New ASTM International Standard Aims to Reduce Maritime Cyber Risk

SOCP Members contributed their time and expertise under the leadership of Captain Robert Sheen, VP of Operations with Ocean Shipholdings, Inc. and Chair of the SOCP Security Working Group to assist the ASTM International’s Technical Committee on Ships and Marine Technology (F25) to develop and approve the new “Standard Guide for Inclusion of Cyber Risks into Maritime Safety Management Systems in Accordance with IMO Resolution MSC.428(98)—Cyber Risks and Challenges” Active Standard ASTM F3449. Participants in the development effort were operating companies, labor representatives, classification societies, government agencies including regulators, cybersecurity and information technology experts, and other maritime interests.

ASTM F3449 - 20 includes guidelines to improve cyber safety, address vulnerability, recommend and outline training, and raise awareness of cyber threats by leveraging documented, auditable Safety Management System (SMS) mechanisms. Most maritime operating companies have a SMS as required by the International Maritime Organization’s (IMO) International Safety Management (ISM) Code, and more recently Subchapter M in Title 46 Code of Federal Regulations (CFR) for the tug and barge industry.

This guide is meant to use mandatory or voluntary safety management systems already in place to identify and proactively address cybersecurity issues that are a critical and ever-increasing safety concern in maritime operations.

ASTM F3449 - 20 is intended to serve the entire maritime community but will be most beneficial to resource- constrained organizations that may not have significant infrastructure or resources, or both, to secure comprehensive cybersecurity services and solutions.