary steps to safeguard shipping from current and emerging threats and vulnerabilities related to digitisation, integration and automation of processes and systems in shipping.
The recommendations are as follows:
- Effective cyber risk management should start at senior management level, where they should embed a culture of cyber risk awareness into all levels of the organisation
- Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that pose a potential risk to ship operations
- Develop a contingency plan to ensure continuity of your shipping operation in the event that your cyber security is compromised
- Develop and implement activities to detect a cyber event in a timely manner
- Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations
- Identify measures to back-up and restore cybersystems necessary for shipping operations impacted by a cyberevent
The interim guidelines are expected to be updated when the Facilitation Committee has completed its work on the facilitation aspects of cyber risk management.
The Guidelines finish by recommending that users also refer to Member Governments’ and Flag Administration requirements and additional guidance, as below:
- The Guidelines On Cyber Security On Board Ships
- ISO/IEC 27001: Information Security Management
- United States “NIST” Framework
More here on the structure of the IMO.