Is the new ISM Code 2021 in cyber security (IMO deadline 1/1/2021), a new era that will real change the cyber culture of the entire Maritime industry?
The IMO cybersecurity deadline for new ISM Code 2021 comes with the first assessment and compliance plan that all shipping companies should proceed after the first day of 2021 (or after the first SMS update in 2021), developing new procedures starting with the readiness check and ending with the daily integrated shielding of all shipping companies, but also their staff, ships, crews & all third party.
However, the first moves towards real compliance have so far been made in a very small percentage, while 90% of the Maritime Industry seems to be stepping on a weak cyber ground, unaware of the real risks and always with the appropriate insurance or business risk.
A superficial cybersecurity advisory report is speculated by some executives that it will in fact be able to obtain formal approval of the law by flags or classes.
In reality, however, it is obvious that compliance with such regulations certainly requires a very careful approach and management, especially when required based on standards such as ISO 27k but also the development of a Cybersecurity Strategy which certainly can not consist of an article or a book which will be used as a basic Cyber Manual.
The appearance of the Cyber safety officer on land in many cases of shipping companies with a ship or even with a fleet, is considered imperative due to the need for 24/7 controls(shielding & monitoring) after compliance and integration of the IMO guidelines in the company SMS and each ship separately.
Surely a vessel with great effort, experience and luck could be navigated with the stars.
Very politely I express my humble opinion to all the beloved seafarers who believe in it.
However, the conditions have changed rapidly as navigation has no longer to do only with the rowing of the ship but also for all these tools that generate profit in the shipping business (better & shorter course / less fuel, fewer shifts due to the automated online system that is connected to the internet and gives the information, instruments that control the risks and condition of the cargo carried, remote maintenance controls, better shot transfer of crew to a ship based on ship’s location and the duration to reach that destination, etc.).
At the same time, new risks have been created not so much of a maritime nature but more technological. The AIS tampering, changing the GPS location, or ultimately disturbing the route through GPS with possible deception or ransom, is now a fact.
In addition to traditional piracy, ransom is usually demanded in cryptocurrencies as cybercrime happens remotely (containership attack, logistics units or Port states)
But what happens to the vessel, is there a trained crew, has it been assessed for its readiness & who are responsible for cybersecurity at sea?
Most vessel’s IT & OT systems are connected, to which the crew has an important reason to communicate either professionally or personally.
Now as technology evolves, in Maritime for example everything is now digital or tends to be digitised for business metrics & better control of instant information aimed at saving resources.
At the same time, however, the patterns for new cyber-attacks that try to penetrate not only the IT but also the OT systems of the shipping chain & the entire third party critical infrastructures, are being developed with mathematical evolution.
On a daily basis, automated or targeted cyber-attack efforts are made, resulting in in many cases the penetration of the company’s systems with the corresponding effects.
At Crontab we have initially developed Cybercomp a special tool which directly provides the ISM Code 2021 diagnosis & risk report of the level of readiness at which the company is located & ships or fleet.
Our complete proposal is formulated independently & depending on the company and after the System mapping, IT Audit, Cyber Risk Assessment etc. that consists in connection with the ships & crews.
As training is provided in remote / web access on board or in a training center with physical presence special courses designed for all sailors depending on their responsibilities (company management & staff, crews and cyber security officers in the company or at sea) through specific assessment of their readiness.
As far as it concerns the readiness of crews or staff of shipping companies, e-learning practices can bring direct knowledge along with many other technical seminars (such as cyber security which can be attended by the seafarer and onboard).
The certification, of course, should be done after a physical evaluation. Exceptions are special cases that exist on the End2End Onboard Communication Network.
MTS port controls, Marine Inspections & Deficiencies
Many shipping companies or seafarers mistakenly believe that a cyber attack is a computer virus hidden in a USB stick or malware that is transmitted as “bait” via a phishing email, always with little impact on the company.
On the realistic side of things, the level of threat and complexity of hackers is increasing every day, with the result that many shipping companies do not fully appreciate the seriousness of the issue they are facing.
The combination of the IMO’s new requirement with the devastating impact that a cyber attack on a shipping company or ship can have creates another burden for those involved in security and ship management operations.
“Combining all of the above with the rapid developments that bring cyber security controls (MTS port controls, Marine Inspections etc.) into immediate effect initially in US ports, shipping owners or operators may face a new reality, which will could pose a great financial risk in case a ship is characterized with Deficiencies code 30 or 17 due to a poor development & integration of cybersecurity in the SMS Doc of the ship”, notes Mr. Papaioannou CTO at Crontab Cyber.
The Cyber Security Services in maritime should now be recognized as an expense that will make a profit in the short or long term.
We believe in the true and thorough compliance with the new regulation and that is why we provide the following integrated services
IMO ISM Code 2021 Cyber Security full Compliance Deliverables:
- IT & OT Gap analysis
- Network Mapping
- Vessel System Audit (IT & OT)
- Cyber Manual (custom development per vessel or fleet analytically)
- Cyber Risk Assessment
- Cyber Awareness Training
- Vulnerability Assessment
- Design of Policies & Procedures in Cyber Security
- Access Control Policy & Physical Security
- Roles & Responsibility
- Business Impact Analysis
- Incident Response & Recovery Planning
- Crisis room
- Pen test
- Outsourcing CISO (Cyber Security Officer)
- 24/7 SOC on the BOX on board
The substantial adaptation to the new IMO law on cybersecurity and consequently to the new cybersecurity culture, in addition to being imperative in our daily lives, can also be a lifesaver in the future, when the technological boom we are experiencing certainly brings significant help but also significant risks that we must take it very seriously.
Crontab Cyber Security is a company that evaluates, designs and produces Information security solutions for several sectors, including Shipping, Aviation, Banking and Telecommunications. Is also offering consultancy, training, legal & full compliance services in the Cyber Security area for the new IMO ISM Code 2021, GDPR, NISD, TMSA3 and ISO27001.
Combination of technologies, such as machine learning with Artificial Intelligence for intrusion detection and prevention have been developed to address future cyber challenges.
Crontab Cyber Security Academy train employers, employees and personnel in current cyber security challenges and issues via our cyber security awareness and mastering cyber security seminars.
Our goal is to provide the best cyber security protection possible in the industries using new innovative technologies.