Considering the cost of cyber security

Malcolm Latarche
Malcolm Latarche

21 November 2016


Cyber security will once again be on the agenda this week as the IMO’s MSC meets for its 97th session. The meeting will consider if the interim guidelines on cyber risk management adopted at MSC 96 and issued as MSC.1/Circ.1526 in June this year should be included into ship security plans and even made mandatory as part of cyber risk code. The question of cyber security is arguably one that shipowners should address themselves in the same way as all businesses and individuals need to do in the modern era. Beyond potential corruption of systems such as ECDIS or interference in GPS and similar satellite positioning networks, the question of cyber security would appear to be more of a commercial matter than one which the IMO should be making prescriptive regulations about. Where there is a risk to safety, this has come about because of the drive by the IMO and the EU to increase the use of electronics and communications on ships for reasons that shipowners in the main would not see as of much benefit and which without IMO regulations would likely not have bothered to adopt. The coming into force of the ballast water convention and the adoption at MEPC last month of the 2020 date for lowering the global sulphur cap have already imposed a heavy financial burden on the shipping industry; bringing in a new Cyber Security Code that would likely be a bandwagon for ‘experts’ to hop on as was the case with ISM and ISPS Codes is an additional expense that many owners might prefer not to be exposed to at this particular moment in time.