IMO has adopted a resolution MSC 428(98) that encourages all stakeholders in the shipping industry to be vigilant about cyber security. By January 1, 2021, administrators are encouraged to have complied with the first annual verification of the company's document of compliance.
The scale of cyber threat continues to rise by the day and this has prompted the urgency to raise awareness on marine cyber risks and vulnerabilities. Identifying a risk, assessing its potential impacts, planning on mitigation measures, and performance of management reviews depict the most crucial steps of a risk management program. There are plenty of both internal and external risks and vulnerabilities related to data security and the safety of digitally held information in the shipping industry. In line with this, the staff, shipping agents, suppliers and service providers in the maritime industry must learn and understand the importance of cyber security measures both at the organizational as well as individual level.
Incorporating New Resolutions to the Existing Cyber Security Mitigation Measures
With the adoption of the International Management Code for the Safe Operation of Ships and Pollution Prevention (International Safety Management (ISM) Code), administrators will be able to work on establishing a management plan for easy cooperation with those on board ships. This facilitates a timely assessment, identification, control and communication of any impending risk to ships, the crew and the environment. The International Maritime Organization saw the need to create awareness on cyber security, risk and risk management by providing recommendations that will serve as guide lights for stakeholders to protect shipping from current and future threats. With this in mind, the organization recommended that senior management should inculcate, promote and encourage a culture where all employees understand cyber threats and vulnerability.
Moreover, there should be frequent and comprehensive assessments of an organization's present cyber risk management system versus what is desired. With this, it is clear as to what should be included in its cyber risk management plan. The organization should also define strict personnel role, implement procedures on risk measures and protocols. The team should be able to detect a potential cyber risk, respond timely and have solid recovery as well as restoration measures.
Cyber technologies have played a great role in facilitation of safe and secure shipping as well as protection of the marine environment. As much as these technologies are efficient and provide significant gains to the industry, the risks they pose to the organizations cannot be overlooked. Cyber threats are either internal (due to outdated software) or external (hacking or introduction of malware) both of which pose a great risk to the security, confidentiality, integrity and availability of the information. Efficient cyber risk management procedures guarantee easy retrieval and safe delivery of information.
For any organization in the shipping industry, an efficient and reliable cyber risk management goes a long way. Increase in cyber threats points out that shipping industries should be fast to grasp the significance of cyber security by January, 1, 2021—both at individual and organization level. With the recommendations provided, closing cyber security loopholes are related threats will be seamless and easily managed. While it's possible for small and medium-sized ships with simple cyber security mitigation systems to find a simple application of the stipulated guidelines to be sufficient, large ships with complex and multifaceted cyber- related systems may call for more attention, extra resources through a reputable industry and government partners.