Current Developments in Waterborne Cyber Risk Awareness

Until recently, guidelines, standards or regulations on cyber security for ports and the maritime supply chain did not exist. The International Maritime Organization (IMO) International Ship and Port Facility Security (ISPS) Code mainly deals with physical security of ports and vessels; only mentioning that communication has to be possible in case of an incident. But there are proposals in order to extend the scope of the ISPS Code and to include cyber security. In June 2016, IMO has published “Interim Guidelines on Maritime Cyber Risk Management” and further organizations have been working on this topic.

The Baltic and International Maritime Council (BIMCO) published “The Guidelines on Cyber Security Onboard Ships“ in January 2016 and the United stated Coast Guard a document on “Cyber Risks in the Marine Transportation System”. Also Lloyds Register is visibly active: In February 2016, a “Guidance Note” on “Cyber-enabled ships” about cyber risks for state of the art computer supported ship operation has being issued. In July 2016 another “guidance document” on “Cyber-enabled ships” with a focus on autonomous ships was made public.

These documents state that important measures of higher security levels for computers and data are i.a. better software, improved processes and trained staff.

Also European Union institutions are working on the computer crime topic. A “Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union” is currently under discussion within the Council and its preparatory bodies.