Recommendation 17

HM Government Accepted

The Government agrees and is taking an active role in bringing together a wide range of cyber security activities to support the maritime sector. This includes the development of technical guidance to support industry on specific topics. The Government is also engaging with stakeholders to understand issues and identify solutions, working with the maritime sector in the UK and our Overseas Territories to ensure the Red Ensign Group of shipping is supported. Both the latest National Strategy for Cyber and the National Strategy for Maritime Security were published in the second half of 2022. Overall, the Government’s vision is that by 2030, the UK will continue to be a leading responsible and democratic cyber power, able to protect and promote our interests in, and through, cyberspace in support of national goals, particularly in the maritime sector. DfT is currently producing an update to the existing 2017 Guidance: Cyber Security Code of Practice for Ships to ensure it is comprehensive and up to date in line with evolving cyber threats to the maritime domain, vessels and companies. This updated version will provide the maritime industry with a coordinated and updated UK Government referenced product. This will include a cyber framework which provides an overview of how a cyber-attack could transpire in the maritime domain, mitigating actions and best practice that industry should consider in alignment with IMO regulations. It will support industry when developing a company’s or ship’s overall risk management system and subsequent business planning for cyber security practices. Cyber security is not an issue that can be solved with an exclusive domestic focus. Internationally the Government is working with like-minded partners and allies to develop consistent, coherent approaches to supporting the global maritime sector, including working with the International Maritime Organization and other international organisations to deliver comprehensive multilateral approaches. DfT are active members in the International Partnership for Maritime Cyber Security, a group which also consists of; the Department of Home Affairs (Australia), Danish Maritime Authority (Denmark), National Cyber Security Centre (Netherlands), Cyber Security Agency (Singapore), and the U.S. Coast Guard (USA). The UK has recently co-sponsored a maritime cyber security paper, with international partners, which proposes that the IMO’s Maritime Safety Committee undertakes a comprehensive review and update of the 2017 Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3/Rev.2). The Government’s aim is to support the UK maritime industry in taking the necessary steps to safeguard shipping from current and emerging threats and vulnerabilities related to digitisation, integration and automation of processes and systems in commercial shipping. It is essential that the maritime industry has a resilient cyber security and risk management capability and are in step with changes to international regulations. DfT is monitoring developments in cyber security and technology, meet with industry, and review the guidance on a regular basis.