The maritime industry is seeking to grow and maintain efficiencies in the face of the persistent threat of cyber attacks that cause disruption. The maritime industry is specifically targeted because cyber security awareness has historically been low and ship systems have not been exposed to the internet until recently.
Due to the rising level of risk, the International Maritime Organisation (IMO) has adopted a resolution that encourages relevant administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.
The associated Guideline on Maritime Cyber Security Risk Management to adopt a risk-based approach to secure dependent cyber technologies and apply the principles from the US National Institute of Standards & Technology (NIST) Cyber Security Framework. Namely, identify, protect, detect, respond and recover.
If you’re looking for more detailed guidance, refer to NIST Cyber Security Framework. But go beyond the base framework to explore the associated USCG Maritime Profile which addresses the areas of Maritime Bulk Liquids Transfer (MBLT), Offshore Operations, and Passenger Vessel Operations.
Also, don’t forget about the Australian and International Standard for Information Security Management Systems (AS ISO/IEC 27001) as it explains how to implement a structured information security program that includes e.g. management, risk management, program evaluation and incident management.
Get in touch to arrange a demonstration, discuss complex requirements or provide feedback.