The EU Network and Information Security Directive (NIS) requires maritime transport and other essential services to demonstrate that they have implemented ‘appropriate and proportionate’ cyber security measures. The NIS will come into force on 6 May 2018 and the Government has just published a consultation paper on the implementation of the NIS in the UK.
The largest port or harbour authorities and maritime transport companies headquartered in the UK will be directly impacted by these new provisions and there will inevitably be a trickle-down effect on small companies that contract with those organisations.The penalties for breach of the new laws will be substantial – 4% of global turnover or £17 million, whichever is the greater. These measures will be in addition to the other new cyber laws, such as the General Data Protection Regulation (GDPR), which are about to come into effect.
Over the last 18 months, the maritime sector has worked hard to focus its response to the growing cyber risk that it undoubtedly faces. In June 2017, we saw updated cyber security guidelines from the International Maritime Organisation (IMO) Safety Committee. These guidelines are tied into the ISM Code. Although the guidelines are currently“recommendatory”, they require cyber risk to be appropriately addressed in safety management systems no later than the first annual verification of a company’s “document of compliance” after 1 January 2021.
Network and Information Security Directive (NIS)
The latest development for UK-based maritime organisations comes with the publication of a Government consultation paper on the implementation of the Network and Information Security Directive (NIS) (EU 2016/1148). This EU Directive, which was approved in 2016, requires “essential services” to develop certain standards of ……(Read More) Source: Maritime Cyprus