Major Shipping Associations Issue Cybersecurity Guidelines for Shipowners and Operators

Mainbrace | January 2016 (No. 1)

Kate B. Belmont

BIMCO and its international shipping association partners CLIA, ICS, Intercargo, and Intertanko, recently released the first set of cybersecurity guidelines  targeted to shipowners and operators, “The Guidelines on Cyber Security Onboard Ships.” Recognizing the maritime industry’s over-reliance on information technology (“IT”) and operational technology (“OT”), and the risks associated with unauthorized access or malicious attacks to ships’ systems and networks, BIMCO and its partners created these guidelines specifically for the maritime industry. The guidelines provide direction, awareness, and “guidance to shipowners and operators on how to assess their operations and put in place the necessary procedures and actions to maintain the security of cyber systems onboard their ships.”

The first set of cybersecurity guidelines focuses on understanding cyber threats, assessing the risks, reducing the risks, and developing contingency plans and responding to cyber incidents. Focusing on the unique set of issues that face the shipping industry onboard ships, these guidelines provide measures on how to lower cybersecurity risks, including:

  • raising awareness of the safety, security, and commercial risks for shipping companies if no cybersecurity measures are in place;
  • protecting shipboard OT and IT infrastructure and connected equipment;
  • managing users, ensuring appropriate access to necessary information;
  • protecting data used onboard ships, according to its level of sensitivity;
  • authorizing administrator privileges for users, includ- ing during maintenance and support on board or via remote link; and,
  • protecting data being communicated between the ship and the shore side.

These guidelines will be submitted to the International Maritime Organization for their information and consideration in developing international regulations on cybersecurity.

The guidelines may be reviewed and downloaded here: www.intertanko.com//upload/104956/Cyber-Security-guidelines.pdf