Cyber Security IMO Regulations

Ignorance is bliss? Not when it comes to Cyber Security.

Technology plays a critical role in our daily lives. Technological advancements are blisteringly fast compared to previous years, which is why it has become an urgent topic of discussion. In this digital era of ubiquitous computing, organizations without Cyber Security are at risk. Land, air, water and cyber; it’s recognised as the fourth ground for nation-states. 

As the drive towards digital transformation continues to ceaselessly gather momentum, industries need to reassess their security strategies. By not properly protecting the attack surface, private and public sectors leave themselves exposed to possible breaches.

What is Cyber Security Management and why is it so important?

In short, all connected digital systems are prone to cyber-attacks. Expanding networking capabilities to all corners of our lives can make us more efficient, but more susceptible. 2020 catapulted industries online, with cyber security becoming a top priority for businesses. The pandemic has effectively become a catalyst for cyber security threats to rise exponentially, with all sectors being vulnerable. Connecting to the internet also means connecting to potential cyber threats. Attackers are always on the prowl to compromise systems. Generally, hackers are motivated by financial gain via corporate espionage or by acquiring personal data. Not having “top secret type government information” or “lifestyles of the rich and famous” does not make one untouchable.

Maritime Cyber Security Risk

While the threat is very real, the yachting industry has been quite lackadaisical until recently. Reality is – the fancier the yacht, the greater the risk. Adding complexities to ensure an immersive, bespoke experience, has resulted in modern superyachts closely resembling an enterprise-grade network. Vessels are more connected than ever before. Despite the cutting-edge technologies to allow for reliability, efficiency, and safety, cyber security seems to have fallen by the wayside. A breach is troubling in any business; however, consequences could be far more serious in the maritime environment. Don’t assume to know what hackers want. Money may not be the only motive, terrorism is a scary reality. “A successful breach of a vessel’s control systems can potential grant the assailant the ability to take control of bridge systems and control the vessel’s operational functions from anywhere in the world, in real time”, Super Yacht News

IMO Cyber Security Regulations

“When we talk about cyber security, it is not a matter of if you will be attacked but when. In order to deal with that, you should have a risk management approach on it and this what the IMO is introducing.” Mr. Chronis Kapalidis, Cyber Expert, HudsonAnalytix

Because of the ever-rising threat of an inevitable attack, the IMO has put cyber security regulations in place for compliance by 2021. The MSC-FAL.1/Circ.3 guidelines enforce a mechanism for dealing with risk rather than listing controls that should be implemented. Not reinventing the wheel, the IMO decided to build off established international frameworks for cyber risk management, adopting five functions that represent a holistic approach to cyber risk management: Identify, Protect, Detect, Respond, Recover. By taking this functional approach, captains and security officials have the flexibility to use their discretion to tailor a program that effectively meets the requirements of their vessel without becoming excessively onerous.

NIST Cyber Security Framework

Not industry or size specific, the NIST Cybersecurity Framework (“CSF”) is a useful benchmark which the maritime industry can refer to when developing internal regulations and standards.

The CSF features five core functions,

• Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
• Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
• Detect: Develop and implement activities necessary to detect a cyber event in a timely manner.
• Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
• Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.

Is your vessel ready for IMO’s Cyber Security compliance?

“It’s been decided that no later than the annual verification of each company’s Document of Compliance, the 1st of January 2021, all shipping companies will be mandated to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code)”, Pelion Consulting

With a strong background in the yachting sector, Virtual Pursers recommend Pelion Consulting to ensure Safety Management Systems are updated and ready for audit after the deadline date.

Virtual Pursers are not a yacht management company; we are an extension of your crew and act as a landbased bridge to your shoreside counterparts. As trusted yachting professionals with 20 years combined industry experience, we are here to help as well as to keep you informed on relevant industry related news and updates! For more information contact info@virtualpursers.com or call +44 203 514 0413.