Norton Rose Fulbright partner Philip Roche believes port state control will play a limited role in enforcing cyber security.
Mr Roche, the global co-head of the firm's shipping group, told attendees at the European Maritime Cyber Risk Management Summit in London that the shipping industry was likely to continue to rely on classification societies and P&I clubs to understand regulatory compliance.
“It’s hard to see a port state control officer – a guy who’s been at sea, who understands engines and fuels and lifeboats – suddenly becoming armed with the ability to check a ship’s cyber security,” Mr Roche said.
“It seems to me a lot of reliance is going to be – as it is now – put on classification societies certifying whether a ship is safe to go to sea. Under SOLAS … under Marpol, and those kind of things.”
In addition to class notations Mr Roche said the industry could also see something akin to an international oil pollution prevention certificate which ships would carry around to prove they are compliant.
“What I can see is port state control doing basic checks. I cannot see them doing penetration testing, I cannot see them going into great depth, but I can see them doing a check that there is a policy in place.”
However, he said there was still room for both P&I clubs and classification societies to collaborate to develop and unify compliance guidelines.
“I understand that there is a P&I working group, that the classification societies have gotten together to get a working group and to have a think about these things and deal with how compliance may well look,” he said.
Mr Roche said he did not expect port state control in many countries to be quick to create an enforcement regime. He cited the UK Maritime and Coast Guard Agency’s yet to be defined methods of enforcing the IMO 2020 sulphur cap, saying port state response tends to follow “rather slowly” after the enactment of regulations.
He said he expected a quicker response from US authorities, however.
“US Coast Guard, of course, will apply an American approach to this and over-regulate and over-fine anybody who is found to be in breach. There is an interesting US Coast Guard letter about reporting suspicious activity and reporting breaches in relation to US ships,” he said.
In the end Mr Roche said classification societies and P&I clubs were a shipowners go to for understanding how to comply with future cyber regulations.
“There is a huge amount of raw material, but essentially, a shipowner would be looking to class and P&I clubs to help him through the issues.”