Cyber security is not just about preventing hackers gaining access to systems and information, potentially resulting in loss of confidentiality and/or control. It also addresses the maintenance of integrity and availability of information and systems, ensuring business continuity and the continuing utility of digital assets and systems. To achieve this, consideration needs to be given to not only protecting ship systems from physical attack, force majeure events, etc., but also to ensuring the design of the systems and supporting processes is resilient and that appropriate reversionary modes are available in the event of compromise.

Personnel security aspects are also important. The insider threat from shore-based or shipboard individuals who decide to behave in a malicious or non-malicious manner cannot be ignored. Ship owners and operators need to understand cyber security and promote awareness of this subject to their stakeholders, including their shipboard personnel.

This Code of Practice explains why it is essential that cyber security be considered as part of a holistic approach throughout a ship’s lifecycle, as well as setting out the potential impact if threats are ignored. The Code of Practice is intended to be used as an integral part of a company’s or ship’s overall risk management system and subsequent business planning, so as to ensure that the cyber security of the ship, or fleet, is managed cost effectively as part of mainstream business.

This Code of Practice should be read by board members of organisations with one or more ships, insurers, ships’ senior officers (for example, the Captain/Master, Chief Officer and Chief Engineer) and those responsible for the day-to-day operation of maritime information technology (IT), operational technology (OT) and communications systems. It does not set out specific technical or construction standards for ship systems, but instead provides a management framework that can be used to reduce the risk of cyber incidents that could affect the safety or security of the ship, its crew, passengers or cargo.

Click on below image to download full guidance paper

Source: UK Department for Transport

cyber-security-code-of-practice-for-ships-2017