Guidelines for cyber risk management in shipboard operational technology systems

TL;DR

This paper presents comprehensive cybersecurity guidelines tailored for shipboard operational technology systems, aiming to improve maritime cyber risk management through risk identification, mitigation, assessment, and practical checklists.

Contribution

It introduces new maritime cyber risk management guidelines focusing on four critical shipboard OT systems, including risk identification, mitigation measures, and assessment tools.

Findings

Guidelines cover four key OT systems: Communication, Propulsion, Machinery, Navigation.

The guidelines include risk mitigation measures and assessment checklists.

Disseminated by Singapore's MPA to enhance maritime cyber hygiene.

Abstract

Over the past few years, we have seen several cyber incidents being reported, where some of the primary causes were the lack of proper security controls onboard the ship and crew awareness on cybersecurity. In response to the growing cyber threat landscape in the maritime sector, we have developed a set of guidelines for maritime cyber risk management, focusing on four major shipboard Operational Technology (OT) systems that are crucial for the day-to-day operation of ships. These four OT systems are: Communication Systems, Propulsion, Machinery and Power Control Systems, Navigation Systems and Cargo Management Systems. The guidelines identify the cyber risks in each of the OT systems and recommend the necessary actions that can be taken to manage risks in each shipboard OT system. In this paper, we introduce the new guidelines, which include cyber risks, mitigation measures, cyber risk assessment, and a checklist to help shipowners and maritime authorities assess and enhance cyber hygiene of their vessels. Our guidelines have been disseminated by the Maritime and Port Authority of Singapore (MPA) to owners and operators of the Singapore Registry of Ships for their reference and use.