Shipowners and operators who have not already done so, should undertake risk assessments and incorporate measures to deal with cyber risks in their ship’s safety management systems (SMS) and crew awareness training. While the IMO has given shipowners and managers until 1 January 2021 to incorporate cyber risk into ships’ safety management systems, tanker owners and operators that are subject to vetting under OCIMF’s SIRE Programme have been addressing cyber security risks in their policies and procedures since 1 January 2018.
The newly published third edition of the industry cyber risk management guidelines, Guidelines on Cyber Security Onboard Ships, addresses the requirement to incorporate cyber risks in the ship’s safety management system. This was not included in the previous versions of the guidelines. Its inclusion reflects the fact that the industry has a deeper experience with risk assessments of operational technology (OT) – such as navigational systems and engine controls – and provides more guidance for dealing with the cyber risks to the ship arising from parties in the maritime supply chain.
Cyber risks may not be…
