IMO 2021

Cyber security New Regulation

The International Maritime Organization (IMO) safety code has included a cyber chapter with specific compliance terms including mandatory obligation: MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management.

According to the regulation, all vessels are required to implement the necessary cyber security measures no later than January 2020. The said regulation mandates the implementation of several layers of protection to be implemented in addition to conducting cyber risk assessment.
IMO regulation is part of much larger guidance and standards such as BIMCO, CLIA, ICS, OCIMF; ISO/IEC 27001 Standard on Information Technology; and United States NIST Framework for Improving Critical Infrastructure Cyber Security.

The International Maritime Organization (IMO) safety code has included a cyber chapter with specific compliance terms including mandatory obligation: MSC-FAL.1/Circ.3Guidelines on maritime cyber risk management.

According to the regulation, all vessels are required to implement the necessary cyber security measures no later than January 2020. The said regulation mandates the implementation of several layers of protection to be implemented in addition to conducting cyber risk assessment.
IMO regulation is part of much larger guidance and standards such as BIMCO, CLIA, ICS, OCIMF; ISO/IEC 27001 Standard on Information Technology; and United States NIST Framework for Improving Critical Infrastructure Cyber Security.

On December 23rd 2020, BIMCO issued its fourth edition of the industry cyber risk management guidelines, Guidelines on Cyber Security Onboard Ships which lays the foundation for further improvements and refinement of companies’ cyber security risk assessments.

General Framework

The IMO/NIST/BIMCO framework offers ablueprint for developing a cyber risk management program, based around Five Steps:

Identifying
risk

Detecting
risk

Protecting
assets

Responding
to risk

Recovering

Asset Mapping

Shipowners must conclude a complete inventory of at-risk systems. This step includes both onboard and offshore systems, and Information Technology (IT) and Operation Technology (OT). Such mapping provides ship owners the full understanding and visibility of all systems as part of such risk assessment.

Threat Analysis

Ships should then undergo a cyber risk analysis that assesses threats and vulnerability, as well as the impact of the exploitation of IT and OT systems on cybersecurity. Such Analysis shall determine relevant risk, evaluate equipment surface of attack, and consider mitigation measures that have been or should be applied onboard.

Policies & Procedures

Once this is done, owners can develop a set of policies and procedures for cyber risk management that is tailored to their vessel and its equipment. This step includes the onboard cyber safety management rules to be drafted under a specific policy which will include a disaster recovery plan, roles, and responsibilities of personnel, and more.

Cydome’s technology allows shipping companies to fast track their IMO compliance procedure with its automated tools, whether assisting its first Regulation Audit or for all such next annual audits with its implemented autofill and auto-mapping tools on board.

Skip to content