Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

New OCIMF pre-fixture tanker vetting cyber requirement

November 27th 2017
Following the EXXON VALDEZ incident in 1989, the OCIMF started a pre-fixture tanker vetting program in 1993 with the introduction of the the Ship Inspection Report Program (SIRE). In 2004 OCIMF introduced the Tanker Management and Self Assessment (TMSA) program for the vetting of tanker owners’ office and/or management. The TMSA includes certain Key Performance Indicators and in 2008, OCIMF introduced TMSA Version 2 which has 12 performance elements.

In April 2017, the OCIMF issued TMSA Version 3 (please click here for details). In addition to the inclusion of ballast water management, fuel management and other items, Version 3 also contains a new Chapter 13 entitled “Maritime Security” with extensive on board and in the office cyber security vetting requirements. For the pre-fixture vetting review, Chapter 13 is dedicated to on board and office marine cyber security with OCIMF recommendations. Chapter 13 requires that the company must have a written plan identifying security threats. The cyber plan must include procedures to identify, mitigate and respond to security threats, i.e., drills/training/briefing and security patrols/searches. The cyber-plan elements may be included as amendments to existing SMS and ISPS plans.

Chapter 13 also attempts to promote on board cyber security awareness, i.e. it encourages people to lock unattended workstations, safeguard passwords, responsible use of social media and prevent the misuse of memory sticks/flash drives by ships’ personnel. Furthermore, OCIMF recommends:

• an internal cyber audit program,
• owners retain independent cyber specialist support, and
• updating vessel ISM System/SMS and ISPS ship security plans to address cyber security risks.

Until 31 December 2017, owners have the option to continue with TMSA Version 2. After 1 January 2018, only Version 3 will be available on the OCIMF vetting website for oil major/minor companies pre-fixture vessel vetting reviews. For owners with tankers on current time charters to the oil majors/minors, and merchant traders whose contracts have industry generic vetting approval/acceptance rider clauses, failure to comply with new OCIMF Chapter 13 vetting cyber compliance requirements could result in off hires and/or cancellations.

In July 2017, BIMCO released “The Guidelines on Cyber Security Onboard Ships, Version 2”. These Guidelines were a joint effort by various shipping organizations, including Intercargo, International Chamber of Shipping, Cruise Lines International Association, OCIMF and Intertanko. For pre-fixture vetting reviews, it is anticipated that the oil majors/minors will refer to BIMCO Guidelines Version 2 when assessing owner’s TMSA 3 responses. Reference is also made to the IMO’s Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3) of 5 July 2017.

As a pre-fixture vetting review is very subjective and varies between charterers, time will tell how each oil major/minor company implements the new Chapter 13. However, by 1 January 2018, owners should make best efforts to comply, especially to ensure that cyber risks are appropriately addressed in vessels’ safety management systems and ship security plans.