The US Coast Guard has formally approved an alternative security plan (ASP) from the Offshore Marine Service Association (OMSA) that incorporates cyber security guidance to assist offshore support vessel owners in managing cyber threats
With some 170 members serving the US offshore marine transportation sector, OMSA said its plan is the first ASP to incorporate cyber security requirements.
USCG regulations require vessels to have an approved security plan in place. As an alternative to writing their own plan, vessel operators can use a third-party plan, provided it is approved every five years by the USCG. As such, five trade associations offer ASPs to their members.
“By adding a cyber security section, the OMSA ASP is providing a clear path toward, and actionable tools to achieve, compliance with the existing and rapidly approaching vessel cyber security requirements for US-inspected vessels,” said OMSA in a release.
OMSA developed its section using the guidance recommended by the USCG and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, providing offshore support vessel operators with cyber security procedures for managing both IT and operational technology systems.
The OMSA ASP provides multiple control measures to prevent a cyber security-related incident and guidance on the response and reporting of a cyber security incident to support the vessel operator’s cyber security programme. The cyber security guidance has been fully integrated into the vessel security assessment (VSA) procedures and all forms and checklists as applicable. This provides guidance for vessel-specific cyber security measures to be developed by the company security officer and vessel security officer as part of the VSA.
“OMSA’s incorporation of cyber security into our ASP is evidence of our continued efforts to increase the level of membership service, specifically addressing the most pressing needs of our members,” said OMSA director of regulatory affairs Mark Crutcher. “While the OMSA ASP was initially written for vessels in the offshore oil and gas industry, this revision increased the scope to a broad range of vessels. OMSA also has ASPs available for barges and US vessels engaged in international markets,” added Mr Crutcher.
All maritime industry stakeholders should assess their cyber security stance. Hackers and bad actors are more frequently targeting shipping and logistics companies, according to a recent report. The report, Supply Chain Disruptions and Cyber Security in Logistics, released by New York-based BlueVoyant, shows ransomware attacks on shipping and logistics firms between 2019 and 2020 tripled – with almost all attacks resulting from phishing or exploitation of open remote desktop ports – making the sector especially vulnerable during the critical global Covid-19 vaccine rollout.
Over the last four years, the world’s largest shipping lines – AP Moller-Maersk, MSC, COSCO and CMA CGM – have all suffered cyber attacks. Earlier this month, Japan’s K-Line reported suffering its second cyber breach in four months.
Riviera Maritime Media will provide free technical and operational webinars in 2021. Sign up to attend on our events page