Are you ready for MSC.428(98)? Find out what it means for your security today – and beat the deadline.
If you’re a ship owner or operator, IMO resolution MSC.428(98) should be at the forefront of your mind. No later than the first annual Document of Compliance (DOC) after 1st January 2021, every shipping company that owns or manages a fleet needs to be compliant with this resolution. To meet the new requirement, cyber-risk management solutions should be an integral part of the ship’s safety management system (SMS), in compliance with the International Safety Management (ISM) code.
Cyber-threat is now a real issue for the shipping industry
The shipping industry has seen a dramatic increase in cyber attacks in recent years. All of the four major shipping companies have experienced serious breaches. The 2017 NotPetya attack on APM-Maersk cost the company an estimated $250 – 300 million: it was one of the most devastating cyber-attacks in history.
Yet this is now the reality for modern, digitally connected and future-forward shipping. What makes shipping companies particularly vulnerable is the integration of previously standalone OT systems with IT systems. While it may be a boost to operational efficiency, the convergence of OT and IT has brought about serious security challenges. The access of business data and applications from anywhere at any time and with any device has rendered traditional security perimeters largely ineffective. Identity has become the new perimeter.
Three steps to MSC.428(98) compliance
When it comes to building cyber resilience, no two organisations are the same. To ensure effective compliance, we take a 3-step, customised approach:
- Thorough assessment of your organisation’s current risk profile
- Formulation of a clear cyber risk management plan based on your organisation’s specific needs. This will facilitate the documentation of your cyber security plans and actions during your upcoming DOC audit.
- Implementation of effective safeguards to secure your organisation. This includes updating your safety management system to reflect these changes.
The Zero Trust approach to cyber-threat
Now more than ever, your systems should authenticate and authorise users based on multiple factors. That way, you can understand who is accessing what data, when, where and why, and if they’re allowed to do so. The ‘never trust, always verify’ principle is central to the Zero Trust approach to cyber security, allowing you to give and get access, manage traffic and observe networking activity across multiple identifiers simultaneously – via location, time, identity, machine ID, and many more factors. For any organisation to become truly effective at building cyber resilience, Zero Trust should be at the forefront of your security strategy.
With our Compliance Package, MSC.428(98) is zero hassle
To help meet the MSC.428(98) standard, IMO published MSC-FAL.1/Circ.3. However, it merely provides high-level guidelines and is not prescriptive. As a result, many ship owners and operators may find themselves in the dark, not knowing where to start. To help you see the wood for the trees and achieve compliance effortlessly, Identity Methods has developed an easy-to-implement MSC.428(98) compliance package.
The MSC.428(98) Compliance Package for Shipping Firms
The pack is based around the five functional elements outlined by the guidelines presented in MSC-FAL.1/Circ.3.
- Identify: Define personnel roles and responsibilities for cyber-risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
- Protect: Implement risk control processes and measures, and contingency planning to protect against a cyber-event and ensure continuity of shipping operations.
- Detect: Develop and implement activities necessary to detect a cyber-event in a timely manner.
- Respond: Develop and implement activities and plans to provide resilience and to restore systems necessary for shipping operations or services impaired due to a cyber-event.
- Recover: Identify measures to backup and restore cyber systems necessary for shipping operations impacted by a cyber-event.
Starting from £12,000 for 10 days’ discovery and consultancy, we will lay out exactly how far along your firm is on the cybersecurity compliance journey. With over 100 years of combined career experience in our business, and vast expertise in working with transport and logistics, Identity Methods can commit to providing cutting-edge, Zero Trust solutions to help your firm reach its goals without compromising on your security. Get peace of mind on MSC.428(98): contact us and beat your compliance deadline today.