According to an IMO resolution MSC.428(98), cyber risks are to be addressed in safety management systems (SMS) no later than the first annual verification of the company’s Document of Compliance (DOC) after 1 Jan 2021. The approved SMS should take into account cyber risk management by the objectives and functional requirements of the ISM Code.
The functional elements that support effective cyber risk management include:
- Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
- Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
- Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
- Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
- Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
Those functional elements should be incorporated into a risk management framework. We hope that part of the discussion at the webinar would suggest options for managing this task.
USCG issued “Vessel Cyber Risk Management Work Instruction” as attached on 27 Oct 2020. It has details and specific focuses than a normal PSC CIC (Concentrated Inspection Campaign) checklist. The USCG Instruction indicates a general understanding of what PSC inspection on this item would be. INTERCARGO Members may refer to it for onboard training on compliance with IMO/Flag State requirements and PSC inspection.