The code revision of ISM MSC.428(98) code is in application since January 1st. It requires ship owners and managers to assess cyber risk and implement relevant measures across all functions of their safety management system. It has a reference to the BIMCO guide : The guidelines on cyber security onboard ships.
The v3 of this guide has been published in December 2018, the v4 just got out a few days ago.
The formatting has changed and the content enriched between v3 and v4. It is a fairly rich and useful document to guide a cybersecurity approach, a must have to keep on your bedside table next to the other reference texts
A proposal of role mapping is now detailled :
This matrix helps understand how a cyber security strategy will concern everyone in an organization. We should also add the crew members, Captain and Chief-Officer, which are onboard responsible for the application of the cyber security policy.
The role we have with our customers is the one of Ship IT manager : we help you define a cyber security strategy to apply in your company, and we are the ones implementing it. As such, we collaborate with everyone in your organization.
Large companies with fleets of hundreds of vessels can internalize these operations within an IT department and a full IT team, but mid-sized companies will be interested in working with service providers: it is a way of pooling access to experts and control costs, while developing its own cybersecurity strategy.