Cyber risk management

Cyber risk management

Overview

BIMCO's position on "cyber risk management" has been approved by the BIMCO Board of Directors.

Background

Information Technology (IT) and Operating Technology (OT) systems onboard ships are used for a multitude of purposes, such as controlling engines and associated systems, cargo management, navigational systems, administration, etc. Until recent years, these systems were commonly isolated from each other and from any external shore-based systems. The increased integration of systems and the greater use of digital ship-to-shore communication and data links now substantially increase ships’ exposure to cyber security risks.

As cyber security threats are dynamic in nature, regulations alone are not enough to offer protection against such incidents. Regulations tend to be static and the long regulatory process reduces their effectiveness as a weapon against the fast changing world of cyber crime.

BIMCO, CLIA, ICS, INTERCARGO, InterManager, INTERTANKO, IUMI,  OCIMF and WSC regularly review and update the Guidelines on Cyber Security onboard Ships (commonly referred to as the BIMCO Guidelines), which offer guidance to shipowners and operators on how to assess their operations and develop the necessary procedures and actions to improve resilience and maintain integrity of cyber systems onboard their ships.

BIMCO has published a Cyber Security Clause requiring the contractual parties to implement cyber security procedures and systems to help reduce the risk of an incident and respond efficiently if such an incident should occur.

Cyber risks should be appropriately addressed in safety management systems no later than the first annual verification of the company's International Safety Management (ISM) code’s Document of Compliance after 1 January 2021.

Software maintenance has a cyber security aspect. An ISO Standard that sets a framework for software maintenance of shipboard equipment including the requirements for a software maintenance logging system is being developed.

BIMCO’s position

  • To manage cyber security risks, the implementation of the continuously updated Guidelines on Cyber Security onboard Ships is recommended.
  • New ships should be built with cyber secure systems and components in accordance with future IACS unified requirements.
  • Training is a key risk mitigating measure and BIMCO will work to raise awareness in the industry. If training requirements are formalised, pragmatic solutions should be included to take into account the rapidly changing cyber threat.

 

Rasmus Nord Jorgensen
in Copenhagen, DK

Want to stay up-to-date?

Register for updates about
{{Title}}

Receive emails when this topic is updated – you can choose how often.

Register Now
 

ELSEWHERE ON BIMCO

Chartering help & advice

This section contains a comprehensive source of information and guidance on chartering related matters. You will find invaluable information on many aspects of chartering distilled from our many years’ experience on advising members.

Learn about your cargo

For general guidance and information on cargo-related queries.

More about cargo

BIMCO Publications

Want to buy or download a BIMCO publication? Use the link to get access to the ballast water management guide, the ship master’s security manual and many other publications.