Nautilus members reminded of cyber security guidelines in wake of US Coast Guard warnings

Nautilus members have been reminded of maritime industry guidelines on cyber security for electronic systems in the wake of recent attempted hacking of ships.

The US Coast Guard has urged vessel operators to be on the alert for cyber adversaries after unidentified hackers attempted to gain sensitive information from shipboard systems, including the contents of an official Notice of Arrival, using 'phishing' email addresses that pose as an official Port State Control authority.

Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. These incidents had been reported by vessel masters to the Coast Guard National Response Centre (NRC). By federal regulation, American vessels must report cyber attacks and suspicious activity to the NRC.

In the UK, the government has produced ship security guidelines which includes advice on developing a cyber security assessment and plan, and handling security breaches and incidents.

Guidelines on cyber security onboard ships has also been jointly produced by shipping industry bodies BIMCO, CLIA, ICS, Intercargo, Intertanko, OCIMF and IUMI. These guidelines uses the National Institute of Standards and Technology (NIST) framework, which says ships are obliged to carry out a security assessment.

The codes of practice recognise that as companies operate their own IT systems, it is up to them to have adequate protection in place.

In recognition of the increasing cyber risks, IMO issued guidance at its 98th session in June 2017 after its Maritime Safety Committee adopted a special resolution on cyber risk management.

The resolution encourages administrations to ensure that cyber risks are appropriately addressed in existing safety management systems (as defined in the ISM Code) no later than the first annual verification of the company's Document of Compliance after 1 January 2021.