“Ship’s captains often do not have the time to escort cyber auditors for these assessments, this is compounded by a variety of assessment methodologies used to provide risk and technical audit results to port authorities and insurers, leading to needless complexity, overheads and delays. It’s these issues that the IMCSO aims to address, by equipping the security industry to conduct these tests in an appropriate, safe and uniform manner, thus enabling the sector to benchmark compliance,” surmises Murray.
The IMCSO Maritime Standard cyber certification scheme offers training across four disciplines. Cyber professionals who take the examination can qualify as an Offensive Security Practitioner or Maritime Cyber Security Specialist in addition to specific fields including Secure by Design and Cloud Security.
An authorised supplier registry will also be made available by the IMCSO and will act as a record of approved cyber security suppliers within the maritime cyber security speciality. Applicant organisations will need to meet certain certification and accreditation standards such as ISO 27001 and ISO 9001 as well as strict certification criteria. In addition to profiling the organisation, the register will also reference the individual qualifications of those they employ. Shipping companies can then search the database to look for personnel experienced in a specific domain and location.
Additionally, the IMCSO creates a central database with standardised reports on ship cybersecurity assessments. This eliminates confusion caused by different reporting styles, making it easier for port authorities and insurers to understand a vessel’s cyber risk. Similarly, the IMCSO can track industry-wide cyber threats and share insights with organisations like the IMO and shipbuilders, improving overall maritime cybersecurity. This initiative streamlines risk assessment and provides valuable information for various maritime stakeholders.
A risk register database will be maintained by the IMCSO containing the results of ship assessments and audits enabling relevant parties to access the cyber risk profile of any given vessel. The IMCSO will also standardise report outputs preventing the confusion that can arise from using different methodologies. Adopting this uniform approach will eliminate any ambiguity over report findings, making it much easier for the consumers of this information, such as port authorities and insurance providers, to consider a vessel’s cyber risk.
“The IMCSO promises to simplify the risk assessment process and to give third parties the information they need to accurately determine risk. This will result in more accurate cyber insurance policies, for instance, and the ability to use the report data to track cyber trends may help the sector to become more resilient. We look forward to utilising the IMCSO database to help our clients,” stated Captain of Private Yacht, Kaela Bermeister.
“The independent validation of cybersecurity professionals offered by the IMCSO will help our members to select cybersecurity testers in a much more efficient way, ensuring they allow personnel onboard with the requisite experience. It will make it much easier to comply with the IMO mandate and will prove an invaluable resource,” said Ms Caroline Yang, President, Singapore Shipping Association (SSA), a trade association representing the interests of over 500 Singapore-based companies.