Published in cybersecurity, all | 4 minutes reading time

Important information about maritime cybersecurity

Stay up to date!

* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.

In an industry increasingly reliant on automation and remote monitoring, the need for robust cyber risk management of critical systems and assets on ships has never been more acute.

The International Maritime Organization (IMO) has issued MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management, in which they lay down the law: Shipowners and managers are given until 1 January 2021 to include cybersecurity as part of their ISM Code safety management.

As the global maritime community is faced with the somber prospect of having ships detained if they fail to comply with the new IMO rules, cybersecurity is a hot topic dominating the industry headlines.


What is ‘cyber secure’?

IMO states that ships have to be cyber secure. What, exactly, does “cyber secure” look like in practical operation? A growing number of lengthy guidelines are being published, designed to help companies formulate their own approaches to cyber risk management onboard ships.

But few of these guidelines offer guidance in plain English, potentially losing both senior management and crew members.

Besides, the cybersecurity guidelines say nothing about how you can determine when your onboard cyber systems are actually secure, or how you can prove it to industry stakeholders. In BIMCO’s own words: “The advice and information given in [the guidelines] is intended purely as guidance to be used at the user’s own risk”.

So, where should you start to address cybersecurity and make your fleet IMO compliant?


Take a holistic approach to cyber risk management

Implementing robust cybersecurity measures onboard ships requires a ‘total systems’ approach. Cybersecurity needs to be multi-layered, where malware and unwanted data traffic is blocked starting at the DNS-level.

Cybersecurity is not just about technical aspects, though. You need to take into account all the different systems on board. How are they designed and installed, how do they connect, and how will they be managed?

What critical shipboard systems might be connected to uncontrolled networks or directly to the internet?

Read more: The key to best practice maritime cybersecurity


Maritime cybersecurity starts with risk assessment

BIMCO’s Guidelines on Cyber Security Onboard Ships states that shipping companies need to have a cybersecurity management plan in place on their ships. Performing risk assessment on all onboard systems and procedures – to map their robustness – is a crucial part of any effective risk management plan.

You need to know what devices you have on board, and their vulnerabilities. Then you need to understand impact on operations, assets, etc. if vulnerabilities are exploited and you suffer from unauthorised access, loss of integrity, or loss of availability.

And crucially, how do you respond to and recover from cybersecurity incidents? This means you need to establish incident response plans that can be deployed quickly and effectively.

When all this is thoroughly documented, it’s time to implement practical and robust technical protection measures to safeguard your vessel IT environment.

How do you best protect against cyber events and ensure continuity of your operations?

With an easy-to-implement system that protects your vessels and their onboard IT systems even before an attack occurs, your entire fleet stays connected – without compromising security and safety.

New call-to-action



IMO: Guidelines on maritime cyber risk management

BIMCO: Guidelines on Cyber Security Onboard Ships

Important information about maritime cybersecurity
Written by Geir Inge Jensen, CISO

Geir Inge Jensen is the Chief Information Security Officer at Dualog. Adding over 20 years of experience in network design and cybersecurity, Geir Inge is passionate about developing solutions and services that help shipping companies create a more cyber-resilient environment onboard their vessels. When he is not fighting maritime cybercrime, you can find him in the mountains enjoying the great outdoors with his camera in hand.

Related blog posts