News: USCG guidance on Cyber Risk Management
News & Insights 17 November 2020
Cyber risk management needs to be implemented in safety management systems (SMS) by the first International Safety Management (ISM) Document of Compliance (DOC) verification after 1 January 2021
As highlighted in the club's recent guidance, available on the right, cyber risk management needs to be implemented in safety management systems (SMS) by the first International Safety Management (ISM) Document of Compliance (DOC) verification after 1 January 2021.
In an effort to address cyber threats in the maritime sector, the United States Coast Guard (USCG) has issued a work instruction (CVC-WI-027) to provide guidance to Coast Guard Marine Inspectors and Port State Control Officers for assessing cyber hygiene onboard applicable vessels, as well as compliance options if deficiencies are noted.
The USCG previously published a Marine Safety Information Bulletin (MSIB 19-20) to highlight recent cyber events involving increasingly sophisticated malicious email spoofing techniques, and MSIB 18-20 as an advisory on the urgent need to protect operational technologies and control systems. Specifically, the USCG advises that while advances in systems and technologies can improve the efficiency and scope of operations, there is a heightened risk of increased threats posed by malicious actors. These cyber actors have demonstrated a willingness to conduct malevolent activity against maritime critical infrastructure by exploiting internet-accessible operational technology (OT) assets.
For further reference, members are recommended to refer to USCG Navigation and Vessel Inspection Circular (NVIC 1-20) on ‘Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act (MTSA) Regulated Facilities.’
Category: Loss Prevention