‘Ignorance is no longer an option,’ Bimco warns as cyber security guidelines are updated
The second edition of The Guidelines on Cyber Security Onboard Ships has been released, a timely publication in the wake of last week’s Petya attack which hit Maersk hard. The latest practical advice has been compiled by the joint industry group, which is led by Bimco and now includes new members OCIMF and IUMI, as well as the original contributors CLIA, ICS, Intercargo and Intertanko.
The second edition includes information on insurance issues and how to effectively segregate networks, as well as new practical advice on managing the ship to shore interface, and how to handle cyber security during port calls and when communicating with the shore side.
The chapters on ‘contingency planning’ and ‘responding to and recovering from cyber incidents’ have been rewritten to reflect the fact that the guidelines are aimed specifically at ships and the remote conditions prevailing if a ship’s defences have been breached.
The guidelines have also been aligned with the recommendations given in the International Maritime Organization’s (IMO) Guidelines on cyber risk management which were adopted last month.
A new subchapter on insurance has been added, looking at coverage after a cyber incident as this is an important part of the risk assessment which shipowners should now take into consideration. Finally, the annex, which explains about networks, has been rewritten based on real experience of shipowners segregating networks on their ships.
Angus Frew, Bimco secretary general and CEO, said today: “Cyber security is certainly a hot topic for all of us now, and this latest guidance includes valuable information, applying a risk based approach to all of the areas of concern, highlighting how an individual’s unwitting actions might expose their organisation… In the light of recent events we urge everyone across the industry to download it – it’s available free of charge – and to consider the risk cybercrime may pose to their ships and operations. Ignorance is no longer an option, as we are all rapidly realizing.”
Splash readers can access the guidelines by clicking here.
Nice one and many thanks!
It is optimistic bias and wrong to assume that there is ignorance involved! I will argue any day that the real problem is lack of understanding! Ignorance can only be used if one truly understand what can or should be ignored and it would not make sense to any person to ignore this specific problem!
On the other hand, underwriters are still keen on writing more hoplessly insane risks to stay afloat even if their ships are sinking fast due to loss of density. I ignore a lot of things on purpose but I understand what and how I ignore. Maybe time to establish a cyber security penetration company to see learn the level of understanding by just ignoring a couple of protocols?
So, does this mean that ignorance was an option until very recently?