The new IMO Requirement
According to Resolution MSC.428(98), operators need to ensure that their existing SMS appropriately address cyber risks by their 2021 annual verification. The risks as explained above are too many. With MSC-FAL 1/ Circ 3, IMO provides guidelines which consist of six pages and provide detailed recommendations on maritime cyber risk identification and management to safeguard shipping from current and emerging cyber threats and vulnerabilities.
The recommendations are designed to be incorporated into existing SMS manuals and procedures and associated ISPS systems so as to update and enhance these processes. ‘’The overall goal is to support safe and secure shipping, which is operationally resilient to cyber risks.’’, IMO explains.
In particular, IMO issued “Guidelines on Maritime Cyber Risk Management”, to provide the required guidance on how a Company should respond to MSC. 428 (98), with reference to the following:
- Guidelines on Cyber Security Onboard Ships issued by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.
- ISO/IEC 27001 standard on Information technology
- United States National Institute of Standards and Technology's Framework for Improving Critical Infrastructure Cybersecurity (the NIST Framework).
Safety Management System is the key document of every shipping company, explaining how to conduct safe operations, based on the ISM code and the required policies for safe operations, protection of people, ship, cargo and environment. In essence, SMS are dynamic systems, meaning that they need to adapt to new requirements and address current needs and possible risks.
The industry is currently fighting with the thought whether operators are ready or not to comply. One way or another, from January 1st of January 2021, SMS will feature a new requirement, resulting to increased awareness over cyber security which is a critical issue as we have accelerated our path towards digitalization.