Launch of the International Maritime Cyber Security Organisation


A new non-profit organization, the International Maritime Cyber Security Organisation (IMCSO), has been established with the goal of enhancing the standard of cybersecurity risk assessment in the maritime industry.

Certification Programme and Professional Register

IMCSO has introduced a certification program for security consultants and created a professional register to aid shipping organizations in selecting qualified personnel. The organization also plans to standardize and validate cyber report outputs, storing these reports in a central database to ensure consistency.

Importance of Cybersecurity in the Maritime Industry

Campbell Murray, CEO of IMCSO, highlighted that the International Maritime Organisation (IMO) mandates shipping companies to implement measures to protect their onboard safety management systems and to regularly audit them. The resulting maritime cybersecurity industry, however, has shown variability in assessing systems and interpreting standards.

Challenges in Current Practices

Ship captains often lack the time to accompany cyber auditors during assessments. Additionally, the use of varied assessment methodologies leads to complexity, overheads, and delays in providing risk and technical audit results to port authorities and insurers.

IMCSO’s Objectives and Solutions

IMCSO aims to address these issues by equipping the security industry to conduct tests in a safe, appropriate, and uniform manner. This will enable the sector to benchmark compliance and streamline processes.

Cyber Certification Scheme

The IMCSO Maritime Standard cyber certification scheme offers training across four disciplines. Cyber professionals can qualify as Offensive Security Practitioners or Maritime Cyber Security Specialists, with additional specializations in Secure by Design and Cloud Security.

Authorized Supplier Registry

The registry will document approved cybersecurity suppliers within the maritime cybersecurity specialty. Applicant organizations must meet certification and accreditation standards such as ISO 27001 and ISO 9001. Shipping companies can search the database for personnel with specific domain expertise and location.

Risk Register Database

IMCSO will maintain a risk register database containing the results of ship assessments and audits. This will enable relevant parties to access the cyber risk profile of any given vessel. The standardization of report outputs aims to prevent confusion arising from different reporting methodologies and provide a uniform approach to eliminate ambiguity.

Building a Sharable and Searchable Dataset

Standardized vessel-by-vessel data will allow IMCSO to create a sharable and searchable dataset. This will enable the organisation to track trends in cyber risk and inform the IMO, shipbuilders, insurers, and management companies of these trends.

Benefits of IMCSO Validation

Caroline Yang, President of the Singapore Shipping Association (SSA), noted that IMCSO’s independent validation of cybersecurity professionals will streamline the selection process, ensuring the onboarding of personnel with the requisite experience. This will facilitate compliance with the IMO mandate and prove an invaluable resource.

By setting high standards and offering consistent, reliable data, IMCSO aims to improve cybersecurity practices across the maritime industry.

Did you subscribe to our daily Newsletter?

It’s Free! Click here to Subscribe

Source: Smart Maritime Network