Why it’s best to leave your IMO cybersecurity compliance to the experts
The IMO cybersecurity resolution
We are all aware of the IMO’s cybersecurity resolution which came into effect on the 1st of January this year. Are we all ready with our updated Safety Management Systems for the annual Document of Compliance audit though? Perhaps not. There’s no denying the need for the IMO’s resolution, as evidenced by the exponential growth of technology and our constant need to be connected. Indeed, we all must have risk mitigations in place, regardless of industry. This, however, does not detract from the fact that maritime cyber security is a complex beast to understand.
What is cyber risk at sea?
The IMO’s guidance on cyber risk does take into consideration the huge variety of boats on our seas. Therefore, it’s based on more generic principles and objectives as a catch all, much like the International Safety Management Code. Vessel managers can commission individual risk assessments and put customised procedures into place according to their specific risk.
Assessors will systematically evaluate the many factors that must be mitigated against in effective cyber risk management. These variables include different assailants, their intentions, and both targeted and random attacks. The latter being, for example, automated systems which continuously search for weaknesses in your network’s defences. Human error can also play a significant, if unintentional, part in opening your vessel up to threats, not least due to the myriad personal devices requesting access to your internal networks.
The IMO holds superyachts responsible for having compliance measures in place; for identifying, protecting, detecting, responding to, and recovering from cyberattacks. Further, the pandemic has led to an increased number of cyberattacks targeting superyachts and their high value guests. These factors have amplified the need to have quality protection measures in place, and the risks at stake. Every superyacht must have cybersecurity mitigation built into their Safety Management System to become IMO-compliant. With so many vulnerabilities to cover – from propulsion and power control systems, through communications systems, to unsupported hardware, outdated software, insecure terminals, and infected third-party devices – it can be quite a daunting task.
This is where the experts come in! As a specialist provider, OceanWeb offers a comprehensive cyber risk management service. We assess your individual circumstance and provide a tailored mitigation plan to ensure your vessel’s IMO compliance. We then use the results to establish an appropriate response plan to address existing risks and make recommendations for continued compliance. Leave the “techy stuff” to the experts and let OceanWeb take care of all your cybersecurity needs.