Cyber Risks - Time to Act

Barely a month goes by without news of a major cyber attack affecting a large or high profile commercial or government entity. Cybercrime is a rapidly growing global threat in all industries and the maritime supply chain is not immune, as the recent problems at APM terminals have demonstrated.

Cyber threats are real and can seriously disrupt shipping operations. Shipping companies must take steps to improve their cyber security as two recent developments demonstrate.

Cyber Risks and ISM Code

The IMO’s Maritime Safety Committee (MSC) has confirmed that cyber risks should be managed under the ISM Code.

The authorities in many countries have been concerned over the vulnerability of shipping to cyber risks for some time and have been encouraging voluntary adoption of cyber risk management practices. This latest development leaves shipowners with no option but to address cyber risks through their safety management systems.

Resolution MSC.428(98) affirms that an approved safety management system should take into account cyber risk management and encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

TMSA 3

Cyber risk management has been included in the third version of Tanker Management and Self Assessment (TMSA 3) under elements 7 Management of Change and 13 Maritime Security.

KPI 7.3.3 includes cyber security as an assigned responsibility for software management in the best practice guidelines. Under element 13 cyber security is specifically identified as a security threat to be managed.

It seems clear that the oil industry has recognised the need for action from tanker owners and is encouraging action through commercial pressure via TMSA 3. For tanker operators the time to act is now.

A Daunting Task?

The prospect of dealing with cyber security will be daunting for many shipping companies. It’s new, involves things that may not be fully understood, and most of us are not likely to have received any formal training in such risks. What is a definite plus is that shipping companies will be very familiar with the risk management framework suggested by the IMO Guidelines on Cyber Risk Management and industry Guidelines on Cyber Security Onboard Ships. We can
also use the experience gained in other sectors of industry who have already put cyber security systems in place.

2021 is not far away. Cyber risks can affect almost every part of a shipping company. There will be lots to do to identify risks and vulnerabilities and to take steps to prepare for, and respond to, cyber threats. It’s time for us all to act.

Don’t delay – act now.

North has been raising awareness about cyber risks for some time – you can find out more at our Insights area.