BIMCO cyber clause welcomed by Naval Dome

The decision by BIMCO, the international shipowners’ association, to introduce a cybersecurity clause into its charter party agreements and other contracts has been welcomed by Naval Dome, the Israel-based developer of the award-winning Endpoint cybersecurity platform.

Asaf Shefi, CTO, Naval Dome said: “That the BIMCO cyber clause will precede the 2021 entry-into-force of IMO Resolution MSC.428(98), which will see cybersecurity measures included in the ISM Code, is very welcome news. The decision suggests that shipowners are now unwilling to wait for the regulators to implement change and are taking immediate action themselves.”

The BIMCO cyber clause is still at the draft stage but likely to include the need to protect both IT and OT-based systems onboard ship.

“While IT-related cyber protection is crucial to mitigating against fraud and data theft, the inclusion of Operation Technologies means that shipowners realise that critical systems – navigational, machinery and hotel systems – also need protection to prevent threats to crew, passenger and vessel safety,” said Mr Shefi.

With the market proliferation of maritime cyber solutions, however, Mr Shefi pointed out that a careful evaluation of the technologies available is required before any investments are made.

“Most cybersecurity systems just protect IT. Naval Dome Endpoint is the only cybersecurity system capable of protecting both IT and OT systems. As all shipboard systems are linked and inter-connected, BIMCO members should be aware that each individual IT and OT system onboard needs its own protection.”

It is the potential inclusion of a cyber liability clause, however, that Naval Dome CEO Itai Sela singles out for particular praise.

“The problems shipowners face ensuring their PC-based systems against cyberattack has been well documented, but this issue could be resolved with the BIMCO clause.”

BIMCO has said that liability for claims would be limited to US$100,000 unless a different amount is agreed during negotiations.

“This could mean that the end result of a cyberattack may not necessarily be put down to technical failure or human error – as these things frequently are. It could also make the introduction of cyber insurance-related policies a potentially more attractive proposition for the insurer,” said Mr Sela.

“At the very least, the new cyber clause will ensure parties are required to notify one another so that they can take the necessary precautions. It will ensure that contracted parties have procedures and systems in place to help minimise the cyber threat.”

The BIMCO decision follows a recent spike in high-profile cyber-attacks, such as those involving Maersk, COSCO, BW Group and broker Clarksons.

It is anticipated that the cyber clause will be included in BIMCO contracts from May 2019.