Do you want to meet the IMO standards with your organization? Is your company in the process of obtaining an ISO 27001 certificate? Do you need a check whether you comply with the laws and regulations with regard to the GDPR?
IMO: In a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey, despite the majority of respondents (77%) viewing cyber-attacks as a high or medium risk to their organizations, few appear to be prepared for the aftermath of such an attack. 64% of respondents said their organization has a business continuity plan in place to follow in the event of a cyber incident, but only 24% claimed it was tested every three months, and only 15% said that it was tested every six to 12 months. Only 42% of respondents said that their organization protects vessels from operational technology (OT) cyber threats, and some respondents went so far as to describe their company policy to OT cyber risk as “careless.”
Protecting a vessel’s critical operations from cyber threats poses unique challenges with operation centers and fleets of numerous classes and vintages spread across the world, increasingly digitalized operations, and a complex environment merging Information Technology (IT) with industrial control systems (ICS) and operational technology (OT).
Some of the maritime cybersecurity compliance measures you need to consider include IMO Resolution MSC. 428(98), ISA/IEC 62443, ISO/IEC 27001, and TMSA. There are also other industry and regulatory standards that you need to adhere to based on your country of operation and nature of your vessels’ operations.
As connectivity and reliance on the Internet are now the norms with many technologies essential to the operation and management of vessels, the security, safety, and reliability of these systems is paramount. To that end, the maritime industry is recognizing the need for cybersecurity oversight to ensure the effective management and mitigation of evolving cyber threats.
These guidelines provide recommendations and include functional elements that support effective cyber risk management:
Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data, and capabilities that, when disrupted, pose risks to ship operations.
Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber event.
Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
It is becoming increasingly important to be able to demonstrate that your company complies with current laws and regulations, with regard to the use of data and the measures that have been taken to protect data. The Armada team can map out your company’s compliance and develop a plan of action to help you achieve the right goals.