Loading...

(+30) 2118501121
HAZOPS-1030x666.jpg

OCIMF is pleased to announce the release of the seventh edition of the SIRE Vessel Inspection Questionnaire (VIQ7).

This edition has undergone an extensive revision process which has brought the VIQ up-to-date with respect to changes in legislation and best practices. The SIRE Focus Group, which has led the work on the revision of this document, has examined the questions to determine whether these continue to remain relevant and has reduced the overall set of questions by up to 90 questions.

The section on Structural Condition in the existing VIQ6 (Chapter 7) has been reduced and merged with Chapter 2. A new chapter (Chapter 7) has been developed to cover Maritime Security which has 21 new questions covering Policies and Procedures, Equipment and Cyber Security.

The section on Mooring (Chapter 9) has been significantly reviewed to incorporate the revisions and best practices that will be introduced in the Mooring Equipment Guidelines, Fourth Edition (MEG4). Operators will be encouraged to align their procedures and equipment with the guidance provided in MEG4 as soon as possible.

The existing chapter on Communications (Chapter 10) has been reduced and merged with Chapter 4, which is now a section on Navigation and Communications.

A set of 10 questions on LNG Bunkering has been added to the section on Engine and Safety Compartments (Chapter 10). These questions have been developed in conjunction with advice and guidance from SIGTTO and SGMF.

The following templates within the seventh edition of the SIRE Vessel Inspection Questionnaires (VIQ7) are now available to integrators upon the OCIMF Staging environment and will be released to the Production environment on the 17September 2018.

  • Template 4401 – VIQ7 (Petroleum)
  • Template 4402 – VIQ7 (Chemical)
  • Template 4403 – VIQ7 (LPG)
  • Template 4404 – VIQ7 (LNG)

 


cyber-1654709-696x392.jpg

GDPR TMSA Cyber Security

 

Tanker owners should be prepared for new EU and IMO cyber security regulations as they must already comply with maritime security requirements under OCIMF’s TMSA 3, writes Martyn Wingrove

There are increasing amounts of cyber security-related regulations that shipping companies will have to comply with, but tanker owners are already ahead of the game. Ship operators will need to include cyber in ship safety and security management under the ISM Code from 1 January 2021.

Before that, they need to be aware of cyber and data security regulations, including the EU general data protection regulation (GDPR) and the EU directive on the security of networks and information systems (NIS).

Much of the requirements under these forthcoming or new regulations are already within Oil Companies International Marine Forum (OCIMF)’s third edition of the Tanker Management and Self Assessment (TMSA) best practice guidelines. This came into force on 1 January this year, with a new element on maritime security and additional requirements of key performance indicators and risk assessments.

Regulation changes were outlined at Riviera Maritime Media’s European Maritime Cyber Risk Management Summit, which was held in London on 15 June. The event was held in association with Norton Rose Fulbright, whose head of operations and cyber security Steven Hadwin explained that “data protection and cyber security needs to be taken seriously from a legal point of view.”

Data, such as information on cargo and charterers, could “become a considerable liability”. If data is lost “then GDPR could be in play” said Mr Hadwin. Regulators “could impose a fine of up to 4% of that organisation’s global annual turnover.”

PwC UK cyber security director Niko Kalfigkopoulos explained the legislation and reasoning behind the NIS Directive, which went into full effect in May this year.  “These regulations have teeth” he said because of the potential size of fines and damage to a company’s reputation from being a victim of a cyber attack. This is one of the reasons why boardroom executives should be aware and understand what is required for compliance.

Class support

During the summit, class societies provided cyber security guidance as they collectively attempted to define cyber secure ship notations. Lloyd’s Register cyber security product manager Elisa Cassi said shipping companies should have a third party monitor their IT network and the operational technology (OT) and employ staff to “stop people sharing data or compromising procedures”.

Tanker owners “need to identify any compromise before an attacker tries to penetrate”, Ms Cassi explained, noting that shipping companies need to “investigate the vulnerabilities through analytics and machine learning”, understand the behaviour of potential threats and use predictive analysis.

ABS advanced solutions business development manager Pantelis Skinitis said shipowners need to change passwords on operational technology, such as ECDIS and radar, as some remain unchanged since they were originally commissioned on the ship. He also advised owners to verify vendors and service engineers and that their USB sticks are clean of malware.

ABS has created cyber safety guidance for ship OT, particularly for ships coming into US ports and terminals. In its development, ABS identified the risks, vulnerabilities and threats to OT. “Managing connection points and human resource deals with the biggest threat to OT systems on board,” said Mr Skinitis.

DNV GL has developed new class notations covering cyber security of newbuildings. It has also produced an online video for instructing shipping companies to become more aware of cyber threats. During the summit, DNV GL maritime cyber security service manager Patrick Rossi said ship operators should set up multiple barriers to prevent hackers.

These should include firewalls, updated antivirus, patch management, threat intelligence, intrusion detection, emergency recovery and awareness testing. OT should be segregated from open networks, only official ENC-provider USBs and update disks should be used and cleaned of malware before being inserted into ECDIS and these systems should be segregated from the internet.

Cyber regulations and guidance for shipping

EU General Data Protection regulation (GDPR) came into effect from 25 May 2018

IMO – Resolution MSC.428(98) – from January 2021 cyber security will be included in the ISM Code

TMSA 3 – cyber security was added to tanker management and assessment in January 2018; EU directive on the security of networks and information systems (NIS Directive) from May 2018

EU privacy rule (PECR) of individuals traffic and location data

Rightship added cyber security to inspection checklist

BIMCO – guidelines based on International Association of Classification Societies

 

CLICK – SOURCE READ FULL ARTICLE


TMSA3.jpg

OCIMF published the third edition of its Tanker Management and Self-Assessment guide (TMSA3) in April 2017. As of 1 January 2018, this will replace the TMSA2 and tanker owners will be required to follow the new self-assessment procedure. 

So are there any major changes? 

Well actually, yes. The latest TMSA version introduces an entirely new element – Maritime Security (element 13). The new element aims “to establish and maintain policies and procedures in order to respond to and mitigate identified security threats covering all company activities including cyber security.”

In complying with the aim, security plans should be put in place, which also address cyber security risks, and should cover shored-based locations, vessels and personnel. 

Are there any tools available to help tanker members comply with the Maritime Security element?

Yes, resources are available and the best thing is they are free!

IET Standards in conjunction with the Department for Transport have created a comprehensive code of practice for cyber security onboard ships. This code follows on from previous work the Department for Transport has done on port cyber security.

Additionally, an industry working group (which included OCIMF) have created Guidelines on Cyber Security onboard Ships. 

What other changes are there?

Elements 6, 6A and 10 have all had revisions, with element 10 now incorporating the OCIMF Energy Efficiency and Fuel Management paper that had previously been a supplement to TMSA2. Additionally TMSA3 also has 19 more KPIs than TMSA2 showing the focus on continuous improvement.

SOURCE : UK P&I CLUB

ARTICLE AUTHOR

Amanda Hastings