Three different things can put a ship out of service without a wave touching it: an armed boarding party, a forged access pass at a terminal gate, and a piece of malware in the ECDIS. They sit in three separate regulatory worlds, written by three separate bodies, insured under three separate policies, yet a master crossing the Gulf of Aden in 2026 has to hold all three in mind at once. This is the hub for maritime security and risk, the corner of the industry where the threat is deliberate rather than accidental: a person, a state, or a piece of code trying to take the ship, its cargo, or its data. It sits under the security, defense, technology and specialized operations portal because the rules here are security rules, not the safety conventions that govern a fire or a collision. The hub routes down to three cluster hubs, one per pillar, and the calculators that price the risk, such as the war-risk additional premium calculator and the BMP5 piracy transit calculator.
The three pillars share one habit of mind & differ in almost everything else. Physical security asks who can reach the ship; cyber security asks who can reach its systems; war-risk and high-risk-area transit asks who is shooting, and what the insurer will charge to cover the voyage. Each pillar names a deliberate adversary, assigns a defense, and proves the defense by audit, by class survey, or by an underwriter’s willingness to write the cover. The three cluster hubs take them in turn: ISPS and port-facility security for the physical pillar, maritime cyber security for the digital pillar, and war risk and high-risk areas for the transit pillar. The rest of this hub walks the three in order and shows where they meet.
The three pillars at a glance
The cleanest way to hold the three pillars apart is by the question each answers and the instrument that answers it. Physical security is governed by an IMO code with the force of treaty law; cyber security is governed by a management-system requirement backed by class rules; war risk is governed by an insurance market and a set of industry practices rather than by regulation at all. The threats overlap at the edges, piracy is both a physical-security and a war-risk concern, but the controlling instrument differs, and so does the document a ship must carry to prove compliance.
| Pillar | Primary threat | Controlling instrument | Key control on the ship |
|---|---|---|---|
| Physical and port-facility security | Boarding, stowaways, sabotage, terrorism at the ship/port interface | SOLAS Chapter XI-2 and the ISPS Code (in force 1 July 2004) | International Ship Security Certificate, ship security plan, SSO, SSAS, security levels 1 to 3 |
| Cyber security | Malware, intrusion, GPS or AIS spoofing, OT compromise | IMO MSC.428(98) in the SMS (from 2021); IACS UR E26/E27 for newbuildings | Cyber risk addressed in the safety-management system; protected ECDIS, networks, and OT |
| War risk and high-risk-area transit | War, piracy, terrorism, mines, drone and missile attack | War-risk insurance; Lloyd’s JWC Listed Areas; BMP5; UKMTO | Additional war-risk premium, hardened transit, UKMTO reporting, citadel |
The table understates how often the three meet on a single voyage. A tanker transiting the Bab-el-Mandeb in 2026 carries a valid ISSC for the physical pillar, an SMS that addresses cyber risk for the digital pillar, and a war-risk cover with an additional premium for the Red Sea Listed Area, all at once. The pillars are administered separately but applied together, which is why this hub treats them as one subject rather than three.
The three pillars also arrived in three different decades, and the chronology explains why they feel so different to apply. The dates below are the entry-into-force or application dates of the governing instruments, not the date any single ship complied.
- 1988: the Convention for the Suppression of Unlawful Acts Against the Safety of Maritime Navigation (the SUA Convention) is adopted, the legal backstop that makes seizing or attacking a ship a crime states must prosecute.
- 2002 to 2004: SOLAS Chapter XI-2 and the ISPS Code are adopted in December 2002 and enter into force on 1 July 2004, the physical-security pillar.
- 2008: the Somali piracy wave drives the first naval task forces and the early Best Management Practices editions into the Gulf of Aden and Indian Ocean, with UN Security Council Resolution 1816 (June 2008) authorizing states cooperating with Somalia’s government to enter Somali territorial waters and Resolution 1851 (December 2008) extending the authorized measures, including ashore in Somalia.
- 2017 to 2021: IMO Resolution MSC.428(98), adopted 16 June 2017, requires cyber risk in the SMS from the first DoC verification after 1 January 2021, the cyber pillar at the management-system level.
