IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety, giving the industry another issue to deal with.
Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.
Delegates discussed the ramifications of this at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, which is being held in association with Norton Rose Fulbright in London.
Danish Maritime Authority special adviser Erik Tvedt told the seminar that the decision IMO made on Friday 16 June should drive shipowners and managers to incorporate cyber risk management and security into their safety management systems.
"Owners need to do this by 1 January 2021 or ships can be detained," Mr Tvedt said. He added that port state control would need to enforce this requirement in a standard way.
A morning panel, which included MOL LNG Transport IT manager Pete Adsett and representatives from Lloyd’s Register and Moore Stephens, highlighted how this would be difficult to implement.
Mr Adsett explained how his organisation prevents cyber issues and protects ships from malware. He said his ships had malware on board in the past, but these were cleaned off.
There were discussions from the summit floor as to what the IMO decision meant to shipowners and how this would impact shipmanagers. One conclusion is that port state control officers will need to be advised on what to look for.
Changes to the ISM Code are required because an increasing number of vessels are found to have malware on board, which could affect ship operations and navigation safety.
At the summit, DNV GL maritime cyber security manager Patrick Rossi listed many of the issues found on board container ships and tankers that make these vessels more vulnerable to cyber attack.
Delegates heard about the mitigation methods for preventing and dealing with a cyber attack from John Boles a former assistant director of US Federal Bureau of Intelligence’s international operations. He is now director of global legal technology solutions at Navigant.
Mr Boles said controlled networks should be separated from unsecure ones, software should be patched and crew trained to prevent unintentional malware infections. He said shipping companies should have layered defences to isolate protected data from the internet, implement multi-factor authentication and retain outside security experts to help plan for a cyber attack.