From 1st January 2021, the International Maritime Organisation’s latest requirements for incorporating cyber security measures into vessels’ onboard safety management systems will be enforced. This is to ensure compliance with the International Safety Management (ISM) Code, and today we take a look at some of the key measures involved plus provide tips on how to start preparing for this major development.
Back in 2017, the IMO adopted Resolution MSC.428 (98) and vessel owners now have only a matter of months to ensure that they have implemented onboard procedures designed to mitigate risk. To help them with this, a set of guidelines have been established by the IMO based upon the National Institute of Standards and Technology (NIST) framework and consisting of five steps:
Identifying risk | Detecting risk | Protecting assets | Responding to risk | Recovering from attacks
Whilst certainly useful, these guidelines were not created specifically for the maritime industry and so it is highly likely that vessel owners and managers will need additional guidance.
CMCA, powered by theICEway
CRIBB Maritime Cyber Assurance – aka CMCA – is a unique and comprehensive security framework that was created specifically for the maritime and cruise industry.
Recognised by the IASME Consortium, it is a robust and affordable alternative to ISO27001; contact us to arrange a demonstration or read more here.
Recommended Next Steps for Vessel Owners
- Contact the cyber security experts here at CRIBB for more details on implementing CMCA
As part of theICEway ecosystem of companies, CRIBB Cyber Security has over 20 years’ experience in maritime and cruise. Our professional team includes people from distinguished backgrounds in the industry, meaning that we are very well-placed to help you meet the rigorous demands of Resolution MSC.428 (98).
- Re-visit existing cyber security policies to re-evaluate the high-level structure
- Complete a full inventory of all potentially at-risk systems, including onboard and offshore systems, Operation Technology (OT) and Information Technology (IT) and equipment
It almost goes without saying that exercises of this nature should be carried out at least once per year, allowing for a full appreciation of where exactly your vessel is in terms of cyber resilience.
- Conduct a cyber risk analysis on your vessel with cyber security experts evaluating threats and weaknesses, and revealing all potential risks and mitigation measures that must be deployed
It is critical that you work with cyber security professionals to create robust security policies and processes designed to offer the most effective cyber risk management. By doing this, you can ultimately develop a framework that is wholly tailored to your vessel – and this is precisely what you will get if you opt to implement CRIBB Maritime Cyber Assurance.