BIMCO has released an update to its cyber security guidelines, with version 4 published to coincide with the introduction of new IMO requirements for shipowners and managers to implement cyber risk management in their safety management systems (SMS) by the time of their first Document of Compliance audit after 1 January 2021.
While the previous version, dated November 2018, offered guidance for the initial work of implementing cyber risk management in the SMS, the Organisation says that the new version contains several improvements.
These include general updates to best practises in the field of cyber risk management and a section with improved guidance on the concept of risk and risk management.
“In recent years, the industry has been subjected to several significant incidents which have had a severe financial impact on the affected companies. While these incidents have had little or no safety impact, they have taught us some very important lessons which have been incorporated into the new version of the guidelines,” said Dirk Fry, Chair of BIMCO’s cyber security working group and Director of Columbia Ship Management.
“With the increased connection of devices and systems to the internet, more opportunities will present themselves and more vulnerabilities in need of safeguarding will emerge in the future.”
“Cyber security is an arms race between the attackers and the defenders, where the attacker has the luxury of first choice of weapon. Because we can never be 100% secure in such circumstances, we must extract all the learnings we can from past events. We should be capable of quickly recovering from incidents because we know they will most likely occur at some point. Drawing on the most recent experiences from the industry and beyond, the new version of the guidelines will help us achieve just that.”
The guidelines can be downloaded here.