- 2018: BMP5 is published, consolidating the layered self-protection and UKMTO reporting structure for the region.
- 2024: IACS UR E26 and E27 apply to ships contracted for construction on or after 1 July 2024, the cyber pillar at the newbuilding-design level.
The order matters because the later pillars assume the earlier ones. The cyber requirement was written into the safety-management system the ISM Code already required, and the SUA Convention sits under all of them as the criminal-law floor, which is why a single security incident can engage a 1988 treaty, a 2004 code, and a 2024 class rule at once.
Physical and port-facility security: the ISPS Code
The first pillar is the oldest in its modern form, and it was written fast. After the attacks of 11 September 2001 the IMO held a Diplomatic Conference on Maritime Security in December 2002, adopted new SOLAS Chapter XI-2 (Special measures to enhance maritime security) and the International Ship and Port Facility Security Code, and brought both into force on 1 July 2004, an eighteen-month turnaround that is fast for a treaty instrument. The Code has a mandatory Part A and a recommendatory Part B, and it covers both ends of the ship/port interface: the ship and the port facility that serves it. The detail of the instrument sits in the SOLAS Chapter XI-2 maritime security article and the ISPS Code article; this hub gives the shape.
The Code’s logic is risk-based, not prescriptive. It does not list a fixed set of barriers every ship must build; it requires each ship and each port facility to assess its own threats and vulnerabilities and to set proportionate measures, then to declare a security level against the assessed threat. That is the gear that makes the system flexible: a port can move from level 1 to level 2 when intelligence warrants it, and every ship in the port must match the higher level. The ISPS port-facility security level calculator frames that level declaration, and the ISPS Code calculator works the compliance check.
Security levels 1, 2, and 3
The three security levels are the spine of the ISPS system, and they are set by the contracting government, not chosen by the ship. Security level 1 is the normal operating state: the minimum protective and security measures maintained at all times, controlled access, monitored decks, checked stores. Security level 2 is heightened: additional measures held for a period when the government assesses a raised risk of a security incident, tighter access control, more frequent patrols, restricted areas widened. Security level 3 is exceptional: the further measures held for a limited period when a security incident is probable or imminent, even where the specific target is unknown, which can mean suspending cargo work, restricting movement to identified personnel, or readying the ship to leave.
A ship always operates at the higher of its own assigned level and the level of the port facility it occupies, and a move to a higher level must be acknowledged and acted on within the time the plan sets. The cost of a level change is real: at level 3 a container terminal can halt gate operations, and a ship can lose a tide. The level system is the mechanism that lets the cost rise only when the assessed threat rises, rather than building permanent level-3 measures into every normal call.
The security plan, the officers, and the SSAS
Every ship the Code covers carries an approved ship security plan and a designated ship security officer (SSO) who runs it on board, answerable to the master. Ashore, the company security officer (CSO) owns the ship security assessment, gets the plan approved, and arranges the verification audits that lead to the International Ship Security Certificate (ISSC), the document a port-state control officer asks for first on the security side. On the terminal side the port facility security officer (PFSO) is the counterpart, running the port facility security plan. The three officers are the human spine of the Code: the assessment, the plan, the audit, the certificate.
The hardware spine is the ship security alert system (SSAS), required by SOLAS Chapter XI-2 Regulation 6. The SSAS is a covert alarm: when activated, it sends a security alert that identifies the ship and its position to a shore authority the flag state designates, without raising any alarm on board and without alerting anyone in the vicinity, so a master under duress can signal an attack without the attackers knowing. It is deliberately silent at the ship end, which is what separates it from the GMDSS distress alert that announces itself. The SSAS is the ship’s last line when access control has failed and a boarding is under way, and it ties the physical pillar to the response side of the war-risk pillar when the attack is a piracy attack.
The Declaration of Security and the certification chain
When a ship and a port facility cannot agree that their security arrangements match, they sign a Declaration of Security (DoS): a written agreement that records the security measures each side will apply for the duration of an interface, who is responsible for each, and the security levels in force. The DoS is required when the two parties operate at different levels, when the ship interfaces with a facility or another ship that raises the assessed risk, or when a contracting government decides the threat warrants it. It is a short document, but it is the instrument that forces the ship and the terminal to state their measures to each other rather than assume the other side is covered, which matters most when a level-2 ship works a level-1 berth.
