During the 107th session of the Maritime Safety Committee at IMO in 2023, a proposal was put forward by Canada, Marshall Islands, Norway, Singapore, United Kingdom, and United States to review the Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3/Rev.2). The proposal was accepted, and based on the input from 32 member states and 3 unions, various revisions were suggested for the guidelines.
During its 107th session, the Maritime Safety Committee reached an agreement to incorporate into its biennial agenda for the 2024-2025 period, as well as the provisional agenda of MSC 108, a focus on “Revision of the Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3/Rev.2) and identification of next steps to enhance maritime cybersecurity.” This initiative aims for completion by 2024 and extends an invitation to the FAL Committee to participate as an associated organ. The document represents the proposed draft revision of MSC-FAL.1/Circ.3/Rev.2 on Guidelines on Maritime Cyber Risk Management. If the proposed guidelines are accepted, it will be called MSC-FAL.1/Circ.3/Rev.3.
As underscored in document MSC 107/17/9 (Australia et al.), the maritime sector is undergoing significant changes driven by the growing reliance on interconnected cyber systems. While these systems enhance efficiency in commercial vessel and port operations, they also introduce heightened cyber threats and vulnerabilities. The frequency of cyber incidents has surged in recent years, posing a substantial risk to international maritime transport operations.
While Document MSC-FAL.1/Circ.3/Rev.2 and resolution MSC.428(98) offer valuable guidance on addressing cyber risks within Safety Management Systems, the evolving nature of cyber threats necessitates updated guidelines on risk management practices and procedures. These proposed revisions aim to assist Administrations, shipowners, operators, port States, and facilities in bolstering their awareness of maritime safety and security. Furthermore, they aim to maintain flexibility, enabling stakeholders to tailor measures to their specific practices and activities.
The proposed revisions include but not limited to:
- correction of spelling mistakes;
- definition of various notions (i.e. computer-based system, cyber incident, cyber risk management, IT, and OT);
- reference to IACS UR E26 & E27 as recommended standards;
- consideration of the latest version of the NIST Cyber Security Framework, NIST 2.0;
It is anticipated that these suggestions will be adopted in May 2024, leading to the revision of these guidelines for the benefit of stakeholders in the maritime industry. This updated guidance is considered a significant milestone in enhancing cyber security standards within the maritime sector amidst its digital transformation journey. It is possible to access revision proposals, as follows.
Loading...
Reload document 
Open in new tab 
The 
