In January 2021, new International Maritime Organization (IMO) guidelines on maritime cyber risk management went into effect. Around the same time, the U.S. government released a first of its kind National Maritime Cyber Security Plan (NMCP), accompanying recent maritime cybersecurity directives from the U.S. Coast Guard.
For infosec professionals in sectors with a long history of cybersecurity governance, this may not seem earth-shattering news. But these measures are milestone developments in maritime cybersecurity.
Sea change in awareness
On June 16th 2017, the Maritime Safety Committee (MSC) of the United Nations’ International Maritime Organization (IMO) adopted a brief but significant resolution, MSC.428(98), “to raise awareness on cyber risk threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks”. The IMO committee had already approved an unreleased draft of guidelines for cyber risk management, MSC-FAL.1/Circ.3.
By the time those guidelines were published a few weeks later, the world’s largest integrated shipping and container logistics company, Maersk, had been devastated by a massive…
