IMO Cyber Security Guidelines (MSC-FAL.1/Circ.3) and Resolution MSC.428(98) to be Adopted by 1 January 2021
The International Maritime Organization (IMO) has issued MSC-FAL.1/Circ.3 Guidelines on Maritime Cyber Risk Management. The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management. The recommendations can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO.
- The new procedure is part of the “ShipRight Procedures” within LR Rules. Compliance with it makes a ship or a ship system eligible for a ShipRight Notation and/or a Descriptive Note.
- In cases where a procedure is applied to a vessel outside of the classification regime, a certificate of compliance may be issued if appropriate.
- The procedure was developed to provide an independent assessment of the effectiveness of cyber security controls within connected, integrated and internet-enabled systems and environments.
The development of Lloyd's Register's classification standards is a dynamic process. As the threats evolve, the standards adapt to ensure that safety, operability, performance and the security of vessels are kept to the desired level during their service life.
Today’s cyberattacks occur 24x7. Although most of the generic attacks can be prevented through basic security controls, more advanced attempts often slip through undetected, and the time from vulnerability identification to exploit tool creation is continually reducing. Attacks that would have been classed as sophisticated 12 months ago now appear in commodity based malware that can be freely found on the dark web.
By Joel Snape, Senior Threat Researcher at Nettitude
Sometimes it feels like everything runs on email. We all know we get far too many each day, and crucial information is constantly being sent back and forth between individuals and companies. It has become so common that often we don’t stop to question whether it is the most effective way of carrying out a task, and whether it is exposing us to harm. One area in which email seemingly cannot be escaped is in communication with port authorities; this could be anything from arrival notifications to requests for bunkering, ballast discharge or diving. Although online reporting systems such as the CERS portal do exist, in many cases vessels still have to fill in a Word form or Excel spreadsheet and email it to the relevant authority. They may also then have to respond to follow up questions, or get more paperwork to fill out.
ISO27701:2019, a new international standard concerned with the management of personal data, has been published. ISO27701 is a Privacy Information Management System (PIMS), and provides an extension to the better known ISO27001:2013 Information Security Management System (ISMS).
In this blog, we’ll take a brief look at the new standard, how it differs from ISO27001:2013, and how it can benefit your organisation.