IT baseline protection profiles of the BSI become part of the national recommendation for International Safety Management (ISM) code and thus ensure more cyber security on the world's oceans.
From 2021, new specifications for cyber security on board ships will apply in the maritime sector. With resolution MSC.428 (98) of the International Maritime Organization (IMO), shipping companies are required to protect themselves from cyber risks from 2021. For this purpose, the existing International Safety Management (ISM) code is used, an international set of rules that stipulate binding measures for organizing safe ship operations. To integrate cyber security, it is recommended that the Federal Office for Information Security (BSI) take into account the IT-Grundschutz as part of the national implementation in Germany. The BSI has published a corresponding circular "ISM CYBER SECURITY 2020" together with the trade association for the transport industry, post logistics and telecommunications (BG Verkehr), which is responsible for ships flying the German flag, and the Federal Maritime and Hydrographic Agency (BSH).
Cyber attacks with 'NotPetya' also hit large shipping companies
BSI President Arne Schönbohm explains: “A significant part of world trade is carried out with ships. In Germany, too, ships are an important component of passenger and freight traffic. The vulnerability of this logistics system, which is so important to all of us, was shown by the cyber attacks with the malware 'NotPetya' in 2017, which also hit large shipping companies and other logistics companies and resulted in damage running into the millions. We still see a lot of catching up to do in the implementation of the necessary IT security measures on board as well as on land. With the integration of the BSI's IT-Grundschutz in the national recommendation for the implementation of the new IMO requirements, we have now succeeded in creating the conditions for cyber security in maritime shipping to be sustainably improved. "
In 2018 and the beginning of 2020, the BSI published two IT-Grundschutz profiles for shipping companies (land operations and ship operations) that deal with cyber security in shipping. IT-Grundschutz profiles are sample security concepts that serve as templates for institutions with comparable framework conditions. Together, the two IT-Grundschutz profiles for minimum protection for land and ship operations are the entry point into cyber security for shipping companies.
More on this at BSI.bund.de