Guidelines on Maritime Cyber Risk Management
23 October 2018 | C18049
We are releasing today our Publication for the Maritime Cyber Risk Management to provide recommendations on maritime cyber risk management to safeguard shipping emerging cyberthreats and vulnerabilities.
Ship Owners/ Managers/ Operators | Flag Administrations | Surveyors / Auditors
Cybertechnologies have become essential to the operation and management of numerous systems critical to the safety and security of shipping and protection of the marine environment. Risk management is fundamental to safe and secure shipping operations. Risk management has traditionally been focused on operations in the physical domain, but greater reliance on digitization, integration, automation and network-based systems has created an increasing need for cyber risk management in the shipping industry.
The Facilitation Committee and the Maritime Safety Committee, having considered the urgent need to raise awareness on cyber risk threats and vulnerabilities, approved the Guidelines on maritime cyber risk management, as per MSC-FAL.1/Circ.3. The recommended Guidelines provide high-level recommendations for maritime cyber risk management. For the purpose of the Guidelines, maritime cyber risk refers to a measure of the extent to which a technology asset is threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
Predicated on the goal of supporting safe and secure shipping, which is operationally resilient to cyber risks, the Guidelines provide recommendations that can be incorporated into existing risk management processes.
We are releasing our Guidelines on Maritime Cyber Risk Management Publication explaining to Companies how the cyber risk can be managed through existing Company’s implemented procedures. Through our Publication, best practices for implementation are given, that the Company is recommended to use in order to verify compliance.
Ship Owners/ Managers/ Operators must ensure that no later than the first annual verification of the company’s Document of Compliance after 01 January 2021, the cyber risk management should be incorporated into the Safety Management System.
Dromon Auditors should verify during the forthcoming audits that the cyber risk managing processes are included in the Company’s procedures, prior 01 January 2021.