A group of the world's largest international shipping associations have published an update to their cyber security guidelines.
Bimco, Intertanko, Intercargo, OCIMF, the World Shipping Council and others collaborated on the project.
In particular, the third edition of the Guidelines on Cyber Security Onboard Ships covers adding cyber risks to a ship's safety management system, risk assessments for operational technology and offers guidance for onboard cyber security threats arising from the external supply chain.
“The third edition provides additional information which should help shipping companies carry out proper risk assessments and include measures in their safety management systems to protect ships from cyber incidents," said Bimco cyber security working group chair Dirk Fry, who also serves as Colombia Ship Management's managing director.
"A new dedicated annex provides measures that all companies should consider implementing to address cyber risk management in an approved SMS," he said, noting, "this is much easier said than done."
BIMCO said the guidelines offer anonymised examples of real-world cyber attacks on shipowners and operators.
Examples highlight the increased threats to human life emanating from cyber attacks on operational technology as well as an increase in malaware infections from third-party suppliers. The guidelines call for ships to be able to quickly disconnect from shore-based networks when facing a cyber threat.
During one of shipping's highest-profile cyber attacks, Maersk Tankers was able to avoid a viral infection in its fleet by being disconnected from oil rigs and shore-based IT. Ultimately, Maersk Tankers relied on pencil and paper to keep its business running during a cyber attack that crippled the Maersk group's IT infrastructure.
Bimco, the world’s largest international shipping association, currently has a team working on drafts of a contractual clause to deal with the risks and potential incidents that could arise from cyber security-related causes.