for Maritime Cyber Security.
Understanding and implementing maritime cyber risk management.
What is Maritime Cyber Risk?The International Maritime Organisation (IMO) defines maritime cyber risk as; ‘A measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.’ The IMO regulations and guidance is designed to minimise the risk of cyber incidents occurring and in so doing protection safety of life and the environment.
What are the
The IMO has recognised the urgent need to address cyber threats to the Maritime industry to ensure safe and secure shipping. The IMO regulations issued direction on maritime cyber risk management in Resolution MSC.428(98) adopted on 16 Jun 2017.
The resolution details the following:
An approved management system in accordance with requirements of the International Safety Management (ISM) Code.
Maritime industry stakeholders to implement cyber risk management to ensure they are protecting vessels & people.
Which vessels do the regulations impact?
To protect the safety of life at sea of crew and passengers it is recommended that maritime cyber risk management is implemented for all superyachts, as cyber-attacks can wreak the same disastrous consequences regardless of the size and commercial function of a vessel. Compliance is a requirement for any vessel greater than 500GT and subject to the IMO Code.
Who is liable?
Owners/Directors of the commercial entity, those who have responsibility for the superyacht / vessel can be held personally liable where maritime cyber risk management has not been appropriately addressed.
A failure to demonstrate that cyber risks have been appropriately managed and IMO regulations adherred to could result in refusal of the issue of a Document of Compliance after 1st January 2021 and may prevent a vessel from operating commercially.
What can happen if
I fail to act?
- Operational failings; endangering life at sea
- Refusal of issue of the Document of Compliance (for yachts of 500GT and over)
- Risk of privacy exposure for the Yacht owning entity, crew members and guests
- Regulatory action
- Increased insurance premiums
- PR, Brand & reputational damage
- Court cases – cost, damages and loss of earning
What is Cyber-Security Risk Management?Rapid advancements in technology has resulted in the world becoming ever increasingly dependent on its ability to stay connected and cyber-attacks continue to grow in number and sophistication. Operating and Information systems on superyachts are becoming increasingly complex, autonomised and vulnerable to cyber security incidents which could ultimately result in critical systems being disabled, assets being exposed and potentially lives at risk. Regulatory compliance is critical but a cyber-security risk management program should be paramount to any organisation looking to protect its people, assets and reputation.
IMO Cyber Compliance
CSS Platinum deliver an IMO Cyber Compliance package to address the requirements of the IMO Regulations ISM Code: Cyber Risk Management due for implementation in January 2021.
CSS Platinum have worked with the Flag Registries to help them design the assessment criteria for the implementation of Maritime Cyber Risk Management programs. Our team of cyber-security professionals have unparalleled experience delivering Cyber Security and Risk Management services to the maritime and superyacht industries.