Compliance with the IMO 2021 Cyber Security Regulation

Towards the safe and secure operation of vessels at sea and ashore, the International Maritime Organization (IMO) recently added cyber security requirements to critical safety management systems (SMS) under IMO Resolution MSC.428(98).  In recognition of the urgent cyber threats to the global shipping industry, and understanding the massive global impact that a high profile incident in a highly trafficked area, like the Suez Canal, can have on the world economy and geo-political environment, these regulations are long overdue.  As of January 1, 2021, operators must urgently address cyber security risks in order to maintain compliance ahead of the annual verification of their Document of Compliance (DOC).

The IMO resolution effectively addresses maritime cyber security risks inherent in safety management systems within the International Safety Management (ISM) Code.  A key element of effective cyber risk management is a process to harden SMS components and segment and secure portions of the network on which they operate. As a major cyber incident attack vector, unpatched operating systems and other critical software must be effectively and routinely updated to maintain regulatory compliance with the ISM Code.  Key risk assessment management processes must include the timely and routine patching and updating of onboard SMS components and other software infrastructure.

Resilio is a Proven Solution for System Updates Required to Achieve IMO 2021 Cyber Security Compliance

In light of the remote nature of the maritime industry operating environment, compliance with these new requirements is especially difficult.  The number of systems is large, the connectivity between the vessels is intermittent, onboard technical resources are limited, the software updates are often sizable and the typical commercial systems for endpoint and software maintenance are not designed with the maritime environment in mind.  The functional end result is massive cyber risk for ship owners as onboard systems often linger unpatched for many years in an environment where new cyber threats to those systems are discovered daily.

In the face of these challenges, Resilio has been helping maritime operators maintain the highest cyber security profile for years.  With our proprietary protocols, Resilio is the most reliable and resilient way to move large amounts of data (system updates and patches) over intermittent and low capacity networks.  Our process automation capabilities allow for the seamless remote installation of these updates without the need for onboard technical resources.  

We’ve been honored to work with some of the largest marine operators in the world and are currently deployed on over 1,000 vessels.

If you are looking to upgrade processes for SMS patching in compliance with IM0 2021 Cyber security guidelines, Resilio is designed to make this process effortless, even in the unforgiving environment at sea.

Learn more about Resilio’s Maritime Solutions or how Northern Marine Group (Stena) used Resilio to potentially save millions by reducing time to compliance by 92%

We would also like to invite you to schedule a demo or start a free trial, so you can see how Resilio’s Maritime Solution works. 

Additional resources:

Framework for Improving Critical Infrastructure Cybersecurity (The NIST Framework)

MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management.

USCG Office of Commercial Vessel Compliance (CG-CVC)  Mission Management System (MMS) Work Instruction (WI)

The Guidelines on Cyber Security Onboard Ships

IMO Maritime Cyber Risk 

SOLAS XI-2 and the ISPS Code