A group of international shipping organizations has released guidelines to help shipping companies prevent cyberattacks.
The cybersecurity guidelines, published in January, are the first to be released for the industry. “We realized there is a problem in the industry and we decided to move and do something before we see any attacks on the industry,” said Aron Sorensen, chief technical officer for BIMCO.
The following organizations joined BIMCO in the project, which took more than two years: the Cruise Lines International Association, Intercargo, Intertanko and the International Chamber of Shipping. The guidelines are free and available on BIMCO’s website.
Cybersecurity problems stem from the fact that electronic and computer systems on modern ships are fully integrated, which means navigation, steering control, communications and cargo systems are vulnerable to a cyberattack.
The new guidelines are meant for those in the industry to develop awareness of key aspects of cybersecurity. They are not meant to be used for auditing specific company approaches to this threat.
Measures designed to lower cybersecurity risks include: how to raise awareness of safety and commercial risks to shipping if no guidelines are in place; how to protect IT infrastructure and connected equipment; how to make sure users have appropriate access to information; and how to protect data flowing between the ship and shoreside offices.
According to the guidelines, companies need to identify threats and vulnerabilities, assess risk, develop detection and protection methods, create a contingency plan and respond to cybersecurity incidents.
Cybersecurity was discussed at the 95th session of the International Maritime Organization’s (IMO) Maritime Security Committee last June. Since there were several cybersecurity submissions at this meeting, the committee decided to refer the proposals to its 96th session to be held in London this May.
Sorensen said BIMCO does not object to IMO efforts. “We should be careful that these guidelines address all the issues and also ensure that they actually take into account what the industry has been doing,” he said. “Cyberattacks develop all the time, new threats happen all the time. Legislation would be too slow to keep up with what’s going on.”
Other international efforts are underway to address cybersecurity. Last December, the International Association of Classification Societies (IACS) formed a high-level committee to address safety issues around cyberattacks. IACS established a working group that will work with other companies in the industry and continue to collaborate with BIMCO on cybersecurity, according to an IACS news release.