This blog is entitled IMO 2021 for a good reason. From 1st January 2021, the International Maritime Organisation’s latest requirements will be enforced. These tackle cyber security measures for vessels’ onboard safety management systems. They will ensure compliance with the International Safety Management (ISM) Code. Today we look at some of the key measures involved. We also provide tips on how to start preparing for this major development.
Back in 2017, the IMO adopted Resolution MSC.428 (98). Vessel owners now have only a matter of months to implement onboard procedures designed to mitigate risk. To help them with this, a set of guidelines have been established by the IMO. These are based upon the National Institute of Standards and Technology (NIST) framework and consist of five steps:
Identifying risk | Detecting risk | Protecting assets | Responding to risk | Recovering from attacks
Whilst certainly useful, these guidelines were not created specifically for the maritime industry. Therefore, it is highly likely that vessel owners and managers will need additional guidance.
CMCA, powered by theICEway
CRIBB Maritime Cyber Assurance is also known as CMCA. It is a unique and comprehensive security framework. It was created specifically for the maritime and cruise industry.
Recognised by the IASME Consortium, it is a robust and affordable alternative to ISO27001; contact us to arrange a demonstration.
Recommended Next Steps for Vessel Owners
- Contact the cyber security experts here at CRIBB for more details on implementing CMCA
As part of theICEway ecosystem of companies, CRIBB Cyber Security has over 20 years’ experience in maritime and cruise. Our professional team includes people from distinguished backgrounds in the industry. This means that we are well-placed to help you meet the rigorous demands of Resolution MSC.428 (98).
- Re-visit existing cyber security policies so you can then re-evaluate the high-level structure
- Complete a full inventory of all potentially at-risk systems so you can rest easy. Include onboard and offshore systems, Operation Technology (OT) and Information Technology (IT) and equipment
We recommend you carry out such exercises at least once per year. Follow our recommendation and you will then know where exactly your vessel is in terms of cyber resilience.
- Conduct a cyber risk analysis on your vessel with cyber security experts such as ours. We evaluate threats and weaknesses fully, thus revealing all potential risks and mitigation measures that must be deployed
Conclusion: IMO 2021
It is critical that you work with cyber security professionals. Create robust security policies and processes designed to offer the most effective cyber risk management. Do this and you will develop a framework that is wholly tailored to your vessel. This is precisely what you will get if you opt to implement CRIBB Maritime Cyber Assurance.