Brian Sims
Editor

IMCSO focused on elevating cyber security standards in maritime sector

Posted to News on Tuesday, June 18, 2024 Share:

THE INTERNATIONAL Maritime Cyber Security Organisation (IMCSO) has been launched in a bid to raise the standard of cyber security risk assessment across the maritime industry. Indeed, the IMCSO has devised a certification programme for security consultants and a professional register, in turn helping shipping organisations to confidently select experienced personnel.

Alongside this, the IMCSO will also validate report outputs to ensure consistency, with those reports then being held on a central database and made accessible to the authorities and those third parties who need to determine with certainty the risk status of a given vessel.

Campbell Murray, CEO at the IMCSO, observed: “Cyber security has been mandated by the International Maritime Organisation, which requires shipping companies to implement measures to protect their onboard safety management systems and regularly audit them.”

Murray continued: “However, the change in legislation has given rise to a new maritime cyber security industry that has proven to be variable in its approach to assessing systems and interpreting the standards. Often, the captains of vessels don’t have the time to escort cyber auditors for these assessments. This issue is further compounded by a variety of assessment methodologies used to provide risk and technical audit results for port authorities and insurers, duly leading to needless complexity, overheads and delays.”

According to Murray: “It’s these issues that the IMCSO aims to address by equipping the security industry to conduct the necessary tests in an appropriate, safe and uniform manner, thereby enabling the sector to benchmark compliance.”

Cyber certification

The IMCSO’s Maritime Standard cyber certification scheme offers training across four disciplines. Cyber professionals who take the examination can qualify as an offensive security practitioner or maritime cyber security specialist, while also being able to focus their attentions on specific fields including Secured by Design and cloud security.

An authorised supplier registry will be made available by the IMCSO and act as a record of approved cyber security suppliers within the maritime cyber security speciality. Applicant organisations will need to meet certain certification and accreditation standards such as ISO 27001 and ISO 9001 as well as strict certification criteria.

In addition to profiling the organisation, the register is also designed to reference the individual qualifications of those they employ. Shipping companies can then search the database to look for personnel experienced in a specific domain and location.

A risk register database will be maintained by the IMCSO and play host to the results of ship assessments and audits, duly enabling relevant parties to access the cyber risk profile of any given vessel.

The IMCSO is going to standardise report outputs to prevent the confusion that can arise from using different methodologies. Adopting this uniform approach will eliminate any ambiguity over report findings, making it much easier for the consumers of this information (eg port authorities and insurance providers) to consider a vessel’s cyber risk.

Moreover, the standardised vessel-by-vessel data will allow for the building of a sharable and searchable dataset that enables the IMCSO to track trends in cyber risk. It will be used to inform the International Maritime Organisation, ship builders, insurers and management companies of such trends and provide a valuable and currently absent service to other service and insurance providers.

Simplified risk assessment processes

“The IMCSO promises to simplify the risk assessment process and afford third parties the information they need to accurately determine risk,” stated Kaela Bermeister, the captain of a private yacht. “This will result in more accurate cyber insurance policies, for instance, while the ability to use the report data to track cyber trends may help the sector to become more resilient. We look forward to using the IMCSO’s database to help our clients.”

Caroline Yang, president of the Singapore Shipping Association (a Trade Association representing the interests of over 500 Singapore-based companies) noted: “The independent validation of cyber security professionals offered by the IMCSO will help our members to select cyber security testers in a much more efficient way, ensuring they only allow on board those personnel with the requisite experience. It will make it much easier to comply with the International Maritime Organisation’s mandate and prove to be an invaluable resource.”

*Further information is available online at www.imcso.org

Company Info

WBM

64 High Street, RH19 3DE
EAST GRINSTEAD
RH19 3DE
UNITED KINGDOM

03227 14

Related Topics
Cloud Security
IMCSO
Insurers
International Maritime Cyber Security Organisation
International Maritime Organisation
ISO 27001
ISO 9001
Secured by Design
Singapore Shipping Association
Related Articles
Latest Webinars
Biometric access control: are fingerprint cards the future?
Biometric access control: are fingerprint cards the future?
Bandweaver signposts webinar on optical fiber for perimeter security
Video Surveillance: Exploring New Horizons
Perimeter Intruder Detection Solutions
Related Resources
Cyber risk facing UK “widely underestimated” warns head of NCSC
Security Matters Podcast – Episode 32 now live to view
Security Matters Podcast – Episode 31 now live to view
Latest News
“UK should consider paying whistleblowers” observes Think Tank RUSI
Government outlines new action to tackle youth radicalisation
Amulet wins Docklands Light Railway security contract

Login / Sign up