IMO regulations for cyber security
Understanding international requirements for cyber risk management
In response to the growing threat of cyber crime, the International Maritime Organization (IMO) has issued Resolution MSC.428 (98). This regulation has since been complemented by other guidelines, notably those developed by the Baltic and International Maritime Council (BIMCO) for cyber risk management.
These guidelines lay out high-level recommendations for incorporating cyber risk management into existing safety management system (SMS) processes, enabling ship owners to protect their vessels. As of January 1, 2021, all ship owners must comply with IMO Resolution MSC.428 (98) in order to continue sailing worldwide.
- Understand IMO’s regulatory requirements for cyber security and safety for all ships
- Benefit from expert guidance on the development and implementation of a cyber risk management plan
- Achieve compliance with international regulations for cyber security and safety
Comply with IMO Resolution MSC.428 (98)
On January 1, 2021, IMO Resolution MSC.428 (98) came into force. This regulation is applicable to all vessels, requiring ships to include cyber risk management in their safety management systems, in accordance with the International Safety Management (ISM) Code. This resolution further encourages flag administrations to ensure that ship owners and managers are properly addressing cyber risks.
To help ship owners achieve compliance, BIMCO and other organizations have developed general guidelines, offering a blueprint for creating a cyber risk management plan. Though IMO’s existing guidelines are not marine-specific, vessel owners can use them to help identify and assess risks, protect their assets, and respond to and recover from cyber attacks.
Bureau Veritas helps ship owners and managers implement customized, effective cyber risk management strategies onboard. To do this, we have developed a comprehensive framework for cyber security based on our NR 659 Rules. This framework enables Bureau Veritas to identify and evaluate an asset’s cyber risk and propose organizational, technical and procedural measures to reduce that risk to an acceptable level.