Maritime News

This Marine Notice (MN) outlines the position of the Bahamas Maritime Authority (BMA) with respect to establishing policies and procedures for mitigating maritime cyber risk.

Cyber risks should be appropriately addressed in safety management systems no later than the first annual verification of the company’s ISM Document of Compliance after 01 January 2021, as indicated in IMO Resolution MSC. 428(98).

This will assist owners as they review their Safety Management Systems for compliance with IMO Resolution “MSC 428/98 Cyber Risk Management in Safety Management Systems” which mandates that “cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the Document of Compliance after 1 January 2021”.

The IMO has identified cyber security as a risk to be addressed in safety management systems and the handling of the risks are to be verified in audits from 1 January 2021 onwards. This statutory news summarises IMO’s main recommendations.

In February 2019, a deep draft vessel on an international voyage bound for the Port of New York and New Jersey reported that they were experiencing a significant cyber incident impacting their shipboard network. An interagency team of cyber experts, led by the Coast Guard, responded and conducted an analysis of the vessel’s network and essential control systems. The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted. Nevertheless, the interagency response found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities