The Maritime Industry Authority (Marina) is requiring all shipping companies with Philippine-registered vessels to take into account cyber risk management in their safety management system, in compliance with an International Maritime Organization (IMO) resolution that took effect last June.
The maritime authority, in Marina Advisory (MA) No. 2017-24, addresses the requirement to all ship owners, bareboat charterers, ship operators, or managers of Philippine-registered ships certified under the International Safety Management (ISM) Code, and all others concerned. Marina said the requirement is pursuant to IMO Maritime Safety Committee (MSC) Resolution, MSC.428 (98), adopted on June 16, 2017.
MSC.428(98) encourages member states to ensure that cyber risks “are approximately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance (DOC) after 1 January 2021.”
It also requests member states to bring the resolution to the attention of stakeholders.
MA 17-24 says the functional elements that support effective cyber risk management shall be included in the safety management system and subject to audit no later than the first annual verification of the company’s DOC after January 1, 2021.
The MSC resolution recognizes the urgent need to raise awareness on cyber risk threats and vulnerabilities to support safe and secure shipping, “which is operationally resilient to cyber risks.”
Danish shipping giant Maersk, which was hit by a cyberattack at the end of June that caused system outage, said the incident will shave $200 million to $300 million from its profits for the third quarter of 2017.
The resolution also recognizes that member states, classification societies, ship owners and ship operators, ship agents, equipment manufacturers, service providers, ports and port facilities, and all other maritime industry stakeholders “should expedite work towards safeguarding shipping (against) current and emerging cyber threats and vulnerabilities.”
It says that MSC-FAL.1/Circular 3, approved by both MSC and the Facilitation Committee in 2017, provides high-level recommendations for maritime cyber risk management that can be incorporated into existing risk management processes and that complement the safety and security management practices established by IMO.
It also recalls Resolution A.741(18) by which IMO adopted the International Management Code for Safe Operations of Ships and for Pollution Prevention (ISM Code), and recognizes the need for appropriate organization of management to enable it to respond to the needs of those on board ships in order to achieve and maintain high standards of safety and environmental protection.
MSC.428 (98) also affirms that an approved safety management system should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code. – Roumina Pablo
Image courtesy of lekkyjustdoit at FreeDigitalPhotos.net
