The deadline for ship operators to include cyber risk management into ships’ safety management systems (SMS) is getting nearer. A shipping circular released yesterday by the Maritime and Port Authority of Singapore (MPA) notes that IMO Resolution MSC.428(98) requires that an approved SMS take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code.
Compliance with the ISM Code is required under the SOLAS convention.
For Singapore-registered ships, MPA will require cyber risks to be appropriately addressed in a company’s SMS no later than the first annual verification of the ISM company’s Document of Compliance after January 1, 2021.
To consider cyber risks as being appropriately addressed in SMS, says the MPA circular the ISM company is required to demonstrate that it has appropriately incorporated the five functional elements to address maritime cyber risks, namely:
- Identify: Define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations;
- Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations;
- Detect: Develop and implement activities necessary to detect a cyberevent in a timely manner;
- Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event; and
- Recover: Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event.
You can download the MPA circular HERE