Guidelines for cyber risk management in shipboard operational technology systems

Abstract: Over the past few years, we have seen several cyber incidents being reported, where some of the primary causes were the lack of proper security controls onboard the ship and crew awareness on cybersecurity. In response to the growing cyber threat landscape in the maritime sector, we have developed a set of guidelines for maritime cyber risk management, focusing on four major shipboard Operational Technology (OT) systems that are crucial for the day-to-day operation of ships. These four OT systems are: Communication Systems, Propulsion, Machinery and Power Control Systems, Navigation Systems and Cargo Management Systems. The guidelines identify the cyber risks in each of the OT systems and recommend the necessary actions that can be taken to manage risks in each shipboard OT system. In this paper, we introduce the new guidelines, which include cyber risks, mitigation measures, cyber risk assessment, and a checklist to help shipowners and maritime authorities assess and enhance cyber hygiene of their vessels. Our guidelines have been disseminated by the Maritime and Port Authority of Singapore (MPA) to owners and operators of the Singapore Registry of Ships for their reference and use.