Cyber risk management

Overview

BIMCO's position on "cyber risk management" has been approved by the BIMCO Board of Directors.

Background

Information Technology (IT) and Operating Technology (OT) systems onboard ships are used for a multitude of purposes, such as controlling engines and associated systems, cargo management, navigational systems, administration, etc.  The increased integration of systems and the greater use of digital ship-to-shore communication and data links now substantially increase ships’ exposure to cyber security risks.

As cyber security threats are dynamic in nature, regulations alone are not enough to offer protection against such incidents. Regulations tend to be static and the long regulatory process reduces their effectiveness as a weapon against the fast changing world of cyber crime.

BIMCO, CLIA, ICS, INTERCARGO, InterManager, INTERTANKO, IUMI,  OCIMF and WSC regularly review and update the Guidelines on Cyber Security onboard Ships (commonly referred to as the BIMCO Guidelines). Shipowners and operators can use the guidance to assess their operations and develop the necessary procedures and actions to improve resilience and maintain integrity of cyber systems onboard their ships.

BIMCO has published a Cyber Security Clause requiring the parties to commercial shipping contracts to implement cyber security procedures and systems to help reduce the business risk of incidents and respond efficiently if such incidents should occur.

Ship cyber risks should be appropriately addressed in safety management systems no later than the first annual verification of the company's International Safety Management (ISM) code’s Document of Compliance after 1 January 2021.

Software maintenance has a cyber security aspect. BIMCO and CIRM will ask the IMO to develop guidelines that set a framework for software maintenance of shipboard equipment. These new guidelines will be supplemented by an ISO Standard on a Ship Software Logging System that records software versions automatically.

BIMCO’s position

  • To manage cyber security risks, the implementation of the continuously updated Guidelines on Cyber Security onboard Ships is recommended.
  • New ships should be built with cyber secure systems and components in accordance with future IACS unified requirements.
  • Training is a key risk mitigating measure and BIMCO will work to raise awareness in the industry. If training requirements are formalised, pragmatic solutions should be included to take into account the rapidly changing cyber threat.

 

Rasmus Nord Jorgensen
in Copenhagen, DK

VPS Bunker Alerts

Veritas Petroleum Services (VPS) publish regular Bunker Alerts based entirely on fuel samples and have kindly permitted BIMCO’s Members to access this information.

The Bunker Alerts are not intended to be an evaluation of overall bunker quality in the port or area concerned, but usually highlight a specific parameter within the fuel which has raised a quality issue.

Want to stay up-to-date?

Register for updates about
{{Title}}

Receive emails when this topic is updated – you can choose how often.

Register Now
 

ELSEWHERE ON BIMCO

Chartering help & advice

This section contains a comprehensive source of information and guidance on chartering related matters. You will find invaluable information on many aspects of chartering distilled from our many years’ experience on advising members.

Learn about your cargo

For general guidance and information on cargo-related queries.

More about cargo

BIMCO Publications

Want to buy or download a BIMCO publication? Use the link to get access to the ballast water management guide, the ship master’s security manual and many other publications.