pdf ENG   pdf CHN

Cyber Risk Management Guidelines come into force on 1st January 2021 for all ships trading to the United States. The Guidance CVC-WI-027(1) can be found here.

Key points:

• Every flag state is in scope
• Serious deficiencies will require fixing and an external audit within 90 days or risk detention
• Minor deficiencies will need an internal audit within 90 days and the deficiencies to be fixed prior to departure
• Inspections will only cover networked systems directly relevant to vessel safety
• Where faults have occurred in systems critical for vessel safety the inspector/port security control officer is mandated to investigate if the cause was ‘cyber -related’, and if so whether the right procedures were followed prior to that fault occurring
• If the inspector believes there are clear grounds for an expanded inspection, and clear evidence is gathered of poor implementation of the cyber risk management element of the SMS, further deficiencies may be issued
• The US Coast Guard document focuses on safety and security. Environmental protection remains in scope, but appears deemphasised in the USCG document

See attached file: USCG Issue Cyber Risk Management Guidelines.pdf

 

美国海岸警卫队发布网络风险管理指南

针对所有贸易至美国的船舶的网络风险管理指南于2021年1月1日生效。指南CVC-WI-027(1)具体细节可点击此处查看。

要点:

• 每个船旗国都在该指导范围内
• 严重缺陷被要求在90天内修复并进行外部审核,否则有被拘留的风险
• 轻微缺陷需在90天内进行内部审核,并在开航前修复
• 检查的范围只包括和船舶安全直接相关的网络系统
• 如果对船舶安全至关重要的系统发生故障时,检查人员/港口安全管理员会被委派调查该问题是否和网络相关。如果相关,将调查在故障发生前是否遵循了正确的程序
• 如果检察人员认定有理由采取进一步检查,并且收集到明确的证据证明船舶安全管理体系中的网络风险管理部分存在执行不力,则可能开具进一步的缺陷证明
• 该指南聚焦船舶安全和安保。环境保护也在检查的范围内,但文件中未强调

详细信息请参阅附件。