The maritime industry is seeking to grow and maintain efficiencies in the face of the persistent threat of cyber attacks that cause disruption. The maritime industry is specifically targeted because cyber security awareness has historically been low and ship systems have not been exposed to the internet until recently.

Due to the rising level of risk, the International Maritime Organisation (IMO) has adopted a resolution that encourages relevant administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021.

The associated Guideline on Maritime Cyber Security Risk Management to adopt a risk-based approach to secure dependent cyber technologies and apply the principles from the US National Institute of Standards & Technology (NIST) Cyber Security Framework. Namely, identify, protect, detect, respond and recover.

If you’re looking for more detailed guidance, refer to NIST Cyber Security Framework. But go beyond the base framework to explore the associated USCG Maritime Profile which addresses the areas of Maritime Bulk Liquids Transfer (MBLT), Offshore Operations, and Passenger Vessel Operations.

Also, don’t forget about the Australian and International Standard for Information Security Management Systems (AS ISO/IEC 27001) as it explains how to implement a structured information security program that includes e.g. management, risk management, program evaluation and incident management.

Key legislation and standards:

Summary of expectations:

  • Identify and manage your information risks, threats and vulnerabilities
  • Define your information security roles and responsibilities in policies
  • Implement controls to manage risk and protect information assets
  • Maintain an information security capability (i.e. management system)
  • Notify relevant stakeholders such as APRA or OAIC of material information security incidents

How we can help:

  • Identify and manage your information risks, threats and vulnerabilities in TrustyGate
  • Determine existing and planned controls to mitigate your information risks in TrustyGate
  • Maintain your information security policies in TrustyGate
  • Manage the performance and compliance of your security program using TrustyGate
  • Contact Us or email

Contact TrustyGate

Get in touch to arrange a demonstration, discuss complex requirements or provide feedback.

(03) 9036 9963
Suite 1613, 33 Rose Lane, Melbourne VIC 3000, Australia