U.S. to impose tough Port State Control measures on cyber risk management

USCG will include cyber risk assessment in their PSC inspection post 1 January 2021. 

If objective evidence is found that the ship has failed to implement its SMS with respect to cyber risk management, the following actions may be taken by the PSCO:

  1. If cyber risk management has not been incorporated into the ship’s SMS by the company’s first annual verification of the DOC after January 1, 2021, a deficiency may be issued with action code 30 – Ship Detained, with the requirement of an external audit within 3 months or prior to returning to a U.S. port after sailing foreign.
  2. When objective evidence indicates that the ship failed to implement its SMS with respect to cyber risk management, a deficiency for both the operational deficiency and an ISM deficiency may be issued with an action code 17 – Rectify Prior to Departure and require the vessel to conduct an internal audit, focused on the vessel’s cyber risk management, within 3 months or, prior to returning to a U.S. port after sailing foreign.
  3. When objective evidence indicates there is a serious failure to implement the SMS with respect to cyber risk management that directly resulted in a cybersecurity incident impacting ship operations (e.g. diminished vessel safety/security, or posed increased risk to the environment), the PSCO may issue a deficiency for both the operational deficiency and an ISM deficiency with action code 30 – Ship Detained with the requirement of an external audit within 3 months or prior to returning to a U.S. port after sailing foreign.

You can learn more here.