The certification chain behind the physical pillar runs from assessment to certificate. The company security officer commissions the ship security assessment, an on-scene survey of the ship’s vulnerabilities, and from it the ship security plan is drafted, submitted to the administration or a recognized security organization (RSO), and approved. An initial verification audit then confirms the ship matches its approved plan, and the International Ship Security Certificate is issued for up to five years, with an intermediate verification between the second and third anniversary. A port-state control officer who finds the ISSC expired, the plan not implemented, or the SSAS inoperative has grounds to detain the ship, which is what gives the paper chain its teeth: the certificate is the entry ticket to the port, and a lapse stops the cargo.
Cyber security: MSC.428(98) and the class rules
The second pillar is the newest, and it closed a gap that had been open as long as ships carried computers. For years the safety-management system that the ISM Code requires said nothing about the integrity of the navigation, propulsion, and cargo systems that run on software. IMO Resolution MSC.428(98), adopted on 16 June 2017, fixed that by requiring cyber risks to be appropriately addressed in the safety-management system, with a deadline of the first annual verification of the company’s Document of Compliance after 1 January 2021. The detail sits in the maritime cyber security cluster hub; the shape is that cyber risk became an auditable part of the SMS, enforced through the existing ISM audit machinery rather than through a new certificate.
MSC.428(98) is a duty to manage the risk, not a list of controls. The supporting guidance, IMO MSC-FAL.1/Circ.3, gives the method: five functional elements drawn from the wider cyber-risk discipline, identify, protect, detect, respond, and recover, that a company folds into its existing risk-management process. The strength of that approach is that it applies to every ship under the ISM Code without waiting for a fleet to renew; the limit is that it sets no minimum technical standard, so two compliant ships can have very different defenses.
OT against IT, and the systems at risk
The distinction that makes maritime cyber risk different from office cyber risk is operational technology against information technology. IT is the business side: email, crew records, cargo documents, the systems whose worst-case failure is data loss. OT is the control side: the systems that steer, drive, and load the ship, the ECDIS, the integrated bridge, the engine and power-management controllers, the ballast and cargo-control systems. A compromise of OT can move the rudder or trip the main engine, so the consequence is physical, not just financial, which is why the cyber pillar reaches back into the safety case rather than sitting in the IT department.
The specific exposures are well documented. ECDIS runs on commercial operating systems and takes chart and position updates from external media and networks, a route for malware. The Global Positioning System (GPS) and the wider GNSS can be jammed (denied) or spoofed (fed a false position), and spoofing has been observed in the eastern Mediterranean, the Black Sea, and the Arabian Gulf, feeding a bridge a position that is wrong by miles. The Automatic Identification System (AIS) transmits in clear and can be spoofed to create ghost vessels or hide a real one. Each of these is an OT-adjacent navigation input, which is why the cyber pillar and the high-risk-area pillar meet: GNSS spoofing clusters in the same contested waters where the war-risk premium applies.
IACS UR E26 and E27 for newbuildings
The class societies closed the technical-standard gap for new ships. IACS published Unified Requirements E26 (cyber resilience of ships) and E27 (cyber resilience of on-board systems and equipment), and the revised versions apply to ships contracted for construction on or after 1 July 2024. UR E26 treats the ship as a system: the network design, the segregation, the integration of computer-based systems delivered by many suppliers into one platform that has to stay safe. UR E27 treats the components: the controllers, sensors, and networked equipment, with requirements the equipment maker must meet. Together they put a minimum cyber-resilience standard into the class survey for newbuildings, the standard MSC.428(98) deliberately left open.
The two instruments stack rather than overlap. MSC.428(98) is an operating duty on the management system that applies to the ship in service, whatever its age; E26 and E27 are design-and-construction requirements that apply only to ships contracted on or after the cut-off. An owner of a 2015-built bulker meets the cyber pillar through the SMS alone; an owner taking delivery of a 2026 newbuilding meets it through the SMS and the class-surveyed E26/E27 build standard. The IACS UR E26 calculator and the IACS UR E27 calculator frame the newbuilding side, and the RINA cyber-resilience calculator works a class-notation approach.
