Page 20 - INTERCARGO - Annual Report 2022

P. 20

ANNUAL REVIEW

Piracy and Armed Robbery at Sea Cyber Risks

Incidents of piracy and armed robbery at sea have shown an encouraging reduction According to the findings reported in INTERCARGO is actively involved in supporting the implemen-
tation of IMO resolutions, and the work of the International As-
throughout 2022. The number of incidents that took place in the Gulf of Guinea the Allianz Global Claims Review 2022, sociation of Classification Societies (IACS). There are a num-
(West Africa) decreased in the first half of 2022 by 14 compared to the same period cyber insurance claims have increased ber of frameworks in place to assist shipowners to achieve
operational resilience to cyber risks:
in 2021, when 27 incidents were reported. This constitutes a decrease of 52%. significantly in recent years. For the last
• IMO resolution on Maritime Cyber Risk Management in
There is, however, still no room for complacency. Such attacks continue to take two years more than 1,000 cyber claims Safety Management Systems (res MSC.428(98)).

place around the world and the Straits of Malacca and Singapore were rated as a year were reported, compared with • IMO circular MSC-FAL.1/Circ.3/Rev.1, with high-lev-
the areas most affected by acts of piracy and armed robbery against ships in fewer than 100 in 2016. More than 60% of el recommendations to safeguard emerging cyber
threats and vulnerabilities and include functional ele-
January to June 2022. system intrusion incidents came through ments that support effective cyber risk management.
an organization’s partner. In the shipping • The Guidelines on Cyber Security Onboard Ships ver-
sector, there have been at least nine high sion 4, jointly developed by BIMCO, INTERCARGO et al.
According to information received and made available in IMO’s The shipping industry maintains a Maritime Global Security Web- • Voluntary cyber risk management guidelines to man-
profile cyber incidents reported since
GISIS module, 69 incidents of piracy and armed robbery against site. The site contains guidance and external links, and the site is age the cyber risks associated with the shipboard OT
ships were reported to IMO as having occurred or been attempt- navigated using the drop-down menus specifying the type of risk/ 2017. Based on the analysis of incidents, systems, developed by Singapore, in collaboration with
ed in January to June 2022. For the same period in 2021, 88 inci- issue, or the geography. International shipping industry associa- the Singapore University of Technology and Design.
the Review recommends that companies
dents were reported. This therefore constitutes a decrease of ap- tions including INTERCARGO have joined forces to continue up- • IAPH Cybersecurity Guidelines for Ports and Port Fa-
proximately 22% at the global level compared to the same period dating the resource. consider disaster recovery planning, put
cilities.
last year. their plans to the test and then continue
( https://www.maritimeglobalsecurity.org ).
• IACS Rec.166 - Cyber Resilience.
For ships operating in areas with reported piracy and armed rob-
this testing regularly.
bery cases, the best advice is to obtain access to the latest guid- • IACS Rec.171 on incorporating cyber risk management
ance and best practice, carry out a risk assessment and follow in- into Safety Management Systems, to support ship
dustry best practice. owners for successful compliance with cybersecurity
requirements in the operational phase.
It is essential to register and liaise with navy forces, to request sup-
port and protection. During the communication vessels may be IACS has published new Unified Requirements (URs) for cyber
sent updates on the security situation of intended sea passages security, including:
and potential vulnerability to attack. (i) UR E26 on cyber resilience of ships for shipyards/in-
After more than a decade of effective threat-reducing counter-pira- tegrators to demonstrate compliance, and
cy operations, the shipping industry has decided to remove the ‘In-
(ii) UR E27 on cyber resilience of onboard systems and
dian Ocean High Risk Area’ (HRA). No piracy attacks against mer-
equipment for product suppliers to demonstrate com-
chant ships have occurred off Somalia since 2018. The removal of
pliance with cyber security requirements, to be man-
the HRA will come into effect on 1 January 2023. The shipping indus-
datory for classed ships for construction on or after
try will continue to monitor and advise on maritime security threats
1 January 2024.
to assist the safe transit of vessels and the seafarers who crew them.
Pre-voyage threat and risk assessments should still be carried out To supplement these measures, the shipping industry would
considering the latest maritime security information from organi- like to see the development of minimum critical cyber securi-
sations supporting the Voluntary Reporting Area (VRA). Best Man- ty controls for cyber defense to be applied to in-service ships
agement Practices 5 (BMP5) will continue to provide the necessary which are not covered by the new IACS URs
guidance for shipping to ensure threat and risk assessments are de-
veloped for every voyage to mitigate the risks presented by remain-
ing security threats in the region.

For more information on this topic please visit: For more information on this topic please visit:
intercargo.org/topics/piracy intercargo.org/topics/cyberisks

18 19

15 16 17 18 19 20 21 22 23 24 25