Although shipowners have until 1 January 2020 to retrofit cyber risk management into their ship safety management systems to meet IMO’s updated requirements within the International Ship Management (ISM) Code,
But owners should work with shipyards to adopt cyber-secure operational technology (OT) during ship construction, panellists said during Riviera’s ‘Cyber security: readying for the ISM Code’s 1 January 2021 requirements’ webinar.
This was held on 5 August in association with premier partner ClassNK and sponsor F-Secure as part of Riviera’s Maritime Cyber Security Webinar Week.
Panellists included ClassNK cyber security team deputy manager Makiko Tani, TÜV Rheinland director for consulting services in Asia Pacific for cyber security and functional safety Rajeev Sukumaran, Moran Cyber managing director Captain Alex Soukhanov and Beazley senior risk manager Kelly Malynn.
During the webinar, they discussed how shipping companies can incorporate cyber security into their safety management systems no later than the first annual verification of the company’s document of compliance following 1 January 2021.
The panellists clarified IMO’s requirements, confirmed what owners and operators need to do now, and underlined the help and advice available.
Ms Tani said cyber security “should not just be about compliance” but could open “new opportunities for business and new innovations”. She said owners with existing fleets need to understand the OT on ships and required cyber risk controls. “Aim high, but start small,” Ms Tani said. “Start from knowing the vessels and being aware of the onboard OT and IT, and where these meet.”
This is easier if owners engage with shipyards and classification societies during the newbuilding phase.
“Ships can be designed to be cyber-secure,” said Ms Tani. “Ships can be constructed with cyber security capacity” and with class society cyber secure notations.
Mr Sukumaran agreed cyber security should start with ship design. “Builders, designers, owners, etc all need to be taking in cyber security,” he said.
Cyber security was not just about onboard IT and OT, said Mr Sukumaran, as ships were part of a much wider ecosystem involving ports and supply chains. “It is not just about technology, owners need supporting processes and procedures,” he said.
Capt Soukhanov brought a seafarer’s perspective to cyber risk management in his presentation. He agreed cyber security should be incorporated in the build stage. “We are currently retrofitting cyber security” into existing ships, he said.
Which is why all of the supply chain needs to be included in the process. “Our number one priority is the business strategy, as digitalisation needs to be protected,” Capt Soukhanov said, adding that ship operators and vendors “should collaborate and work together to protect onboard systems”.
Ms Malynn said vessel owners should use these requirements to incorporate cyber risk management under the ISM Code “as an opportunity to get to know vessels”. It is also an opportunity to review insurance cover for cyber risk.
She recommended owners conduct risk assessments and gain a better understanding of the cyber threats and vulnerabilities on ships. “Risk assessment quality is important. Owners need to invest in this,” Ms Malynn said.
You can view the webinar, in full, along with the rest of our Cyber Security Week webinars in our webinar library.
And you can sign up to attend our upcoming webinars on our events page.