IMO Flag

IMO regulations for cyber security


Understanding international requirements for maritime cyber security risk management

In response to the growing threat of cyber crime, the International Maritime Organization (IMO) has issued Resolution MSC.428(98). This regulation has since been complemented by other guidelines, notably those developed by the Baltic and International Maritime Council (BIMCO) for cyber risk management.

These guidelines lay out high-level recommendations for incorporating cyber risk management into existing safety management system (SMS) processes, enabling ship owners to protect their vessels. As of January 1, 2021, all ship owners must comply with IMO Resolution MSC.428(98) in order to continue sailing worldwide.

Key Benefit

  • Understand IMO’s regulatory requirements for cyber security and safety for all ships
  • Benefit from expert guidance on the development and implementation of a cyber risk management plan
  • Achieve compliance with international regulations for cyber security and safety

Survey and assess your ship cyber security resilience

Digital advances happen quickly. Propelled by the needs of global decarbonization, reliable and useful data is in ever-higher demand.

To address this need, ship systems increasingly exchange data with the shore, meaning that vessels are more connected and the potential surface of vulnerable to cyber attack is wider. This has made malicious actors more interested in the maritime industry, thus increasing the likelihood of cyber incidents.

Bureau Veritas has developed a tool to help owners clearly assess their technical ship cyber security ecosystem at any point in its lifecycle. Cyber Health Assessment Report Tool (CHART) by Bureau Veritas is perfect for inspecting the current state of compliance and taking steps toward implementing regulation.

Comply with IMO Resolution MSC.428(98) for ship cyber security

On January 1, 2021, IMO Resolution MSC.428(98) came into force. This regulation is applicable to all vessels, requiring ships to include cyber risk management in their safety management systems, in accordance with the International Safety Management (ISM) Code. This resolution further encourages flag administrations to ensure that ship owners and managers are properly addressing cyber risks.

To help ship owners achieve compliance, BIMCO and other organizations have developed general guidelines, offering a blueprint for creating a cyber risk management plan. Though IMO’s existing guidelines are not marine-specific, vessel owners can use them to help identify and assess risks, protect their assets, and respond to and recover from cyber attacks.

Bureau Veritas helps ship owners and managers implement customized, effective cyber risk management strategies onboard. To do this, we have developed a comprehensive framework for cyber security based on our NR 659 Rules. This framework enables Bureau Veritas to identify critical equipment on board and propose organizational, technical and procedural mitigation measures to reduce residual cyber risk to an acceptable level.