Leading shipping organisations have launched a set of guidelines to help the industry prevent major safety, environmental and commercial issues that could result from cyber incidents onboard vessels.
The “Guidelines on Cyber Security Onboard Ships”, developed by BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO with support from a wide range of stakeholders, were launched on 4 January 2016. Whilst existing international standards and guidelines on cyber security issues primarily cover shoreside operations, the new guidelines provide guidance to shipowners and operators on how to assess their operations for cyber risks and put in place the necessary procedures and actions to maintain the security of systems onboard their vessels.
The “cyber revolution” is creating new opportunities in the maritime industry – but also new risks and vulnerabilities. The importance of a secure maritime industry is well understood and cyber risks are now becoming a major concern. The guidelines are therefore designed to develop an understanding and awareness of key aspects of cyber security and provide a risk-based approach to identifying and responding to cyber threats.
The new guidelines are free to download from the BIMCO website, click here for a copy of version 1.0.
Managing cyber risks – issues to consider
The maritime industry operates in an internet based computerised environment, and as such, operational risk management is inherently cyber risk management. Shipowners and operators should therefore view cyber risks along with the physical safety, security and environmental risks they already face and establish a “cyber risk management program” adapted to each specific operation/vessel. The following issues should be considered:
Summary and recommendations
To reduce vulnerability to both cyber accidents and cyber attacks, and ensure safe and efficient vessel operations, Members and clients are recommended to review and address cyber security:
Relevant sources of information:
1) The newly released Guidelines on Cyber Security Onboard Ships provides a useful tool for shipowners and operators in their work to assess and manage cyber risks onboard vessels. However, in some cases, alternative risk mitigating methods may have to be used to those suggested by the guidelines in order to comply with all relevant national legislation and flag state regulations.
2) In July 2015, the US Coast Guard published its Cyber Strategy in response to what it perceives is one of the greatest threats to US economic and national security interests. The Coast Guard’s cyber security website provides access to the strategy document and a variety of other cyber-related information, e.g. their Cyber Maritime Bulletins, and can be viewed by using this link: http://homeport.uscg.mil and the following path: Missions > Cybersecurity.
3) In November 2015, DNV GL published a report revealing the top ten cyber security vulnerabilities for the oil and gas industry in Norway. Although the cyber risks picture related to the oil and gas industry may not be directly transferable to the maritime industry, we believe much can be learned from this report. The report can be downloaded from DNVGL’s website (the full report is in Norwegian language only).