Written by
Nick Blenkey
Shutterstock
The deadline for ship operators to include cyber risk management into ships’ safety management systems (SMS) is getting nearer. A shipping circular released yesterday by the Maritime and Port Authority of Singapore (MPA) notes that IMO Resolution MSC.428(98) requires that an approved SMS take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code.
Compliance with the ISM Code is required under the SOLAS convention.
For Singapore-registered ships, MPA will require cyber risks to be appropriately addressed in a company’s SMS no later than the first annual verification of the ISM company’s Document of Compliance after January 1, 2021.
To consider cyber risks as being appropriately addressed in SMS, says the MPA circular the ISM company is required to demonstrate that it has appropriately incorporated the five functional elements to address maritime cyber risks, namely:
- Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
- Protect:…
