2023 GMTSC Symposium

Governance and Regulation Panel Discussion

Ensuring Effective Cyber Risk Management in the International Maritime Sector - Panel Discussion

The maritime industry is undergoing a significant transformation based on the increased use of cyber-connected systems. While these systems improve commercial vessel and port facility operations, they also bring a new set of challenges affecting design, operations, maintenance, safety, security, training, and compliance surveys. These ongoing cybersecurity threats require the maritime community to effectively manage constantly changing cyber risks to create a safer maritime cyber environment.

The International Maritime Organization (IMO) has taken laudable steps to address maritime cybersecurity through Guidelines on Maritime Cyber Risk Management (Guidelines) and Resolution on Maritime Cyber Risk Management in Safety Management Systems. Since their promulgation, however, cyber threats facing the maritime industry have continued to grow in scale, frequency, and complexity. The constantly evolving nature of the cyber threat landscape warrants a concurrent examination of IMO guidance.

Presentations will review previous IMO actions related to cybersecurity, discuss any current gaps or areas for improvement, and propose possible next steps for safeguarding the global marine transportation system. The review will include a discussion on the history of the development of the current Guidelines as well as the initial decision to approach cybersecurity through the ISM Code as opposed to the ISPS Code. There may be areas for improvement under the current framework where cyber threats have evolved past the extent of current guidance. The aim is to inspire discussion on efforts to keep IMO guidance and standards relevant to the current cyber landscape, as well as methods to better establish a consistent baseline cyber readiness level throughout the global maritime network.

Panel 1: The goal of this session is to bring maritime and cyber professionals together to learn from each other and have a discussion on future trends in the shipping industry in relation to cyber risks and how governance and regulation could comply with this.