MSC.1-Circ.1639-TheGuidelinesOnCyberSecurityOnboardShips(Secretariat)

MSC.1/Circ.163914June2021THE GUIDELINES ON CYBER SECURITY ONBOARD SHIPS1 The Facilitation Committee at its forty-first session (4 to 7 April 2017),and theMaritime Safety Committee at its ninety-eighth session (7 to 16 June 2017),in approvingGuidelines on maritime cyber risk management (MSC-FAL.1/Circ.3),identified cyber riskmanagement as critical to the safety and secunty of shipping and protection of the marineenvironment,and gave high-level guidance on cyber risk management referencing the latestversion of The Guidelines on cyber security onboard ships,jointly developed by a number ofindustry associations.2Resolution MSC.428(98)on Maritime cyber risk management in safety managementsystems furthermore affimmed that an approved Safety Management System (SMS)shouldtake into account cyber risk management in accordance with the objectives and functionalrequirements of the ISM Code,encouraged Administrations to ensure that cyber risks areappropriately addressed in SMS not later than the first annual verification of the company'sDocument of Compliance after 1 January 2021,acknowledged necessary precautions thatcould be needed to preserve the confidentiality of certain aspects of cyber risk management,and finally requested Member States to bring the resolution to the attention of all stakeholders.3At its 103rd session,the Maritime Safety Committee was informed that to stay abreastwith technical developments and recent experience in the field of cybersecurity,and in linewith IMO guidelines and decisions,the industry associations behind The Guidelines on cybersecurity onboard ships had,on 23 December 2020,published a fourth version of theGuidelines,available through the IMO website (www.imo.org)at the following address:https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx4Member States are invited to take into account the guidance provided in version fourof The Guide lines on cyber security onboard ships,and advise relevant stakeholders includingshipowners,-operators,and -managers to consider,as appropriate,these Guidelines whenaddressing cyber risks on ships,in accordance with the objectives and functional requirementsof the ISM Code,as encouraged by resolution MSC.428(98).