The five functional elements in practice
MSC-FAL.1/Circ.3 does not hand a ship a checklist of products; it hands the company a method built on five functional elements, and reading them in order shows what a compliant SMS actually does. Identify comes first: list the systems, assets, data, and services whose disruption would put the ship, the crew, or the environment at risk, which forces a company to map the OT estate it often did not have a register for. Protect follows: the access controls, network segregation, removable-media policy, and update regime that reduce the chance of a successful compromise. Detect is the monitoring layer that catches an intrusion in progress rather than after the fact.
The last two elements are the ones that turn a security event into a survivable one. Respond is the plan for what the crew does when a system is compromised: the fallback to manual steering and paper charts, the isolation of an infected network segment, the call to the company and the supplier. Recover is the return to normal service, the restore-from-backup and re-verification that the system is clean before it is trusted again. The five elements are deliberately the same ones the wider cyber-risk discipline uses, so a company can fold them into an existing risk-management process rather than build a parallel one, which is the point of writing the requirement into the SMS rather than into a standalone code.
Why the navigation inputs are the soft target
The reason ECDIS, GPS, and AIS sit at the center of maritime cyber risk is that they are trusted inputs the bridge acts on without independent confirmation. A position spoof on GNSS does not announce itself: the receiver reports a clean fix, the ECDIS plots a confident track, and the watch officer steers to a position that is wrong by miles, which is the failure mode behind the spoofing observed in the eastern Mediterranean, the Black Sea, and the Arabian Gulf. The defense is not a single product but the habit of cross-checking the electronic position against radar ranges, visual bearings, and the echo sounder, the same redundancy a navigator was trained on before GNSS existed.
AIS is the second soft input because it broadcasts in clear with no authentication. A spoofed AIS target can place a ghost vessel in a strait or erase a real one from a screen, and a ship that conceals its position by switching AIS off, common on sanctioned-trade voyages, removes itself from the collision-avoidance picture other ships rely on. The cyber pillar does not treat AIS as a security control to harden so much as a data source to distrust, which is why BMP-style transit guidance and the cyber discipline meet on the same advice: confirm what the screen says against what the eyes and the radar say.
War risk and high-risk-area transit
The third pillar is the one with no IMO code behind it, because it is run by the insurance market and by industry self-help rather than by treaty. War risk is excluded from a standard marine hull or cargo policy: the perils of war, civil war, piracy, terrorism, capture, mines, and related causes are written out of the ordinary cover and bought back separately as war-risk insurance. The mechanics of the cover sit in the war risks insurance article; the geography of where it bites sits in the war risk and high-risk areas cluster hub and the maritime piracy and BMP article.
The trigger for the extra cost is geographic. The London market’s Joint War Committee (JWC), drawn from the Lloyd’s Market Association and the International Underwriting Association, publishes the Hull War, Piracy, Terrorism and Related Perils Listed Areas: the zones it judges to carry enhanced risk. A voyage into a Listed Area requires the owner to notify underwriters and triggers an additional premium, negotiated voyage by voyage between owner and underwriter, because the JWC publishes the list but sets no rate. At the September 2024 review the Listed Areas covered Middle East waters including the Red Sea and parts of the Gulf, the Gulf of Guinea, and other zones, and the list moves with the threat. The war-risk additional premium calculator prices that voyage add-on.
BMP5 and UKMTO reporting
The self-help half of the pillar is Best Management Practices and the reporting structure behind it. BMP5, published in June 2018 as Best Management Practices to Deter Piracy and Enhance Maritime Security in the Red Sea, Gulf of Aden, Indian Ocean and Arabian Sea, is the layered self-protection guide produced by the Round Table of international shipping associations (BIMCO, ICS, INTERTANKO, INTERCARGO, and OCIMF): plan the passage to avoid the worst water, harden the ship so a boarding party cannot get aboard quickly, keep speed and freeboard up because skiffs struggle against both, and build a citadel the crew can retreat to. The BMP5 piracy transit calculator frames the speed-and-routing side, and the Gulf of Guinea transit calculator handles the different threat pattern off West Africa.
