Maritime organisations have long focused on safety and the management of risks, however, bringing cyber threats into play can often be challenging as these are usually harder to quantify, understand and relate to the physical world. Some lessons can be brought across from other industries and frameworks, including that of the National Institute of Standards and Technology (NIST), which can be very helpful in aligning thinking and practice to cyber risks. But there are unique considerations that need to be factored in when applying a robust risk management process to cyber risks within marine and offshore organisations.
In 2017, the IMO issued MSC-FAL.1/Circ.3 ‘Guidelines on maritime cyber risk management’. These guidelines provide high-level recommendations to safeguard shipping from current and emerging cyber threats and vulnerabilities, including functional elements that support effective cyber risk management. The IMO’s Maritime Safety Committee then adopted these guidelines through Resolution MSC.428(98) ‘Maritime Cyber Risk Management in Safety Management Systems’. This resolution encourages administrations to ensure that cyber risks are appropriately…