Maritime Cyber Risk Management


Vessels are increasingly using systems based on Information technologies. As a result the security of data and other sensitive information has become one of a maritime concern.

In connection with mentioned above The Maritime Safety Committee, at its 98th session in June 2017, adopted Resolution MSC.428(98) where they encourage administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company"s Document of Compliance after 1 January 2021.

Also IMO has issued Guidelines on maritime cyber risk management.

There are some other guidelines on cyber security on board ships issued by BIMCO, CLIA, ICS, INTERCARGO, INTERMANAGER, INTERTANKO, OCIMF, IUMI and WORLD SHIPPING COUNCIL.

Training and awareness of appropriate company policies and procedures may provide an effective response to cyber incidents.

Our solutions in maritime cyber security management

The cyber risk management system in each individual case may differ from others. But in the general case, it may consist of the following stages of policy development and LAN configuration:

  • Audit the LAN for compliance with standards and recommendations.
  • Network security. Logical addressing. LAN segmentation.
  • Firewall (s). Firewall configuration policy development including develop of a policy to permit a useful traffic and block unuseful.
  • Monitoring traffic and processes of the local network, servers and workstations.
  • Development of a security policy for servers and workstations (control of connecting external devices, permission to run approved programs, access policies for programs on the Internet, etc.)
  • Secure remote LAN access policy.
  • The access control policy for accessing users to the LAN resource.
  • Malware prevention policy.
  • Awareness and training for the staff and users.
  • Incident management.
  • Develop policies and procedures for backing up and restoring data and system configurations.