New report from Inmarsat Research Programme outlines how to meet cyber security responsibilities expected of cruise ship and ferry owners, managers and captains

Inmarsat has released a new, free of charge report covering new International Maritime Organization obligations and their implications for cruise ship and ferry professionals. The obligations enter into force next year and the report aims to support owners, managers and captains on compliance as they work to protect passenger ship cyber security.

Published by the Inmarsat Research Programme, Cyber Security requirements for IMO 2021 offers unique insights into Inmarsat’s cyber security experience and examples of real cyberattacks on vessels, providing cruise ship and ferry owners, managers, captains, engineers and technical officers with a guide to the criteria for compliance. By IMO resolution, passenger ship Safety Management Systems must be documented as including cyber risk management under the International Safety Management Code no later than the first annual audit after 1 January 2021.

The 40-page document highlights the way threats continue to adapt and evolve, reporting a fourfold increase in cyberattacks on maritime targets that coincides with the industry’s move to home-based working through the Covid-19 pandemic. It also provides a comprehensive explanation of the often misunderstood distinctions between anti-virus software and network endpoint security.

“As the passenger ship fleet heads towards a new regime on cyber security, this is a significant publication for anyone investigating the fast-evolving threats facing cruise vessels and ferries at sea,” said Peter Broadhurst, Senior Vice President, Safety, Security, Yachting and Passenger, Inmarsat Maritime. “Anyone wanting to know what the new IMO rules mean and, in Fleet Secure Endpoint, the viable solutions already available to support towards compliance can’t afford to miss Cyber Security requirements for IMO 2021.”

To deepen industry understanding of the new cyber security regime, the report summarises industry exposure to date, identifies the vessel-specific vulnerabilities that have driven regulators to act and explores the precedents from outside and inside the maritime sector for IMO rule development. The context provides a vital preamble to a clear and concise guide to IMO 2021 compliance and the steps required to identify, protect against, detect, respond to, recover from and report on cyberattacks aimed at passenger ships.

Inmarsat also provides guidance on Fleet Secure Endpoint (FSE), its cyber security protection, monitoring and reporting tool that can support cruise ship and ferry owners and managers towards compliance. Without additional hardware, FSE’s multi-layered network protection against phishing, spyware, botnets and more updates system status using software on end-user machines. 

Once more providing context, Cyber Security requirements for IMO 2021 focuses on FSE as a critical component in Total IT Best Practice for compliance, rather than providing a compliance solution in its own right. It also highlights Inmarsat’s role as partner to Maritime Cyber Security Awareness training developed for Stapleton International by MLA College, which is also available to FSE users.