The reporting structure runs through UK Maritime Trade Operations (UKMTO), the Royal Navy cell that acts as the first point of contact for merchant ships in the region. UKMTO administers a Voluntary Reporting Area shown on UKHO chart Q6099; a ship entering it is asked to send an initial report, daily position-course-speed reports, a final report on exit or arrival, and an immediate report of any suspicious approach or attack. The reporting is what turns one ship’s sighting into a regional warning and lets naval forces respond, which is why BMP treats reporting as a core measure rather than an optional courtesy.
How the additional premium is built
The additional war-risk premium (AWRP) is the number that puts a price on a Listed-Area transit, and it is not a flat fee. The premium is a rate, expressed as a percentage of the insured value of the ship, applied for a transit and usually for a stated period such as seven days, after which a fresh charge applies if the ship is still in the area. So a higher hull value, a longer time in the zone, and a sharper threat all push the figure up, and a ship that lingers off a contested coast pays more than one that transits and clears. The war-risk additional premium calculator works that rate-times-value-times-time structure for a given voyage.
The mechanics give the owner a reason to plan the transit rather than drift into it. Notifying underwriters before entry is a policy condition, not a courtesy, and a ship that enters a Listed Area without notice can find the cover in question when it is most needed. The premium also feeds straight into the commercial side of the voyage: on a voyage charter the owner carries the AWRP out of the freight, while many charter parties shift war-risk costs to the charterer through a war-risk clause, so the question of who pays the premium is a charter-party question as much as an insurance one. A Red Sea diversion around the Cape trades the AWRP against the extra bunkers and time of the longer route, which is the calculation an owner runs before each high-risk transit.
Ransom of the ship against ransom of the crew
The two main piracy patterns differ in what the attacker takes, and the difference reshapes the defense. The Somali model that drove the 2008 to 2014 wave was ransom of the ship: a boarding party seized the whole vessel, sailed it to an anchorage off the Somali coast, and held ship, cargo, and crew until a payment was made, which is why the citadel, a fortified space the crew retreats to so they cannot be taken hostage, became the central BMP measure. Deny the attacker the crew and the ransom hold collapses, even with the ship in their hands.
The Gulf of Guinea model inverts that. There the attacker boards, takes a handful of officers off the ship, and ransoms the people ashore while the ship sails on, so a citadel that keeps the crew aboard is the whole defense and the loss of the ship is not the attacker’s aim. The kidnap-for-ransom pattern is why the West Africa guidance stresses speed, freeboard, and a hardened citadel over the convoy and naval-escort tactics that worked in the Gulf of Aden, and why the Gulf of Guinea transit calculator frames a different precaution set from the Indian Ocean tool. The kidnap-and-ransom exposure is also why crew-focused cover, not just hull cover, sits in the war-risk picture for West Africa.
The four chokepoints
The high-risk geography clusters at four named waters, and each carries a different threat. The Gulf of Aden and the wider Indian Ocean off Somalia drove the original Somali-piracy response from 2008, kidnap-of-ship-for-ransom by skiff, which the naval presence and BMP measures pushed down by the mid-2010s. The Gulf of Guinea off West Africa runs a different pattern, kidnap-of-crew-for-ransom, where attackers board, take a few officers ashore, and ransom the people rather than the ship, which is why the West Africa guidance differs from the Indian Ocean guidance. The Strait of Hormuz, about 21 nautical miles wide at its narrowest at the mouth of the Gulf, carries state-level seizure and harassment risk tied to regional tension rather than piracy. The Red Sea and the Bab-el-Mandeb carried drone and missile attack on merchant shipping through 2024, a war-risk peril that pushed Red Sea premiums up and diverted traffic around the Cape. The chokepoints also tie this hub to the canals and straits article, which covers the same waters from the navigation and routing side.
