NEW IMO 2021 GUIDELINES - are you prepared?
The new IMO Cyber Security Guidelines have already been in force since 1 January, 2021. As far as you are concerned, this means that shipping companies must prove in the next audit that cyber risks are adequately considered in the safety management system. In a worst case scenario, your vessel may be detained in port if deficiencies are detected!
You therefore may not have much time left to bring your SMS manual up to date. Here is what you can do now.
The problem: Your next audit is bound to come up
Increasing digitization on board ships also ensures a steadily rising cyber threat (e.g. from malware). Consequently, the SMS must take this threat into consideration. The SMS manual must be up to date. It should also be ensured that the crew understands cyber risks and can handle certain situations accordingly. This requires specific training on how to deal with cyber threats. Proper implementation of the new guidelines will be of crucial importance from the first annual review of the certificate of compliance at the latest. Time is of the essence!
Ensure now that good results are achieved in the external audit and prepare your security management for a Port State Control inspection.
The consequences: Off hire and security risks
If deficiencies are identified during an audit, serious restrictions may be imposed by Port State Control. Under certain circumstances, some ports may no longer be called in the event of a negative report, and there is even a risk that vessels may be detained for days or even weeks!
Another reason for adding IT security is, of course, the increasing scale of threat. For example, the "NotPetya" trojan attack in 2017 caused hundreds of millions of euros of damage to the transport industry, as the largest player in the container market was completely locked down for days. Targeted hacker attacks on electronic navigation systems or the main propulsion system on board, for example, can lead to outages and paralyse the entire ship's operations. Data theft (e.g. login data) can also have serious consequences.
The solution: Call in vessel IT experts NOW
Be honest: Do you have an overview of all details to update your SMS manual in every respect? Is your crew well aware of current cyber risks, and does everyone on board know what to do if hackers cripple important parts of the vessel's IT?
The new guidelines mean additional responsibility for you – not making the task any easier. After all, IT security is highly complex and requires both maritime and IT expertise, which is why the IMO demands that experienced IT specialists be brought in to meet all requirements.
More and more shipping companies are also relying on external experts like Waterway IT Solutions for this purpose. We are the only vessel IT provider with roots in the shipping industry and are familiar with maritime requirements, thanks to many years of experience. Therefore, we can support you optimally regarding all questions relating to the IMO Guidelines, cyber security, your SMS and the next audit.
The check: Test and train your crew to be prepared
Perhaps the greatest risk to cyber security on board is the carelessness or unintentional misconduct of the crew. For this reason, targeted training of the crew is very important to, on the one hand, ward off attacks on your ship and, on the other, to fulfil all mandatory regulations.
To manipulate the vessel's IT, cyber criminals often use special phishing emails to obtain sensitive information or infiltrate communications. Waterway IT Solutions has developed a test procedure with simulated phishing attacks to counter this. This also serves as crew training where your employees and colleagues learn how to recognise and eliminate phishing emails. As a consequence, you can transform your crew into a “human firewall”.
For a better IT security off- and onshore
The shipping company's onshore operations are also at risk from hacker attacks with phishing emails. That's why we can include shore-based employees in our testing and training process. It is also helpful for the audit if you have considered onshore IT security.
IT security strengthened, audit passed
Waterway IT Solutions' Phishing Attack is a first step in improving on-board cyber security. Let us advise you on what still needs to be done to implement the new IMO Guidelines. With our experience in the maritime sector, we can help you with technical and regulatory measures and prepare you for upcoming audits. We tell you what to expect, ensuring your success in the next audit! This means that you protect your ship, do not need to fear Port State Control sanctions and can sleep soundly at night again.