IMO Resolution on Maritime Cyber Risk Management - Compliance date 1 January 2021
Ship owners and operators will need to comply with Resolution MSC.428(98) from 1 January 2021.
The International Maritime Organization (IMO) adopted Resolution MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems on 16 June, 2017 and issued MSC-FAL.1/Circ.3 Guidelines on Maritime Cyber Risk Management on 5 July, 2017.
Whilst recognising that cyber technologies had become essential to the operation and management of numerous systems critical to the safety and security of shipping and the protection of the marine environment, the IMO acknowledged the vulnerabilities of these technologies to cyber risks and cyber threats. Noting that the rapidly changing technologies and threats made it difficult to address these risks only through technical standards, the IMO recommended that cyber risks are addressed in existing safety management systems required by the International Safety Management (ISM) Code. Ship owners and operators will need to comply with Resolution MSC.428(98) from 1 January 2021 (and no later than the first annual verification of the company’s DOC after this date).
MSC-FAL.1/Circ.3 provides guidance on how to conduct an assessment of the cyber risks for complying with the Resolution. Additional guidance is available from publications including The Guidelines on Cyber Security Onboard Ships by BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI, the US National Institute of Standards and Technology’s (NIST) Framework and from Members’ Classification Societies. BIMCO has also just issued its Cyber Security Workbook for On Board Ship Use which uses detailed, step by step checklists, providing a ship’s crew with, “ the practical skills to identify cyber risks and to protect vulnerable onboard systems. It also gives guidance on how best to detect, respond and recover in the event of a cyber attack.
If Members have any questions on this IMO Resolution, your usual contact at the Club will be pleased to assist you.
MSCFAL1Circ3 Guidelines On Maritime Cyber Risk Management Secretariat 94 KB
Legal Services Manager
You may also be interested in:
Circular 09/22: EU Sanctions - clarification published on the carriage of certain Russian cargoes including coal and fertilisers
On 19 September 2022 the EU further amended its FAQS clarifying the application of provisions relating to the carriage of certain cargoes from Russia, including coal and other solid fossil fuels as well as certain types of fertilizer.
MPA Singapore Port Marine Circular No.19
The Maritime and Port Authority (MPA) of Singapore recently issued Port Marine Circular No.19 of 2022 which introduced a requirement for all non-vaccinated crew arriving in Singapore after 28th August to perform a pre-departure COVID test 2 days before arrival and hold valid travel insurance which covers them for all COVID risks.
Maritime Cyber Risk
The International Maritime Organization is requiring Shipowners and Managers to include cyber security management procedures in their Safety Management System by 2021