In Jun 2017, the 98th session of the IMO’s Maritime Safety Committee (MSC 98) agreed to put cyber risk management under ISM Code. It is expected that flag States would require shipowners to appropriately address cyber risks in the Safety Management Systems under ISM Code. Evidence of such arrangement will be included in the first annual verification of the company’s Document of Compliance after 1 January 2021.
Most important aspect of cyber risk management
Expert believed that the most important aspect of cyber risk management at present is to raise awareness; Cyber security threats are progressing and becoming a part of our daily business;
Experience sharing on basic house keeping measures:
Restrict user access down to the minimum they need to perform their role
Update your Antivirus regularly
Apply patches regularly
Remove any unused software
Remove unnecessary services
Control USB Ports, control the file types you can access via the USB or control the USB so you can only access whitelisted USB drives.
Training on to cover USB devices and Spotting illegitimate emails.
Use “Sheep Dip” computers to check Drives, and or standalone computers to allow visiting parties to print etc.
Intrusion detection system (IDS) with behaviour monitoring within the network.