| Chokepoint | Threat type | Key fact |
|---|---|---|
| Gulf of Aden and Indian Ocean off Somalia | Kidnap-of-ship-for-ransom by skiff | Drove the original Somali-piracy response from 2008; naval presence and BMP measures pushed it down by the mid-2010s |
| Gulf of Guinea off West Africa | Kidnap-of-crew-for-ransom | Attackers board, take a few officers ashore, and ransom the people while the ship sails on, so a citadel that keeps the crew aboard is the whole defense |
| Strait of Hormuz | State-level seizure and harassment | About 21 nautical miles wide at its narrowest; the only sea gate out of the Gulf, so avoiding it means avoiding the whole Gulf trade |
| Red Sea and Bab-el-Mandeb | Drone and missile attack on merchant shipping | Peaked through 2024; the Cape diversion added roughly 3,000 to 3,500 nautical miles and ten to fourteen days, lifting Red Sea war-risk premiums |
The four waters share one feature that makes them dangerous beyond the threat itself: they are chokepoints with no real alternative. The Bab-el-Mandeb is the only sea gate between the Red Sea and the Indian Ocean, the Strait of Hormuz the only one out of the Gulf, so a ship that wants to avoid them avoids a whole trade, not just a leg. That is why a Red Sea threat in 2024 did not stop the cargo so much as reroute it: the Asia-to-Europe trade swung around the Cape of Good Hope, adding roughly 3,000 to 3,500 nautical miles and ten to fourteen days to a typical voyage, trading the war-risk premium and the missile risk against the extra bunkers, the extra hire, and the slip in schedule reliability. The diversion is the clearest case of the security pillar driving a commercial decision, and it is why the war-risk additional premium calculator is read beside a voyage estimate rather than in isolation.
Where the three pillars meet
The pillars are administered apart and applied together, and three intersections matter. Piracy sits in both the physical pillar and the war-risk pillar: it is a security incident the SSAS and the ship security plan address, and it is a peril the war-risk policy covers and the JWC Listed Areas price. GNSS spoofing sits in both the cyber pillar and the high-risk-area pillar: it is an OT-navigation compromise MSC.428(98) reaches, and it clusters in the contested waters where the war-risk premium applies. The ship security alert system sits in both the physical pillar and the response side of the war-risk pillar: it is the covert alarm of SOLAS XI-2 Regulation 6 and the trigger that brings UKMTO and naval forces to a ship under attack.
This is the reason the subject is treated as one. A master does not experience three separate compliance regimes; the master experiences one voyage in which the access control, the SMS cyber measures, the war-risk cover, and the UKMTO reporting all have to be right at the same time. The three cluster hubs below carry the detail of each pillar, and the calculators price the parts that have a number attached.
A fourth thread runs under all three: the criminal law that names the conduct an offense. The 1988 SUA Convention requires its parties to make seizing a ship, performing an act of violence against people on board, or destroying or damaging a ship a criminal offense, and to prosecute or extradite an offender found in their territory. It is the legal answer to the question the other three pillars leave open: once an attacker is caught, who tries them. The ISPS Code hardens the ship, the war-risk policy pays for the loss, and BMP and UKMTO bring the navy, but it is the SUA framework, read with national piracy law and the UN Convention on the Law of the Sea, that turns a captured pirate into a defendant rather than a released one. The naval force itself rested on UN Security Council Resolutions 1816 and 1851 of 2008, which authorized cooperating states to enter Somali territorial waters and then to take measures ashore, but those resolutions addressed the use of force, not the prosecution that has to follow a capture. The recurring weakness in the Somali response was not the lack of naval force but the lack of a willing prosecuting state, which is why the legal pillar matters as much as the operational ones, and why this hub keeps the SUA Convention 1988 in view alongside the security codes.
How the three cluster hubs fit together
The first cluster hub, ISPS and port-facility security, carries the physical pillar in full: the structure of SOLAS Chapter XI-2 and the ISPS Code, the security-level system, the ship and company security officers, the ISSC certification chain, the ship security plan, the SSAS, and the port-facility side of the interface. It is where the ISPS Code and SOLAS Chapter XI-2 detail articles sit, and it links to the ISPS and SSAS calculators.
The second, maritime cyber security, carries the digital pillar: the MSC.428(98) requirement and its 2021 deadline, the MSC-FAL.1/Circ.3 five-element method, the OT-against-IT distinction, the ECDIS, GPS, GNSS, and AIS exposures, and the IACS UR E26 and E27 newbuilding standard. It links the cyber calculators that frame the class-resilience side.
