Asaf Shefi, Naval Dome CTO, said: “That the BIMCO cyber clause will precede the 2021 entry-into-force of IMO Resolution MSC.428(98), which will see cyber security measures included in the ISM Code, is very welcome news. The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves.”
BIMCO’s cyber clause is still at the draft stage but is likely to include the need to protect both IT and OT-based systems on board ship.
“While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of operation technologies means that shipowner realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” Shefi added.
With the market proliferation of maritime cyber solutions, however, Shefi pointed out that a careful evaluation of the technologies available is required before any investments are made.
“Most cyber security systems just protect IT. Naval Dome Endpoint is the only cyber security system capable of protecting both IT and OT systems. As all shipboard systems are linked and inter-connected, BIMCO members should be aware that each individual IT and OT system on board needs its own protection.”
It is the potential inclusion of a cyber liability clause, however, that Naval Dome CEO Itai Sela singled out. “The problems shipowners face insuring their PC-based systems against cyber attack has been well documented, but this issue could be resolved with the BIMCO clause,” he said.
BIMCO has said that liability for claims would be limited to $100,000 unless a different amount is agreed during negotiations.
“This could mean that the end result of a cyber attack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” said Sela.
“At the very least, the new cyber clause will ensure parties are required to notify one another so that they can take the necessary precautions. It will ensure that contracted parties have procedures and systems in place to help minimise the cyber threat,” he added.
The BIMCO decision follows a recent spike in high-profile cyber-attacks, such as those involving Maersk, COSCO, BW Group and broker Clarksons.
It is anticipated that the cyber clause will be included in BIMCO contracts from May, 2019.