Skip to main content




Friday, December 14, 2018 

Norwegian insurer Gard has urged shipowners of the need to strengthen their cyber security procedures onboard ship. The call for a greater level of protection arrives ahead of the 2021 introduction of IMO rules to incorporate cyber risk into a ship’s safety management system.

"Shipowners and operators who have not already done so, should undertake risk assessments and incorporate measures to deal with cyber risks in their ship’s safety management systems (SMS) and crew awareness training,” says Gard in an emailed circular.

In particular, the insurer recommends that companies should fully understand the ship’s IT and OT systems and how these systems connect and integrate with the shore side, including public authorities, marine terminals and stevedores.

With the recent publication of the third edition of Guidelines on Cyber Security Onboard Ships, Gard warns that cyber incidents are likely to result in physical effects and potential safety and/or pollution incidents. As such, it advises companies of a need to assess the risks arising not only from the use of IT equipment but also from OT equipment onboard ships and to establish appropriate safeguards to mitigate the risk.

“Some IT and OT systems can be accessed remotely and may have a continuous internet connection for remote monitoring, data collection, maintenance, safety and security. These can be ‘third-party systems’, whereby the contractor monitors and maintains the systems from a remote location and can be both two-way data flow or upload-only,” says Gard.

 “Our recommendation is to take a holistic approach to the cyber risks to protect the confidentiality, integrity and accessibility of both IT and OT systems through measures covering processes, technology and most importantly people. The easiest and most common way for cyber criminals to gain access, is through negligent or poorly trained individuals,” the insurer says.

The insurer says that senior management should embed a “culture of cyber risk awareness” into all levels and departments onboard a ship and that should be in continuous operation and constantly evaluated.

According to the Gard, the latest cyber security surveys show that the industry is more aware of the issue and has increased cyber risk management training, but there is still room for improvement. This has also been confirmed by the 2018 Crew Connectivity Survey by Futurenautics group, where only 15% of seafarers acknowledge having received cyber security training, and only 33% said the company they last worked for had a policy of regularly changing passwords onboard.

 “Today, the weakest link when it comes to cyber security is the human factor. It is therefore important that seafarers are given proper training to help them identify and report cyber incidents.”

Reader Comments (0)

There are currently no comments on this article. Why not be the first and leave your thoughts below.

Leave Your Comment

Please keep your comment on topic, any inappropriate comments may be removed.

Return to index

Web Analytics