Don't rock the boat with poor cyber security

NEW CYBER SECURITY SCHEME, SUPPORTED BY THE ROYAL INSTITUTION OF NAVAL ARCHITECTS, WILL HELP PREPARE THE MARITIME INDUSTRY FOR THE INCREASING CYBER THREAT TO SHIPPING.


The maritime industry accounts for the movement of 90% of world trade, making it very attractive for cyber criminals. Over the past three years cyber-attacks on shipping have increased by 900%.


The digitisation of the maritime sector and the development of autonomous vessels means the cyber security risk to shipping is likely to increase and few vessels are sufficiently prepared for an attack, despite the 2020 Safety at Sea and BIMCO Maritime Cyber Security survey reporting that despite most respondents do see cyber-attacks as a significant risk.


Developed by IASME and supported by The Royal Institution of Naval Architects (RINA), the IASME Maritime Cyber Baseline scheme launching today will help shipping operators and vessel owners to improve their cyber security and align with the IMO Maritime Cyber Risk Management guidelines.


The scheme is open to vessels of all sizes and classifications, including yachts, commercial, passenger ships and merchant vessels. It provides an affordable and practical way for operators and owners to improve their cyber security to counter emerging threats and to reduce the likelihood of a cyber-attack disrupting their day-to-day operations. The scheme has been developed in partnership with maritime experts Infosec Partners.


The IASME Maritime Cyber Baseline scheme enables shipping operators and vessel owners to reassure supply chain partners, passengers, flag and port authorities that a vessel has the suitable cyber security controls and processes in place. They can demonstrate compliance through an IASME Maritime Cyber Baseline digital certificate that can be displayed onboard a vessel and in any business communications.


Chris Boyd, Chief Executive of The Royal Institution of Naval Architects, said:

“The Royal Institution of Naval Architects are delighted to be supporting IASME’s new maritime cyber security scheme and recognise it as an effective way for operators and owners to improve the security of their vessels. The maritime sector is a vital part of the global economy; RINA and its members play a key part in ensuring the vessels are secure throughout their lifecycle. We encourage all those involved in the sector to look at IASME Maritime Cyber Baseline as a practical way to reduce the disruptive impact of cyber-attacks.”

Dr Emma Philpott MBE, CEO of IASME said:

“We are really excited to be tackling the difficult issue of cyber security within shipping with our new Maritime Cyber Baseline scheme. IASME has revolutionised the approach to cyber security within businesses through our IASME Governance certification and most recently has worked with the Civil Aviation Authority to deliver their cyber security audit scheme for the aviation sector. We look forward to getting directly involved with shipping operators and owners to improve their security and get them certified to the new scheme”

How does the scheme work?

The scheme is focussed on a set of core security controls that have maximum impact on cyber security and give the best return on the effort and investment in their implementation. It has two stages of assurance:

· Verified self-assessment = basic level of assurance

· Audited = higher level of assurance

The controls that must be put in place onboard are the same for both levels of assurance.

Verified self-assessment

The verified self-assessment requires ship owners/operators to answer a series of questions about their vessel using the IASME secure online portal. The owner is required to sign a declaration attesting that the answers to the questions are accurate. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.


Audited

The audited stage involves a review of systems, processes and to verify the answers provided in the self-assessment. This level must be completed by all vessels 500 gwt or over to achieve certification.

If the vessel passes the assessment, it is awarded Maritime Cyber Baseline certification. To maintain certification, an annual verified self-assessment must be completed on the first and second anniversary of the audit to demonstrate continued compliance.

Smaller vessels under 500 gwt are required to complete the verified self-assessment stage only to achieve certification. The cost is £750 + VAT

All vessels of 500 gwt or over are required to complete both the verified self-assessment stage and the audited stage to achieve certification. The cost is £1950 +VAT.


For more information about the scheme go to https://iasme.co.uk/maritime-cyber-baseline/about-maritime-cyber-baseline

The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for the South East is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for the South East provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for the South East does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for the South East is not responsible for the content of external internet sites that link to this site or which are linked from it.