As from today, the IMO’s Resolution MSC.428(98) – Maritime Cyber Risk Management in Safety Management Systems – kicks in. The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. The IMO’s Guidelines Present five functional elements that support effective cyber risk management, which are not sequential – all should be concurrent and continuous in practice and should be incorporated appropriately in a risk management framework:
1 Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
2 Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
3 Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
4 Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
5 Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.