BIMCO Archives - Page 2 of 2 - SHIP IP LTD

Maritime Cybersecurity Operations Center opens in Singapore

The Maritime and Port Authority of Singapore (MPA) has opened a new Maritime Cybersecurity Operations Centre (MSOC), to provide early detection, monitoring, analysis and response to potential cyber-attacks on the port state’s critical maritime information infrastructure.

The MSOC will be operated by ST Engineering at its Singapore Hub, and will conduct 24/7 monitoring and correlate data activities across all maritime Critical Information Infrastructure (CII) systems.

MPA says that the facility will have the capability to detect and monitor cyber-attacks by analysing activities in the IT environment, recognise anomalies and threats, and then initiate a response using a range of technology systems.

Key data linkages will also be established between MSOC and Singapore’s Port Operations Control Centre, in order to respond to cyber incidents in a more collaborative manner.

“Cyber threats come in many forms and have been rising steadily across the globe. As the world’s busiest transhipment hub, it is important that we safeguard our maritime and port critical infrastructure to prevent a major disruption to port operations and delivery of services,” said Niam Chiang Meng, Chairman of the Maritime and Port Authority of Singapore (MPA).

In addition to setting up MSOC, MPA has also introduced other initiatives to strengthen the cybersecurity readiness of the maritime sector, having collaborated with the Singapore Shipping Association and Singapore Polytechnic to develop a new Maritime Cybersecurity (Intermediate) Training Course for maritime personnel.

The one-day course, to be rolled out in first half of next year, will be built upon an existing basic course to allow participants to further expand their knowledge of cyber risk management and counter-measures from a practitioner’s perspective.

Other new cyber initiatives include a Maritime Cybersecurity Research programme that has been created as a collaborative effort between MPA, the Singapore Maritime Institute and other local institutes of higher learning, which will focus on the protection of shipboard systems from cyber threats, and an expansion of the existing Port Authorities Roundtable initiative to encourage greater sharing of intelligence relating to maritime cybersecurity.


BIMCO has co-sponsored a proposal at the 43rd session of the Facilitation Committee (FAL 43) held at the IMO Headquarters on 8-12 April, putting anti-corruption formally on the IMO agenda going forward.


This week, a maritime corruption paper was presented at the 43rd session, including a request to the International Maritime Organization (IMO) to make maritime corruption a regular work item.

The paper received solid support from 23 countries and international organizations, including BIMCO who attended the meeting, and it was decided that the IMO will work on a maritime corruption guidance expected to be completed by 2021.

“We are very pleased that the IMO will now discuss the issue of maritime corruption in the FAL Convention and that the IMO will now come up with guidance to help our members by addressing corruption,” says Aron Sorensen, Head of Maritime Technology & Regulation at BIMCO.

“No less than 23 countries and international organisations supported the anti-corruption paper, marking a new step towards a stronger fight against corruption in our industry,” Sorensen says.

To assist its members, BIMCO has developed an Anti-Corruption Clause for Charter Parties that addresses the situation by providing market users with a regime for responding to unlawful demands for gifts.




BIMCO : The Guidelines on Cyber Security Onboard Ships

Cyber threats are constantly evolving which requires a regular review of all cyber related processes on board ships to allow for successful protection against cyber attacks. We are pleased to announce that today various maritime industry organisations published a revised third version of the “Guidelines on Cyber Security onboard Ships”. The document provides guidance to shipowners and operators on how to assess their operations and develop procedures to strengthen cyber resilience on board their ships. The Guidelines will continue to be updated regularly to mirror the evolution of cyber security threats and to outline new measures to mitigate against dynamic cyber risks.

Key updates in Version 3.0 include:

  • the requirement to incorporate cyber risks in the ship’s safety management system (SMS);
  • more detailed information related to the risk assessments of operational technology (OT);
  • increased guidance for dealing with the risks in the ship’s supply chain;
  • cases studies of verified cyber incidents onboard ships to highlight and illustrate potential problems.

Version 3.0 of the Guidelines can be downloaded HERE


BIMCO aims to publish cyber security clause in spring 2019


BIMCO is developing a clause dealing with cyber security risks and incidents that might affect the ability of one of the parties to perform their contractual obligations.

The clause is being drafted by a small team led by Inga Froysa of Klaveness, Oslo. Other companies involved include Navig8, the UK P&I Club and HFW, and the project is due to be completed in May 2019.

Planning and protecting is key

The BIMCO cyber security clause requires the parties to have plans and procedures in place to protect its computer systems and data, and to be able to respond quickly and efficiently to a cyber incident.

Mitigating the effect of a cyber security breach is of paramount importance and the clause requires the affected party to notify the other party quickly, so that they can take any necessary counter-measures. The clause is also designed for use in a broad range of contracts. This way, the clause can cover arrangements with third-party service providers, such as brokers and agents.

The liability of the parties to each other for claims is limited to an amount agreed during negotiations. A sum of USD 100,000 will apply if no other amount is inserted.

