- The exchange of information and electronic data between ship and shore has increased significantly in the modern shipping industry. The shipping industry uses data for operation, remote monitoring, control physical processes etc. Information and electronic data exchange is required to be protected from the likelihood of cyber-attacks.
- To address this issue, IMO has adopted MSC.428 (98) on “Maritime Cyber Risk Management in Safety Management Systems”.
- For implementation of mitigation measures for cyber security risks onboard Indian Flag ships; DGS has issued ENGG. Circular No. 06 of 2017 dated 06/11/2017 and corrigendum dated 20/11/2017.
- Cyber risks are required to be addressed in safety management system with following proposed implementing procedure:
A. All new DOC applicants requesting for initial DOC audit on/after 1 January 2018:
- It is required to include procedures of cyber risk management in the SMS risk mitigation manuals which will be reviewed by Recognized Organization (RO) prior conduct of initial DOC audit by Administration.
- Implementation of said cyber security risk will be reviewed and verified during initial audit by administration and same will be reflected in initial audit report narrative and document review record narrative.
- During onboard initial audit, a suitable memo with respect to satisfactory compliance to said IMO requirement will be raised by RO in the survey status of each vessel owned/managed by the company.
B. All other existing DOC holders wishing to demonstrate compliance prior to 1st January 2021:
- A company wishing to demonstrate compliance with the said IMO requirement earlier may carry out a cyber risk assessment and include the mitigation procedures in their SMS after due review by RO.
- After review of SMS manual by RO; the Administration auditor will verify compliance during annual/renewal DOC audit and same will be reflected in audit report narrative and document review record narrative.
- Report of the DOC audit to be forwarded by company to RO which conducted previous SMS audits on company managed vessels.
- After demonstrating the verification of compliance in the last DOC audit; RO/Administration auditor will carry out the next due intermediate/renewal SMS audit and a suitable memo with respect to compliance with the requirement will be raised in the survey status of vessel(s).
C. On/ After 1 January 2021:
- No request of DOC annual/renewal audit will be accepted unless risk mitigation procedures reviewed by RO are included in the SMS manuals.
- No request for vessels SMC intermediate /renewal audit will be entertained unless the report narrative of previous DOC audit states compliance with the said IMO requirement with respect to cyber security risk management.
- Ship owners/ operators and masters are advised to be guided by above.
- DGS ENGG. Circular No. 06 of 2017
- DGS ENGG. Circular No. 06 of 2017-Corrigendum
This Technical Circular and the material contained in it is provided only for the purpose of supplying current information to the reader and not as an advice to be relied upon by any person. While we have taken utmost care to be as factual as possible, readers/ users are advised to verify the exact text and content of the Regulation from the original source/ issuing Authority.