Page 21 - INTERCARGO - Annual Report Report 2021 - 2022
P. 21
Cyber Risks
According to the findings reported in INTERCARGO is actively involved in supporting the implemen-
tation of IMO resolutions, and the work of the International As-
the Allianz Global Claims Review 2022, sociation of Classification Societies (IACS). There are a num-
cyber insurance claims have increased ber of frameworks in place to assist shipowners to achieve
operational resilience to cyber risks:
significantly in recent years. For the last
• IMO resolution on Maritime Cyber Risk Management in
two years more than 1,000 cyber claims Safety Management Systems (res MSC.428(98)).
a year were reported, compared with • IMO circular MSC-FAL.1/Circ.3/Rev.1, with high-lev-
fewer than 100 in 2016. More than 60% of el recommendations to safeguard emerging cyber
threats and vulnerabilities and include functional ele-
system intrusion incidents came through ments that support effective cyber risk management.
an organization’s partner. In the shipping • The Guidelines on Cyber Security Onboard Ships ver-
sector, there have been at least nine high sion 4, jointly developed by BIMCO, INTERCARGO et al.
profile cyber incidents reported since • Voluntary cyber risk management guidelines to man-
age the cyber risks associated with the shipboard OT
2017. Based on the analysis of incidents, systems, developed by Singapore, in collaboration with
the Review recommends that companies the Singapore University of Technology and Design.
• IAPH Cybersecurity Guidelines for Ports and Port Fa-
consider disaster recovery planning, put
cilities.
their plans to the test and then continue
• IACS Rec.166 - Cyber Resilience.
this testing regularly.
• IACS Rec.171 on incorporating cyber risk management
into Safety Management Systems, to support ship
owners for successful compliance with cybersecurity
requirements in the operational phase.
IACS has published new Unified Requirements (URs) for cyber
security, including:
(i) UR E26 on cyber resilience of ships for shipyards/in-
tegrators to demonstrate compliance, and
(ii) UR E27 on cyber resilience of onboard systems and
equipment for product suppliers to demonstrate com-
pliance with cyber security requirements, to be man-
datory for classed ships for construction on or after
1 January 2024.
To supplement these measures, the shipping industry would
like to see the development of minimum critical cyber securi-
ty controls for cyber defense to be applied to in-service ships
which are not covered by the new IACS URs
For more information on this topic please visit:
intercargo.org/topics/cyberisks
19
