By Wu Xiaofeng & Xu You

Marine cyber security: challenge for shipping and shipbuilding industry

By Wu Xiaofeng & Xu You

With the arrival of the information and intelligence age, cyber space risk has become the concern for maritime legislation organizations and shipbuilding industry as a new kind of maritime risk.

IMO has held a preliminary discussion on cyber security during the meeting of MSC 95, definitively pointed out that the maritime community need to pay more attention to threaten of cyber space and make proper responses. BIMCO published the first “Guidelines for ship cyber security ”in the world in February, 2016, which attracted considerable attention in the maritime industry. IMO formally issued the “Interim guidelines for maritime cyber risk management” in the form of circular in June,2016, as the top management guidelines for shipowners and crew to carry out ship cyber risk management. At the meeting of MSC 97, some delegations suggested that IMO should consider to formulate mandatory action plans targeting at cyber space security management.

In the recently concluded MSC98 meeting, the countries again expressed their concern about the status of documents related to cyber security management, and discussed the issues of incorporating cyber security management into safety management system. Heated discussion was held, and relevant proposals were considered in detail in the working group. Delegates from more than 39 countries,2 intergovernmental organizations and 12 observers of non-government organizations participated in the working group. The maritime community agreed that maritime cyber risk management has become an urgent demand. IMO will issue resolution to further put forward means to deal with maritime cyber risk awareness while maintaining relevant documents to be non-mandatory.

Compared with the maritime industry, the shipbuilding industry has lagged behind in responding to cyber threat. The maritime industry has released a number of rules, but due to different focus, the different can only play a limited role in a specif i c link of the whole shipping system. For example, the interim guidelines of IMO are targeted more toward management of competent authorities, shipowners and ship operators, and the guidelines of shipping organizations focus on practice in ship operation.

From the perspective of shipbuilding industry , at present, there is no technical means in the form of rules to evaluate and manage the security of ship cyber system. Generally,in the industrial standards relating to network and information safety, the series of standards jointly issued by the International Standardization Organization (ISO )and the International ElectricalCommission(IEC )have strong influence.

ISO/TC 8 started the primary research on the management and risk evaluation of ship cyber security after the 96th meeting of MSC. This fully ref l ected the idea of ISO/TC 8 to respond in advance and timely to IMO and market demand and follow closely with technology trend. The cyber security standard of ISO/TC 8 focus on providing reference for industry main bodies such as information equipment manufacturers, system integrators etc. At present, countries such as china , USA, Japan, Britain and Denmark have shown high concern and have gotten involved in the issue of ship cyber security. For domestic equipment manufacturers and system integrators, active planning, integrating into the cycle life of the product the consideration of cyber security measures and active participation in the development of relevant standards and international regulations will promote the improvement of the competitive edge in the future.

At the same time, it is worth noticing that with the deepening of the information and intelligence technology of the shipping system, as well as the implementation of the strategies of E-navigation and intelligent ocean, IMO may spread its focus on maritime cyber security from shore-based facilities to the whole shipping industry chain. Cyber security will become the real “trans-boundary challenge”.