A new non-profit organization, the International Maritime Cyber Security Organisation (IMCSO), has been established with the goal of enhancing the standard of cybersecurity risk assessment in the maritime industry.
Certification Programme and Professional Register
IMCSO has introduced a certification program for security consultants and created a professional register to aid shipping organizations in selecting qualified personnel. The organization also plans to standardize and validate cyber report outputs, storing these reports in a central database to ensure consistency.
Importance of Cybersecurity in the Maritime Industry
Campbell Murray, CEO of IMCSO, highlighted that the International Maritime Organisation (IMO) mandates shipping companies to implement measures to protect their onboard safety management systems and to regularly audit them. The resulting maritime cybersecurity industry, however, has shown variability in assessing systems and interpreting standards.
Challenges in Current Practices
Ship captains often lack the time to accompany cyber auditors during assessments. Additionally, the use of varied assessment methodologies leads to complexity, overheads, and delays in providing risk and technical audit results to port authorities and insurers.
IMCSO’s Objectives and Solutions
IMCSO aims to address these issues by equipping the security industry to conduct tests in a safe, appropriate, and uniform manner. This will enable the sector to benchmark compliance and streamline processes.
Cyber Certification Scheme
The IMCSO Maritime Standard cyber certification scheme offers training across four disciplines. Cyber professionals can qualify as Offensive Security Practitioners or Maritime Cyber Security Specialists, with additional specializations in Secure by Design and Cloud Security.
Authorized Supplier Registry
The registry will document approved cybersecurity suppliers within the maritime cybersecurity specialty. Applicant organizations must meet certification and accreditation standards such as ISO 27001 and ISO 9001. Shipping companies can search the database for personnel with specific domain expertise and location.
Risk Register Database
IMCSO will maintain a risk register database containing the results of ship assessments and audits. This will enable relevant parties to access the cyber risk profile of any given vessel. The standardization of report outputs aims to prevent confusion arising from different reporting methodologies and provide a uniform approach to eliminate ambiguity.
Building a Sharable and Searchable Dataset
Standardized vessel-by-vessel data will allow IMCSO to create a sharable and searchable dataset. This will enable the organisation to track trends in cyber risk and inform the IMO, shipbuilders, insurers, and management companies of these trends.
Benefits of IMCSO Validation
Caroline Yang, President of the Singapore Shipping Association (SSA), noted that IMCSO’s independent validation of cybersecurity professionals will streamline the selection process, ensuring the onboarding of personnel with the requisite experience. This will facilitate compliance with the IMO mandate and prove an invaluable resource.
By setting high standards and offering consistent, reliable data, IMCSO aims to improve cybersecurity practices across the maritime industry.
Did you subscribe to our daily Newsletter?
It’s Free! Click here to Subscribe
Source: Smart Maritime Network