The third, war risk and high-risk areas, carries the transit pillar: war-risk insurance and the war exclusion in standard cover, the Joint War Committee Listed Areas and the additional premium, BMP5 and the layered transit protection, UKMTO reporting and the Voluntary Reporting Area, and the four chokepoint geographies. It is where the war risks insurance and maritime piracy and BMP detail articles sit, and it links the war-risk-premium and piracy-transit calculators.
The subject also sits beside the trade and logistics side of the commercial domain, because a security incident is also a commercial event. A seizure in the Strait of Hormuz or a Red Sea diversion changes the voyage estimate, the laytime exposure, and the cargo-insurance position, which ties this hub to the freight forwarding and Incoterms chain and to the SUA Convention 1988, the treaty that makes acts of violence against shipping a crime states must prosecute, the legal backstop behind the whole security subject.
Limitations
This hub maps the three pillars of maritime security and the instruments that govern them; it is not the ISPS Code text, the IMO resolution, the IACS Unified Requirements, or any war-risk policy wording. The ISPS Code’s measures are risk-based and set ship by ship and facility by facility, so the controlling documents are the approved ship security plan and port facility security plan, not the generic description of the Code. The security levels are set by the contracting government against intelligence this hub cannot anticipate, and a level can change without notice.
The cyber pillar is described at the level of the governing instruments. MSC.428(98) requires cyber risk to be addressed in the safety-management system but sets no minimum technical control, so two compliant ships differ; the controlling standard for a given ship is its own SMS and, for a newbuilding, the E26/E27 build specification surveyed by its class society. The dates stated here, ISPS in force 1 July 2004, MSC.428(98) from the first DoC verification after 1 January 2021, and E26/E27 for ships contracted on or after 1 July 2024, are the entry-into-force or application dates of the instruments, not the date any individual ship achieved compliance.
The war-risk pillar is governed by an insurance market, not by regulation, so the Joint War Committee Listed Areas and the additional premiums move with the threat and the underwriting view; the list cited here reflects the position at the September 2024 review and is superseded by each later review. The chokepoint threat patterns described, Somali-basin ship ransom, Gulf of Guinea crew kidnap, Hormuz seizure, Red Sea drone and missile attack, are the documented patterns of recent years and change with the security situation. None of the linked calculators replaces a war-risk quotation from underwriters, a security assessment from a recognized security organization, or current routing and threat advice from UKMTO and the naval forces in the area.
See also
- ISPS and port-facility security: SOLAS Chapter XI-2, the ISPS Code, security levels 1 to 3, the SSO, CSO, ISSC, and SSAS.
- Maritime cyber security: MSC.428(98), MSC-FAL.1/Circ.3, OT against IT, ECDIS/GPS/AIS exposure, and IACS UR E26/E27.
- War risk and high-risk areas: war-risk insurance, the JWC Listed Areas, BMP5, UKMTO, and the four chokepoints.
- ISPS Code: the international ship and port facility security instrument in detail.
- SOLAS Chapter XI-2 maritime security: the special measures to enhance maritime security.
- War risks insurance: the war exclusion, the buy-back cover, and the additional premium.
- Maritime piracy and BMP: the piracy threat and the Best Management Practices response.
- SUA Convention 1988: the treaty criminalizing unlawful acts against shipping.
- Canals and straits: the chokepoints from the navigation and routing side.
- Freight forwarding and Incoterms: how a security event reshapes the trade chain and the cost stack.
- War-risk additional premium calculator: the AWRP for a Listed-Area transit.
- BMP5 piracy transit calculator: the transit speed and routing under BMP.
- Gulf of Guinea transit calculator: the West Africa kidnap-for-ransom precautions.
- ISPS port-facility security level calculator: the security-level declaration.
- ISPS Code calculator: the ISPS compliance check.
- IACS UR E26 calculator: the newbuilding ship cyber-resilience requirement.
- IACS UR E27 calculator: the newbuilding equipment cyber-resilience requirement.
- RINA cyber-resilience calculator: a class-notation cyber-resilience approach.