Home
About
About
People
Expertise
Expertise
Solutions
News and Insights
News and Insights
Careers
Contact
News and Insights
Lockton Marine Market Reports
The Lockton Marine Podcast
Protection and Indemnity
Hull and Machinery and other PD insurances
Marine Project Risk
Claims Services
Lockton Edge
Lockton Marine
History
Brand Values
Close
Menu
chevron in light blue
Back
Dec 12, 2018
|
Lockton Edge
Edge
London

Industry publishes improved cyber guidelines

The European Union’s Emissions Trading System (EU ETS) was extended to cover emissions from shipping as of 1st January 2024.

The EU ETS is limited by a 'cap' on the number of emission allowances. Within the cap, companies receive or buy emission allowances, which they can trade as needed. The cap decreases every year, ensuring that total emissions fall.

Each allowance gives the holder the right to emit:

  • One tonne of carbon dioxide (CO2), or;
  • The equivalent amount of other powerful greenhouse gases, nitrous oxide (N2O) and perfluorocarbons (PFCs).
  • The price of one ton of CO2 allowance under the EU ETS has fluctuated between EUR 60 and almost EUR 100 in the past two years. The total cost of emissions will vary based on the cost of the allowance at the time of purchase, the vessel’s emissions profile and the total volume of voyages performed within the EU ETS area. The below is for illustration purposes:
  • ~A 30.000 GT passenger ship has total emissions of 20.000 tonnes in a reporting year, of which 9.000 are within the EU, 7.000 at berth within the EU and 4.000 are between the EU and an outside port. The average price of the allowance is EUR 75 per tonne. The total cost would be as follows:
  • ~~9.000 * EUR 75 = EUR 675.000
  • ~~7.000 * EUR 75 = EUR 525.000
  • ~~4.000 * EUR 75 * 50% = EUR 150.000
  • ~~Total = EUR 1.350.000 (of which 40% is payable in 2024)
  • For 2024, a 60% rebate is admitted to the vessels involved. However, this is reduced to 30% in 2025, before payment is due for 100% with effect from 2026.
  • Emissions reporting is done for each individual ship, where the ship submits their data to a verifier (such as a class society) which in turns allows the shipowner to issue a verified company emissions report. This report is then submitted to the administering authority, and it is this data that informs what emission allowances need to be surrendered to the authority.
  • The sanctions for non- compliance are severe, and in the case of a ship that has failed to comply with the monitoring and reporting obligations for two or more consecutive reporting periods, and where other enforcement measures have failed to ensure compliance, the competent authority of an EEA port of entry may issue an expulsion order. Where such a ship flies the flag of an EEA country and enters or is found in one of its ports, the country concerned will, after giving the opportunity to the company concerned to submit its observations, detain the ship until the company fulfils its monitoring and reporting obligations.
  • Per the EU’s Implementing Regulation, it is the Shipowner who remains ultimately responsible for complying with the EU ETS system.

There are a number of great resources on the regulatory and practical aspects of the system – none better than the EU’s own:

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A02003L0087-20230605

https://climate.ec.europa.eu/eu-action/transport/reducing-emissions-shipping-sector_en

https://climate.ec.europa.eu/eu-action/eu-emissions-trading-system-eu-ets/what-eu-ets_en

A third edition of industry cyber risk management guidelines has addressed the requirement to incorporate cyber risks in the ship’s safety management system (SMS). The new edition also reflected a deeper experience with risk assessments of operational technology (OT) such as navigational systems and engine controls, and provides more guidance for dealing with the cyber risks to the ship arising from parties in the supply chain.

Dirk Fry, chair of BIMCO’s cyber security working group and Director of Columbia Ship Management Ltd, said that “the industry will soon be under the obligation to incorporate measures to deal with cyber risks in the ship’s safety management system. This had not been tackled in the previous versions”, adding that “the third edition provides additional information which should help shipping companies carry out proper risk assessments and include measures in their safety management systems to protect ships from cyber-incidents. A new dedicated annex provides measures that all companies should consider implementing to address cyber risk management in an approved SMS”.

He noted that this was “much easier said than done”, noting that criminals trying to exploit companies or breach their security were getting more inventive by the minute.
Fry noted that the new guidelines were the third edition in as many years, which reflected “the constantly evolving nature of the risks and challenges”.

In 2017 the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code. It further encouraged administrations to ensure that cyber risks were appropriately addressed in SMS no later than the first annual verification of the company’s Document of Compliance after January 1st 2021.

The same year, IMO developed guidelines that provided high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities. As also highlighted in the IMO guidelines, effective cyber risk management should start at the senior management level. Senior management should embed a culture of cyber risk awareness into all levels and departments of an organization and ensure a holistic and flexible cyber risk management regime that is in continuous operation and constantly evaluated through effective feedback mechanisms. The commitment of senior management to cyber risk management was a central assumption on which the Guidelines on Cyber Security Onboard Ships had been developed.

The Guidelines had been aligned with IMO resolution MSC.428(98) and IMO’s guidelines and provide practical recommendations on maritime cyber risk management covering both cyber security and cyber safety.

A typical incident was recounted, where an unrecognized virus in an ECDIS delayed the sailing of a new-build dry bulk ship for several days. The ship was designed for paperless navigation and was not carrying paper charts. The failure of the ECDIS appeared to be a technical disruption and was not recognized as a cyber issue by the ship’s master and officers. A producer technician had to visit the ship and, after spending a significant time in troubleshooting, discovered that both ECDIS networks were infected with a virus. The virus was quarantined and the ECDIS computers were restored. The source and means of infection in this case were unknown, but the delay in sailing and costs in repairs came to hundreds of thousands of dollars.

BIMCO, InterManager, International Association of Dry Cargo Shipowners (INTERCARGO), International Association of Independent Tanker Owners (INTERTANKO), International Chamber of Shipping (ICS), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF) and World Shipping Council (WSC), produced the third edition.

The work was supported by:
Anglo Eastern, Colombia Ship Management, Maersk Line, Moran Shipping Agencies as well as the cyber security experts NCC, SOFTimpact, Templar Executives and Cyber Keel.

SOURCE: BIMCO, INSURANCE MARINE NEWS

PDF
Download
No items found.
© 2024 Lockton Edge.
All rights reserved.
locktonmarine.com
external link icon