Page 20 - INTERCARGO - Annual Report 2022
P. 20

ANNUAL REVIEW




        Piracy and Armed Robbery at Sea                                                                                           Cyber Risks







        Incidents of piracy and armed robbery at sea have shown an encouraging reduction                                          According to the findings reported in             INTERCARGO is actively involved in supporting the implemen-
                                                                                                                                                                                    tation of IMO resolutions, and the work of the International As-
        throughout 2022. The number of incidents that took place in the Gulf of Guinea                                            the Allianz Global Claims Review 2022,            sociation of Classification Societies (IACS). There are a num-
        (West Africa) decreased in the first half of 2022 by 14 compared to the same period                                       cyber insurance claims have increased              ber of frameworks in place to assist shipowners to achieve
                                                                                                                                                                                     operational resilience to cyber risks:
        in 2021, when 27 incidents were reported. This constitutes a decrease of 52%.                                             significantly in recent years. For the last
                                                                                                                                                                                       •  IMO resolution on Maritime Cyber Risk Management in
        There is, however, still no room for complacency. Such attacks continue to take                                           two years more than 1,000 cyber claims                  Safety Management Systems (res MSC.428(98)).

        place around the world and the Straits of Malacca and Singapore were rated as                                             a year were reported, compared with                  •  IMO circular MSC-FAL.1/Circ.3/Rev.1, with high-lev-
        the areas most affected by acts of piracy and armed robbery against ships in                                              fewer than 100 in 2016. More than 60% of                el recommendations to safeguard emerging cyber
                                                                                                                                                                                          threats and vulnerabilities and include functional ele-
        January to June 2022.                                                                                                     system intrusion incidents came through                 ments that support effective cyber risk management.
                                                                                                                                  an organization’s partner. In the shipping           •  The Guidelines on Cyber Security Onboard Ships ver-
                                                                                                                                  sector, there have been at least nine high              sion 4, jointly developed by BIMCO, INTERCARGO et al.
        According to information received and made available in IMO’s   The shipping industry maintains a Maritime Global Security Web-                                                •  Voluntary cyber risk management guidelines to man-
                                                                                                                                  profile cyber incidents reported since
        GISIS module, 69 incidents of piracy and armed robbery against   site. The site contains guidance and external links, and the site is                                             age the cyber risks associated with the shipboard OT
        ships were reported to IMO as having occurred or been attempt-  navigated using the drop-down menus specifying the type of risk/  2017. Based on the analysis of incidents,       systems, developed by Singapore, in collaboration with
        ed in January to June 2022. For the same period in 2021, 88 inci-  issue, or the geography. International shipping industry associa-                                              the Singapore University of Technology and Design.
                                                                                                                                  the Review recommends that companies
        dents were reported. This therefore constitutes a decrease of ap-  tions including INTERCARGO have joined forces to continue up-                                               •  IAPH Cybersecurity Guidelines for Ports and Port Fa-
        proximately 22% at the global level compared to the same period   dating the resource.                                    consider disaster recovery planning, put
                                                                                                                                                                                          cilities.
        last year.                                                                                                                their plans to the test and then continue
                                                            ( https://www.maritimeglobalsecurity.org ).
                                                                                                                                                                                       •  IACS Rec.166  - Cyber Resilience.
        For ships operating in areas with reported piracy and armed rob-
                                                                                                                                  this testing regularly.
        bery cases, the best advice is to obtain access to the latest guid-                                                                                                            •  IACS Rec.171 on incorporating cyber risk management
        ance and best practice, carry out a risk assessment and follow in-                                                                                                                into Safety Management Systems, to support ship
        dustry best practice.                                                                                                                                                             owners for successful compliance with cybersecurity
                                                                                                                                                                                          requirements in the operational phase.
        It is essential to register and liaise with navy forces, to request sup-
        port and protection. During the communication vessels may be                                                                                                                 IACS has published new Unified Requirements (URs) for cyber
        sent updates on the security situation of intended sea passages                                                                                                              security, including:
        and potential vulnerability to attack.                                                                                                                                            (i)   UR E26 on cyber resilience of ships for shipyards/in-
        After more than a decade of effective threat-reducing counter-pira-                                                                                                               tegrators to demonstrate compliance, and
        cy operations, the shipping industry has decided to remove the ‘In-
                                                                                                                                                                                          (ii)   UR E27 on cyber resilience of onboard systems and
        dian Ocean High Risk Area’ (HRA). No piracy attacks against mer-
                                                                                                                                                                                          equipment for product suppliers to demonstrate com-
        chant ships have occurred off Somalia since 2018. The removal of
                                                                                                                                                                                          pliance with cyber security requirements, to be man-
        the HRA will come into effect on 1 January 2023. The shipping indus-
                                                                                                                                                                                          datory for classed ships for construction on or after
        try will continue to monitor and advise on maritime security threats
                                                                                                                                                                                          1 January 2024.
        to assist the safe transit of vessels and the seafarers who crew them.
        Pre-voyage threat and risk assessments should still be carried out                                                                                                           To supplement these measures, the shipping industry would
        considering the latest maritime security information from organi-                                                                                                            like to see the development of minimum critical cyber securi-
        sations supporting the Voluntary Reporting Area (VRA). Best Man-                                                                                                             ty controls for cyber defense to be applied to in-service ships
        agement Practices 5 (BMP5) will continue to provide the necessary                                                                                                            which are not covered by the new IACS URs
        guidance for shipping to ensure threat and risk assessments are de-
        veloped for every voyage to mitigate the risks presented by remain-
        ing security threats in the region.







              For more information on this topic please visit:                                                                   For more information on this topic please visit:
              intercargo.org/topics/piracy                                                                                       intercargo.org/topics/cyberisks


            18                                                                                                                                                                                                                    19
   15   16   17   18   19   20   21   22   23   24   25