ISM Code and Maritime Cyber Security

 

The increase in use of technology aboard vessels brings the increased risk of security hacks aboard vessels as also in companies. IMO in its guidelines to Administration has asked them to get companies and ships flying their flag to put cyber-security measures in place. Cyber security measures in ISM training got prominence after the major cyber hack on Maersk Line. There have been a few other hacks on the maritime systems since then including not too long ago aboard a chemical tanker off New York.

The ISM code uses a process-based approach to maritime safety management systems. This process-based approach is the same as prescribed by ISO 9001 as also by ISO 27001 for information security management systems. Incidentally ISO 27001 is also once of the standards prescribed by the FAL circular for implementation of cyber security controls and best practices. ISM training for personnel should include awareness of potential cyber risks and what are the measures that personnel aboard should take to prevent a cyber security incident/breach.

ISM training, on cybersecurity measures, may include measures to take such as regular updates of anti-virus software, not to connect any external pen-drives to the ship/office framework, not to divulge passwords as also to regularly change passwords, to ensure that information packets sent between ship and office are encrypted. Electronic operational equipment too needs to be protected based on the risk they present and if they are connected to the internet. Many ships these days have remote sensing equipment as also remote-control equipment based on the Internet of Things (IoT) concept.

Per the ISM code and as ISM training candidates will learn companies need to have someone similar to a DP assigned to deal with emergencies at all times as also to provide the vessel with support/resources as needed. The ship and company both will need to have controls for equipment defined based upon the risk assessment conducted. Emergency response procedures will need to be defined as also tested on a periodic basis. Non-conformities and breaches need to be identified and acted upon to prevent recurrence.

Reviews of the system will need to be done at periodic intervals to assess the effectiveness of systems and ISM training auditors will need to conduct audits of the cyber-security system to assess how well the system is working. Maintenance of cybersecurity measures including hardware and software will need to be ensured as also protection against malware and phishing emails. The crew should be aware of how to identify a phishing email and whom it should be reported to.

ISM training for all personnel is important to ensure they understand their contribution to the system and its effectiveness as also how they impact the system when they do not.

Comments

Post a Comment

Popular posts from this blog

ISO 14001 Course: Master Environmental Management

ISO 14001 Course: Master Environmental Management for Sustainability ISO 14001 Course: Master Environmental Management for Sustainability In an era where sustainability is no longer optional, the ISO 14001 course emerges as a critical tool for organizations seeking to reduce their environmental impact. This comprehensive training program equips you with the knowledge and skills to implement robust environmental management systems, ensuring compliance with global standards and fostering long-term sustainability. Why Choose the ISO 14001 Course? Environmental regulations are increasingly stringent, and public demand for eco-friendly practices is rising. The ISO 14001 course addresses this need by: Enhancing Compliance: Learn how to align your operations with ISO 14001 standards, avoiding costly penalties and reputational damage. Improving Efficiency: Discover strategies to minimize waste ...
Read more

ISO 14001 Lead Auditor Course: Achieve Certification and Advance Your Career

```html ISO 14001 Lead Auditor Course: Unlock Your Career ISO 14001 Lead Auditor Course: Unlock Your Career Why Choose the ISO 14001 Lead Auditor Course? In today’s globalized business landscape, **ISO 14001** certification is a powerful tool for environmental management. Our ISO 14001 Lead Auditor Course is designed to equip you with the expertise needed to lead environmental audits, ensuring compliance and sustainability. Whether you’re a seasoned professional or new to environmental auditing, this course offers a structured pathway to career growth. Course Structure and Content Our ISO 14001 Lead Auditor Course is divided into modules that cover: Introduction to ISO 14001 Environmental Management System (EMS) Requirements Audit Techniques and ISO 14001 Standards Lead Auditor Responsibilities Each module includes interact...
Read more

Master ISO 14001: Your Path to Environmental Excellence

Master the ISO 14001 Course: Expert Training for Environmental Compliance Master the ISO 14001 Course: Expert Training for Environmental Compliance In today’s globalized business landscape, understanding environmental regulations is critical for success. The ISO 14001 course is a cornerstone for organizations seeking ISO 14001 certification. This comprehensive training program equips professionals with the knowledge and skills to manage environmental risks effectively, ensuring compliance with international standards. What is ISO 14001? ISO 14001 is a globally recognized standard for environmental management. Developed by the International Organization for Standardization (ISO), it provides a framework for companies to minimize their environmental impact while enhancing efficiency. The course covers principles of environmental management, regulatory requirements, and implementation strategies. ...
Read more