North P&I Club Warns of a 'Raft' of New Shipping Regulations on Cyber Risks
The 170 million GT, ‘A’ rated North P&I Club says shipowners and operators should be prepared for a new ‘raft’ of regulations relating to cyber security. As well as compromising vessel safety, a lack of on-board firewalls and other cyber security measures could soon expose shipowners to heavy fines and penalties, according to an article co-authored with Clyde & Co partner Joe Walsh in the latest issue of the Club’s loss prevention newsletter Signals.
North’s deputy director of loss prevention Colin Gillespie says, ‘The safe operation of ships is increasingly dependent on sophisticated electronic systems, so it is vital these systems are properly secured and protected from external risks.’ According to the Club, the US Coast Guard’s new cyber strategy also looks set to be a catalyst for new national and international regulations relating to cyber security on ships.
‘The US Coast Guard published its cyber strategy in June this year in response to what it perceives is one of the most serious threats to US economic and national security interests,’ says Gillespie. ‘The International Maritime Organization has also now recognised the threat to global maritime safety and commerce, and is expected to review industry guidelines at it maritime safety committee in May next year.’
Gillespie says the US strategy makes it clear that cyber risk prevention and response should be an integral part of a ship operator’s responsibilities. ‘The strategy calls on owners and operators to establish a reasonably viable cyber risk management programme, including continuous assessment, coordinated planning, investment, benchmarking, training, and possibly risk transference such as insurance.’
The article points out that while there is currently no requirement to adopt the US Coast Guard’s strategy, it is likely US authorities will soon require cyber risks and security to be managed on ships trading to the USA in much the same way as oil spill risks have to be managed under the US Oil Pollution Act 1990.
‘OPA ’90 focused attention on prevention and response. Shipowners trading to the USA would thus be well advised to start assessing and mitigating their potential cyber vulnerabilities related to network access and data protection, and considering and planning how to respond to a cyber event which might trigger, or relate to, a safety, security or environmental incident,’ says Gillespie. ‘Given the interconnected nature of modern technology, all shipping company systems that interface with a vessel will also need to be secure.’
ENDS
For further information contact: Colin Gillespie +44 191 232 5221
Notes to Editors
1. Signals issue 101 can be downloaded from North’s website at /publications/loss-prevention-publications/signals/.
2. North is a leading global marine insurer providing P&I, FD&D, war risks and ancillary insurance to 127 million GT of owned tonnage on a mutual basis and 43 million GT of chartered tonnage. Through its guaranteed subsidiary Sunderland Marine, North is also a leading insurer of fishing vessels, small craft and aquaculture risks. The ‘A’ rated Club is based in Newcastle upon Tyne, UK with regional offices in Greece, Hong Kong, Japan and Singapore and Sunderland Marine offices worldwide. North is a leading member of the International Group of P&I Clubs (IG), with 11.6% of the IG’s owned tonnage. The 13 IG clubs provide liability cover for approximately 90% of the world’s ocean-going tonnage and, as a member of the IG, North protects and promotes the interests of the international shipping industry.