Two important functions

The clause will fulfill two important functions. The first is to raise awareness of cyber risks among owners, charterers and brokers. The second is to provide a mechanism for ensuring that the parties to the contract have procedures and systems in place, in order to help minimize the risk of an incident occurring in the first place and, if it does occur, to mitigate the effects of such an incident.

In the early stages of development, the drafting team discussed if the clause should also address payment fraud. It was concluded that the risk of this increasingly common fraud is probably best dealt with at a procedural level by companies tightening up their internal payment procedures to require verification of any changes to payment details.



BadRabbit Ransomware !

A new cyber attack is affecting computer systems around Europe.

BadRabbit Ransomware

A strain of ransomware known as “Bad Rabbit” is believed to be behind the trouble, and has spread to Russia, Ukraine, Turkey and Germany.

Cyber security firm Kaspersky Lab, which is monitoring the malware, has compared it to the WannaCry and Petya attacks that caused so much chaos earlier this year.

Once a computer is infected, victims are sent to a page on the Tor browser that demands .05 Bitcoins (about $275) within around 41 hours, in exchange for the decryption of the data and access to the machine. If time expires, the ransom increases.

As always, anyone infected is discouraged from paying the ransom. For one, there’s no guarantee you’ll get the data back but importantly, refusing to pay the ransom discourages future ransomware attacks.

Although BadRabbit shows similarities to Petya, it’s still unclear who is behind the recent attack. The original Petya took down a number of government agencies and businesses earlier this year, mostly in Ukraine. Russia is a viable suspect for Petya, but all evidence tying the malware with any nation state has been circumstantial.

You can readmore about BadRabbit Ransomware :





IMO has given shipowners and managers until 2021 to incorporate cyber risk management into ship safety !

Owners risk having ships detained if they have not included cyber security in the ISM Code safety management on ships by 1 January 2021.

One of the discussions that took place at the IMO Maritime Safety Committee’s 98th session (MSC 98) in June was whether the IMO’s newly approved guidelines on maritime cyber risk management should be incorporated into the International Safety Management Code (ISM), the international standard for safe ship operations.

While such a directive was not formally adopted, what was adopted was a resolution affirming that approved safety management systems (SMS) should take cyber risk management into account in accordance with the requirements of the ISM.

The resolution encouraged flag administrations to ensure that cyber risks are addressed in SMS no later than the first annual verification of the company’s document of compliance after 1 January 2021.

SHIP IP LTD – Can assist your company to ensure compliance with Cyber Security requirement  as we can offer FULL support to your company like :

  • Maritime Cyber Security Manual with only EUROS 500 ( pls click here to read more… )
  • Consultancy to complete with TMSA 3 – Element 13 Maritime Security
  • ask for more …



[contact-form-7 404 "Not Found"]



Following latest developments in our industry and various guidelines published by BIMCO, USCG Cyber Bulletins and TMSA 3 – element 13 we have develop a generic MARITIME Cyber Security Manual which can be used by all Shipping Companies as a best practice .

SHIP IP LTD have develop a Maritime Cyber Security manual to provide a risk management solution for Shipping companies and their vessels against various Cyber incidents.

Cyber incidents with negative effects to companies reputation or even results to economic effects when delays to services provided by their vessels.

Needless to point that Cyber Security is now part of TMSA 3 – Element 13 and all companies operating Tankers should immediate consider to develop or include to their existing Safety Management system, procedures , contingencies plans ( offices and vessels), define hazards,threats and risks when it comes to Cyber incidents.

Our Manual in word format with following content for sure with small changes will fit to your companies setup and will cover all regulations and international requirements :


Understanding the cyber threat
Assessing the risk
Determination of vulnerability
Risk assessment ( Bridge equipment,Comms,Propulsion,Cargo Systems,Welfare Systems etc.)
Reducing the risk
Technical cyber security controls
Procedural controls
Defence in depth

OFFICE & VESSEL contingency plans

Investigate cyber incidents ( forms and procedures )
Response plan
Investigate cyber incidents


ALSO we will provide you FREE of charge in word format a travel
policy as required by TMSA 3 Stage :
3.1 A travel policy is in place to minimize security threats to personnel.


In case you like more details or even you would like to order our manual,please submit contact form below and we will get in touch with you soon.








As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are increasingly being networked together – and more frequently connected to the worldwide web.
This brings the greater risk of unauthorized access or malicious attacks to ships’ systems and networks. Risks may also occur from personnel having access to the systems on board, for example by introducing malware via removable media.
Relevant personnel should have training in identifying the typical modus operand of cyber attacks.
The safety, environmental and commercial consequences of not being prepared for a cyber incident may be significant. Responding to the increased cyber threat, a group of international shipping organizations, with support from a wide range of stakeholders, have developed these guidelines, which are designed to assist companies develop resilient approaches to cyber security onboard ships.
Approaches to cyber security will be company- and ship-specific, but should be guided by appropriate standards and the requirements of relevant national regulations. The Guidelines provide a risk-based approach to identifying and responding to cyber threats.




The threat of cyber space is building up rapidly with the potential of posing even bigger risks, also for the crews. The maritime industry seems to be rather unaware and unprepared!