船舶网络安全领域主要国际标准分析

为了提升网络安全管理水平,增强风险防范意识,国际海事组织(IMO)提出将波罗的海航运公会(BIMCO)发布的《网络安全指南》、国际标准化组织(ISO)和国际电工组织(IEC)发布的ISO/IEC 27001《信息安全管理系统》系列和美国国家标准研究院(NIST)发布的《提升关键基础设施网络安全框架》等文件纳入参考的建议。对NIST框架、ISO和IEC中网络安全相关的标准进行分析,认为现有的网络安全类国际标准多为通用类,可供各类航运和船舶工业机构选用以提升自身或产品应对网络风险的水平。在此基础上结合如ISO 23806和ISO 23799这类船舶领域专用国际标准的开发和应用,对IMO要求的落实和船舶网络安全的提升具有积极意义。

Analysis of Major International Standards in Ship Cyber Security Field

In order to raise the cyber security management level and enhance the risk prevention awareness,the International Maritime Organization(IMO)has proposed that the“Cyber Security Guidelines”issued by the Baltic and International Maritime Council(BIMCO),the ISO/IEC 27001“Information Security Management System”serial issued by the International Organization for Standardization(ISO)and the International Electrotechnical Organization(IEC)and the“Enhancement of Critical Infrastructure Network Security Framework”issued by National Institute of Standards and Technology(NIST)are adopted into the recommendations.The NIST framework and ISO and IEC standards relating with the cyber security are analyzed.It is thought that the existing international cyber security standards are mostly generic,which can be selected and used by various shipping and shipbuilding industry organizations to improve their own level or their products'level of cyber risk.On the basis,combined with the development and application of the special international standards in the marine field such as ISO 23860 and ISO 23799,it will be of positive significance to the implementation of IMO requirements and the improvement of ship network security.