Reducing Maritime Cyber Risk

A new standard from ASTM International’s ships and marine technology committee (F25) is designed to assist and support the maritime industry in addressing cyber risks by leveraging existing safety management systems (SMS).
The new standard (soon to be published as F3449) would include guidelines to improve cyber safety, address vulnerability, recommend and outline training, and raise knowledge and awareness of cyber threats by leveraging documented, auditable SMS mechanisms. Most maritime operating companies have SMS as required by the International Maritime Organizations (IMO) International Safety Management (ISM) Code, and more recently Subchapter M in Title 46 Code of Federal Regulations (CFR) for the tug and barge industry.
“The intention of this guide is to use mandatory or voluntary safety management systems already in place to identify and proactively address cybersecurity issues that are a critical and ever-increasing safety concern in maritime operations,” says ASTM International member Todd Ripley, who serves in the Office of Safety at the U.S. Maritime Administration, that is an agency under the U.S. Department of Transportation.
According to Ripley, “This guide is intended to service the entire maritime community but will be most beneficial to resource-constrained organizations that may not have significant infrastructure or resources, or both, to secure comprehensive cybersecurity services and solutions.”