Cyber Security IMO

IMO to Prevent Cyber-attacks

cyberattacj.jpg

At a meeting of the IMO’s Maritime Safety Committee (MSC), it was recognised that ships may also be exposed to so-called cyber-attacks.

Now, the IMO wants to prevent hostile attempts to interfere with electronic systems in the maritime industry and it has therefore drawn up interim Guidelines on risk management.

An important point of the guidelines is that potential attacks will not be aimed merely at traditional computer systems, but will also to a high degree focus on control and steering systems for, for example, navigation, machinery, communication, etc.

Ships can be hit by IT attacks

The Maritime Safety Committee (MSC) has recognised that ships can also be exposed to hostile attempts to disturb or interfere with electronic systems, so-called cyber-attacks. The Committee emphasized that the entire maritime industry must take these threats seriously. Against this background, the Committee has
drawn up interim Guidelines on risk management to prevent “cyber-attacks” in the maritime industry.

With these guidelines, the IMO supports the guidelines drawn up by the industry – inter alia headed by the Copenhagen-based BIMCO – however, without officially rubber-stamping some guidelines rather than others.

An important point of the guidelines is that potential attacks will not be aimed “merely” at “traditional computer systems”, but will also to a high degree focus on control and steering systems for, for example, navigation, machinery, communication, etc.

Today, most ships’ steering systems are computer-based and, in many cases, connected to a network. Thus, the systems become vulnerable – though they are not directly connected to the internet. In addition, thoughtless use of a USB port can cause great problems. The guidelines stress the importance of transferring the principles of operational risk management from the traditional “physical” areas to ships’ steering systems.

In short, it is all about identifying and assessing the threat scenario, “taking action” in relevant areas, following up on the effect of one’s actions and modifying the assessments and actions as an ongoing process of development. The maritime industry is already used to doing this, and the Danish Maritime Authority urges everyone to extend this way of thinking to ships’ steering systems.

Summary of MSC 96
Read more about the IMO’s prevention of cyber-attacks and the other issues considered at the meeting in the summary.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s