The Department for Transport has today (13 September) released a new "Cyber security: code of practice for ships."

The Code of Practice advises that it should be read by board members of organisations with one or more ships, insurers, ships' senior officers (for example, the Captain/Master, First Officer and Chief Engineer) and those responsible for the day-to-day operation of maritime information technology (IT), operational technology (OT) and communications systems.

It does not set out specific technical or construction standards for ship systems, but instead provides a management framework that can be used to reduce the risk of cyber incidents that could affect the safety or security of the ship, its crew, passengers or cargo.

It provides advice on:

  • developing a cyber security assessment and plan to manage risk
  • handling security breaches and incidents
  • highlighting national and international standards used
  • the relationship to existing regulation

The Code of Practice is to be used in organisations' risk management systems and in subsequent business planning.

The guidance is also compatible with the "Ports and port systems: cyber security code of practice" published by the Department for Transport on the 16 August 2016.