Achieving compliance of IMO 2021 cyber security requirements

Cyber security New Regulation

The International Maritime Organization (IMO) safety code has included a cyber chapter with specific compliance terms including mandatory obligation: MSC-FAL.1/Circ.3Guidelines on maritime cyber risk management.

According to the regulation, all vessels are required to implement the necessary cyber security measures no later than January 2020. The said regulation mandates the implementation of several layers of protection to be implemented in addition to conducting cyber risk assessment.
IMO regulation is part of much larger guidance and standards such as BIMCO, CLIA, ICS, OCIMF; ISO/IEC 27001 Standard on Information Technology; and United States NIST Framework for Improving Critical Infrastructure Cyber Security.

On December 23rd 2020, BIMCO issued its fourth edition of the industry cyber risk management guidelines, Guidelines on Cyber Security Onboard Ships which lays the foundation for further improvements and refinement of companies’ cyber security risk assessments.

General Framework

The IMO/NIST/BIMCO framework offers a blueprint for developing a cyber risk management program, based around Five Steps:

Identifying risk → 2.Detecting risk→ 3.Protecting assets → 4. Responding to risk → 5.Recovering

Asset Mapping: Ship owners must conclude a complete inventory of at-risk systems. This step includes both onboard and offshore systems, and Information Technology (IT) and Operation Technology (OT). Such mapping provides ship owners the full understanding and visibility of all systems as part of such risk assesment.

Threat Analysis: Ships should then undergo a cyber risk analysis that assesses threats and vulnerability, as well as the impact of the exploitation of IT and OT systems on cyber security. Such Analysis shall determine relevant risk, evaluate equipment surface of attack, and consider mitigation measures that have been or should be applied onboard.

Policies & Procedures: Once this is done, owners can develop a set of policies and procedures for cyber risk management that is tailored to their vessel and its equipment. This step includes the onboard cyber safety management rules to be drafted under a specific policy which will include a disaster recovery plan, roles, and responsibilities of personnel, and more.

Cydome’s technology allows shipping companies to fast track their IMO compliance procedure with its automated tools, whether assisting its first Regulation Audit or for all such next annual audits with its implemented autofill and auto-mapping tools on board.

Get a 1-on-1 with our experts