Commercial Vessel Compliance

6/30/2017: IMO approves resolution on cyber risk management

From the desk of Rear Adm. Paul Thomas, assistant commandant for prevention policy

At the 98th session of the Maritime Safety Committee held June 16, 2017, the International Maritime Organization (IMO) approved Resolution MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems.

(Editor’s note: Maritime Commons will update this post to provide a link to the draft resolution as soon as it is available online.)

The resolution affirms that approved safety management systems should take cyber risk management into account in accordance with the objectives and requirements of the International Safety Management Code. Drawing upon the recommendations published in MSC.1/Circ.1526 Guidelines on maritime cyber risk management, the resolution also reaffirmed that existing risk management practices should be used to address the operational risks associated with the growing dependence on cyber enabled systems.

Through the resolution, IMO member states are encouraged to ensure cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance after 1 January 2021. The Coast Guard will continue to work with industry partners to develop a clear and achievable path towards compliance in order to foster a resilient risk management approach towards cyber risks throughout the Marine Transportation System.

Along with the publication of the Guidelines on maritime cyber risk management, a growing body of research and best-practices regarding cyber risk management has been developed by Flag States, industry associations, and class societies. Of particular note is the recent work by the International Association of Class Societies, which is in the process of developing guidelines for improving the cyber resiliency of control systems onboard ships. Due to the rapidly evolving nature of cyber risks, continued engagement from all stakeholders is vital to the successful mitigation of cyber risks throughout the maritime industry.

The Coast Guard wants your feedback, questions and concerns. Submit feedback to Lt. Kevin Kuhn via email at or call 202-372-1372.


This blog is not a replacement or substitute for the formal posting of regulations and updates or existing processes for receiving formal feedback of the same. Links provided on this blog will direct the reader to official source documents, such as the Federal Register, Homeport and the Code of Federal Regulations. These documents remain the official source for regulatory information published by the Coast Guard.

Leave a Reply