Martime Regulation
New Regulation of Maritime Cybersecurity
The International Maritime Organization (IMO) safety code has included a cyber chapter with specific compliance terms including mandatory obligation: MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management.
According to the regulation, all vessels are required to implement the necessary cyber security measures no later than January 2020. The said regulation mandates the implementation of several layers of protection to be implemented in addition to conducting cyber risk assessment.
IMO regulation is part of much larger guidance and standards such as BIMCO, CLIA, ICS, OCIMF; ISO/IEC 27001 Standard on Information Technology; and United States NIST Framework for Improving Critical Infrastructure Cyber Security.
Maritime organizations are taking appropriate steps to identify, analyze, assess, and communicate maritime cybersecurity risks. Contact us to learn how Cydome can help you prevent such unknown vulnerabilities with real-time anomaly detection.
The International Maritime Organization (IMO) safety code has included a cyber chapter with specific compliance terms including mandatory obligation: MSC-FAL.1/Circ.3Guidelines on maritime cyber risk management.
According to the regulation, all vessels are required to implement the necessary cyber security measures no later than January 2020. The said regulation mandates the implementation of several layers of protection to be implemented in addition to conducting cyber risk assessment.
IMO regulation is part of much larger guidance and standards such as BIMCO, CLIA, ICS, OCIMF; ISO/IEC 27001 Standard on Information Technology; and United States NIST Framework for Improving Critical Infrastructure Cyber Security.
On December 23rd 2020, BIMCO issued its fourth edition of the industry cyber risk management guidelines, Guidelines on Cyber Security Onboard Ships which lays the foundation for further improvements and refinement of companies’ cyber security risk assessments.
Cydome solutions ensure compliance with maritime cyber security regulations as part of its unified approach to protect the ship as a whole.
General Framework
The IMO/NIST/BIMCO framework offers a blueprint for developing a cyber risk management program, based around Five Steps:
Identifying
risk
Detecting
risk
Protecting
assets
Responding
to risk
Recovering
Asset Mapping
Shipowners must conclude a complete inventory of at-risk systems. This step includes both onboard and offshore systems, and Information Technology (IT) and Operation Technology (OT). Such mapping provides ship owners the full understanding and visibility of all systems as part of such risk assessment.
Threat Analysis
Ships should then undergo a cyber risk analysis that assesses threats and vulnerability, as well as the impact of the exploitation of IT and OT systems on cybersecurity. Such Analysis shall determine relevant risk, evaluate equipment surface of attack, and consider mitigation measures that have been or should be applied onboard.
Policies & Procedures
Once this is done, owners can develop a set of policies and procedures for cyber risk management that is tailored to their vessel and its equipment. This step includes the onboard cyber safety management rules to be drafted under a specific policy which will include a disaster recovery plan, roles, and responsibilities of personnel, and more.