My Account

Profiled Partners

  • CSO Alliance
    The World's First Global Members Alliance of Maritime Company Security Officers (CSO)
  • Navarino
    The Maritime Industry's Most Advanced Communications & Connectivity Company
  • Be Cyber Aware At Sea
    A Global Maritime & Offshore Initiative.
  • Be Cyber Aware at Sea
    Start the Course now!


IMO imposes cyber security on ship ISM

Marinemec.com, June 2017 
June 23rd 2017
Marinemec.com, June 2017
This report by Martyn Wingrove details how the industry is responding to cyber risk management. Read the full report online here.

IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety, giving the industry another issue to deal with.

Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.

Delegates discussed the ramifications of this at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, which is being held in association with Norton Rose Fulbright in London.

Danish Maritime Authority special adviser Erik Tvedt told the seminar that the decision IMO made on Friday 16 June should drive shipowners and managers to incorporate cyber risk management and security into their safety management systems.

"Owners need to do this by 1 January 2021 or ships can be detained," Mr Tvedt said. He added that port state control would need to enforce this requirement in a standard way.

A morning panel, which included MOL LNG Transport IT manager Pete Adsett and representatives from Lloyd’s Register and Moore Stephens, highlighted how this would be difficult to implement.

Mr Adsett explained how his organisation prevents cyber issues and protects ships from malware. He said his ships had malware on board in the past, but these were cleaned off.

There were discussions from the summit floor as to what the IMO decision meant to shipowners and how this would impact shipmanagers. One conclusion is that port state control officers will need to be advised on what to look for.

Changes to the ISM Code are required because an increasing number of vessels are found to have malware on board, which could affect ship operations and navigation safety.

At the summit, DNV GL maritime cyber security manager Patrick Rossi listed many of the issues found on board container ships and tankers that make these vessels more vulnerable to cyber attack.

Delegates heard about the mitigation methods for preventing and dealing with a cyber attack from John Boles a former assistant director of US Federal Bureau of Intelligence’s international operations. He is now director of global legal technology solutions at Navigant.

Mr Boles said controlled networks should be separated from unsecure ones, software should be patched and crew trained to prevent unintentional malware infections. He said shipping companies should have layered defences to isolate protected data from the internet, implement multi-factor authentication and retain outside security experts to help plan for a cyber attack.