Guidelines on Maritime Cyber Risk Management

This document is a set of guidelines on maritime cyber risk management approved by the Facilitation Committee and the Maritime Safety Committee. The guidelines provide high-level recommendations aimed at safeguarding ships from current and emerging cyber threats and vulnerabilities. It outlines the importance of integrating cyber risk management into existing safety and security practices within the maritime industry. The guidelines emphasize the need for stakeholders to take necessary steps to protect shipping operations from digital threats, highlighting the significance of risk management processes in the context of increasing reliance on digital technologies. The document also defines key terms related to cyber risk management, including Computer Based Systems (CBS), cyber incidents, and operational technology. It discusses the various elements of cyber risk management, including the need for a comprehensive approach that involves senior management and continuous evaluation of cyber risk postures. The guidelines are intended for ships and aim to promote safety and security management practices in the cyber domain.