United States requires all ships, U.S. flagged ships and foreign flagged ships that call on ports in the U.S, to ensure cyber risk management is appropriately addressed in their safety management system by the company's first annual verification of the Document of compliance after January 1, 2021. Failure to this requirement may result in detention of ship in US port.
Members may recall that in June 2017, International Maritime Organization (IMO) at its 98th session of Maritime Safety Committee (MSC) adopted resolution MSC 428 (98), which encourages national administrations to ensure that cyber risks are appropriately addressed in safety management systems (SMS) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.
We are not too far from 1 January 2021, and members may receive more detailed information on this from their flag states. Recently United States Coast Guard (USCG) issued information on how they will proceed on ensuring compliance to this resolution.
USCG has instructed their Marine Inspectors (MI) and Port State Control Officers (PSCO) on how to evaluate an SMS and what actions to take in the event of a non-compliance.
The USCG expects that all companies with U.S. flagged ships and foreign flagged ships that call on ports in the U.S. ensure cyber risk management is appropriately addressed in their SMS. In this connection, USCG will include cyber risk assessment in their PSC inspection post 1 January 2021.
If objective evidence is found that the ship failed to implement its SMS with respect to cyber risk management, the following actions may be taken by the PSCO.
In this regard, members are advised to take timely action in ensuring cyber risks are addressed in their SMS and properly implemented on board ships.
Members are also advised that MSC-FAL.1/Circ.3, contains guidelines that provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities. The Guidelines also include functional elements that support effective cyber risk management.
BIMCO has worked on this subject with other industry partners and produced Guidelines on cyber security onboard ships which is now in its version 3.A new version will soon be out. The Annex 2 of these guidelines may be of specific interest to shipowners as it matches the ISM code with specific cyber risk aspects mentioned in these guidelines.
Furthermore, BIMCO has also published Cyber Security Workbook for On Board Ship Use which is a practical workbook on identifying cyber risks and how to respond in case of a cyber-attack.
Links to the above-mentioned documents
Access BIMCO's COVID-19 related articles and advice.
Veritas Petroleum Services (VPS) publish regular Bunker Alerts based entirely on fuel samples and have kindly permitted BIMCO’s Members to access this information.
The Bunker Alerts are not intended to be an evaluation of overall bunker quality in the port or area concerned, but usually highlight a specific parameter within the fuel which has raised a quality issue.
For general guidance and information on cargo-related queries.
Want to buy or download a BIMCO publication? Use the link to get access to the ballast water management guide, the ship master’s security manual and many other publications.