Cyber ​​risk management beyond IMO 2021 compliance

July 24, 2022 IMO

A new report from Inmarsat, the world leader in global mobile satellite communications, highlights the role of the International Maritime Organization’s (IMO) 2021 Cyber ​​Risk Management Code in providing a framework for cyber resilience , but warns that combating attacks is not limited to compliance alone. Compiled by maritime innovation consultancy Thetius, Beyond Compliance – Cyber ​​Risk Management After IMO 2021 encourages proactivity in preventing and mitigating the impact of cyberattacks.

“Ensuring data resilience and cybersecurity are key concerns for the shipping industry,” said Ben Palmer, president of Inmarsat Maritime. “The IMO guidelines on maritime cyber risk management have helped stakeholders deal with cyber threats, but the nature of digital attacks continues to evolve due to advances in computer technology and the development of geopolitical conflicts. In the 12 months between May 2020 and May 2021, cyberattacks targeting the maritime sector increased by 168% in the Asia-Pacific region alone. [1]

“To ensure the resilience of their digital infrastructure, shipping companies need to look beyond regulatory compliance and be more proactive in their approach to managing cyber risks.”

One of the pillars of this approach is Unified Threat Management (UTM). By combining solutions such as firewalls, anti-virus programs, content filters, and intrusion detection and detection systems into a single hardware and software package, Inmarsat’s Fleet Secure UTM streamlines installation, configuration, administration and maintenance of the network security infrastructure. It helps shipping companies, like Denmark-based Evergas, raise safety standards beyond regulatory compliance.

Evergas IT Manager, Poul Rævdal, said: “The regulations are a good start, but it is important from our point of view to go beyond the guidelines, and Inmarsat’s comprehensive Fleet Secure solution facilitates a proactive approach to network security. Being able to unify the different parts of our network security into one solution and deal primarily with one vendor allows our IT team to focus on optimizing day-to-day support to our vessels and systems.

The continued development of seafarer training has been another key bulwark in shipping cybersecurity defenses. Inmarsat’s Fleet Secure Cyber ​​Awareness training program contains everything crew need to know to be aware of vulnerabilities and suspicious behavior online with guidance on best practices. This training module is offered free of charge to all Fleet Secure Endpoint users.

Effective cyber risk management must consider multiple attackers and various lines of attack – targeted and random. Threat actors are making continuous efforts to update their strategies, developing malicious coding, scanning for vulnerabilities in hardware and software, and responding to human behavior. Only by being proactive can shipping stay ahead of cybercriminals.