Industry publishes new and improved cyber security guidelines

Overview

The fourth edition of the industry cyber risk management guidelines, Guidelines on Cyber Security Onboard Ships is now available and lays the foundation for further improvements and refinement of companies’ cyber security risk assessments.

The version 4 of the cyber security guidelines is published at a time when shipowners and ship managers are faced with a requirement to implement cyber risk management in their safety management systems (SMS) by the time of their first Document of Compliance audit after 1 January 2021. While the previous version (version 3 dated November 2018) offered the necessary guidance for the initial work of implementing cyber risk management in the SMS, the new version contains several improvements.

“In recent years, the industry has been subjected to several significant incidents which have had a severe financial impact on the affected companies,” says Dirk Fry, chair of BIMCO’s cyber security working group and Director of Columbia Ship Management Ltd.

“While these incidents have had little or no safety impact, they have taught us some very important lessons which have been incorporated into the new version of the guidelines,” ads Fry.

The fourth version contains general updates to best practises in the field of cyber risk management, and as a key feature, includes a section with improved guidance on the concept of risk and risk management. The improved risk model takes into consideration the threat as the product of capability, opportunity, and intent, and explains the likelihood of a cyber incident as the product of vulnerability and threat. Thus, the improved risk model offers explanation as to why still relatively few safety-related incidents have unfolded in the maritime industry, but also why this should not be misinterpreted and make shipping companies lower their guard.

”With the increased connection of devices and systems to the internet, more opportunities will present themselves and more vulnerabilities in need of safeguarding will emerge in the future,” says Fry.

“Cyber security is an arms race between the attackers and the defenders, where the attacker has the luxury of first choice of weapon. Because we can never be 100% secure in such circumstances, we must extract all the learnings we can from past events. We should be capable of quickly recovering from incidents because we know they will most likely occur at some point. Drawing on the most recent experiences from the industry and beyond, the new version of the guidelines will help us achieve just that,” Fry says.

The following organisations produced the fourth edition: BIMCO, Chamber of Shipping of America, Digital Containership Association, International Association of Dry Cargo Shipowners (INTERCARGO), Interferry, International Chamber of Shipping (ICS), INTERMANAGER, International Association of Independent Tanker Owners (INTERTANKO), International Marine Contractors’ Association (IMCA), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), Superyacht Builders Association (Sybass), and World Shipping Council (WSC).

For further information or to request an interview, please contact:

Mette Kronholm Frænde
Manager, Communication
Mobile: +45 2253 0215
Email: mkf@bimco.org

The work was further supported by

Class NK, Cyberowl, Cygnus Technologies, Cobham SATCOM, Maersk, Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC), Moran Cyber, and Templar Executives.

About BIMCO

BIMCO is the world's largest international shipping association, with around 1,900 members in more than 120 countries, representing 56% of the world’s tonnage. Our global membership includes shipowners, operators, managers, brokers and agents. BIMCO is a non-profit organisation.

Download RELATED Documents

  • Download Icon

    Guidelines on Cyber Security Onboard Ships (Version 4) 3.4 MB

    Download now
Mette Kronholm Frænde
in Copenhagen, DK

Coronavirus

Access BIMCO's COVID-19 related articles and advice.

Read more

VPS Bunker Alerts

Veritas Petroleum Services (VPS) publish regular Bunker Alerts based entirely on fuel samples and have kindly permitted BIMCO’s Members to access this information.

The Bunker Alerts are not intended to be an evaluation of overall bunker quality in the port or area concerned, but usually highlight a specific parameter within the fuel which has raised a quality issue.

Latest piracy reports

 

Latest industry releasable threats

 

Latest Related News

View All News
 

ELSEWHERE ON BIMCO

Contracts & Clauses

All of BIMCO's most widely used contracts and clauses as well as advice on managing charters and business partners.

Learn about your cargo

For general guidance and information on cargo-related queries.

More about cargo

BIMCO Publications

Want to buy or download a BIMCO publication? Use the link to get access to the ballast water management guide, the ship master’s security manual and many other publications.

About a new business partner

We can help members check new business partners. We also help to recover millions of USD (undisputed) funds every year.