The Maritime Cyber Baseline
The Maritime Cyber Baseline Certification Scheme has been designed to assist vessel operators and owners to improve their cyber security, prepare for attacks and to ensure that cyber security plans meet the IMO Maritime Cyber Risk Guidelines:
- Provides reassurance for your business, your crew, passengers, customers and other operators that your vessel has the correct security controls and processes in place.
- Aligns with the IMO Maritime Cyber Risk Management guidelines and makes evident your true commitment to best security practices.
- Indicates that you have a baseline level of cyber assurance.
- Provides the ability to demonstrate your compliance by displaying a Maritime Cyber Baseline certificate on your vessel and on any business communications.
IASME is launching the Maritime Cyber Baseline certification scheme on 24th November. This scheme allows vessels of all sizes to achieve a basic level of cyber security in line with the IMO Maritime Cyber Risk Management. The scheme is operated by trained Certification Bodies who are maritime security experts and can provide guidance and support to vessel owners and operators to improve the security of their vessels through implementing good cyber security controls.
Certification is available to vessels of all sizes. Smaller vessels under 500 gwt complete the assessment solely using the online portal. Larger vessels 500gwt and over are audited by an assessor either in-person or via a remote video link to verify that all the required security controls have been put into place. Certification is renewed annually, with the in-person assessment taking place every three years. This provides a balance between the cost of the assessment and the level of assurance provided, ensuring that the scheme remains affordable and accessible to all vessel owners and operators.
A route to compliance and improved cyber security
The maritime industry accounts for the movement of 90% of world trade, making it a very attractive target for cyber criminals.
In 2017 the IMO (the International Maritime Organisation) issued ‘Guidelines on Maritime Cyber Risk Management’, providing high-level recommendations to safeguard shipping from current and emerging cyber threats and vulnerabilities, including functional elements that support effective cyber risk management.
The guidelines came into force on 1 January 2021 and maritime organisations, including vessel owners and operators, must now be able to demonstrate that they can execute an effective cyber security plan and address the risks in a way that improves the security of their operations.
Developed by Infosec Partners in conjunction with IASME, the UKs leading information assurance organisation, and supported by RINA (Royal Institution Naval Architects), the Maritime Cyber Baseline Certification scheme provides an affordable and practical way for vessel owners and operators to achieve compliance in accordance with the IMO Maritime Cyber Risk Management guidelines, namely:
- The International Maritime Organisation (IMO) Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3) and
- IMO resolution MSC.428 (98).
The rise of maritime OT brings additional cyber challenges
Maritime cyber security risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.
New technology, automation and digitisation means that vessels are more connected than ever, bringing a higher risk of cyber attacks. In fact over the past 3 years cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900%, and with an increase in smart technology within the sector, this trend will only continue.
Therefore securing OT and the complex networks and connected environments is critical for cyber resilience. However, a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey reported that despite the majority of respondents viewing cyber-attacks as a high/medium risk, few appeared to be prepared for attacks.
The Maritime Cyber Baseline Certification Scheme is designed to assist vessel operators and owners to continually improve their cyber security to counter emerging threats and remain cyber resilient. It provides a process of identifying, analysing, assessing cyber-related risks and mitigating them to an acceptable level.
Suitable for vessels of all sizes
The scheme is accessible to owners and operators of vessels of all sizes across the globe, including:
- Cargo vessels
- Passenger vessels
- Specialised craft
Simple steps to achieving and maintaining certification
To achieve certification for a vessel, applicants follow a practical pathway:
- Stage 1: Answer a series of easy-to-understand questions and complete the verified self-assessment using the IASME online platform.
- Stage 2: An IASME assessor undertakes a review of your systems, processes and collates evidence to verify the answers provided in stage 1. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.
- Stage 3: once your self-assessment has been verified, you will be officially awarded vessel certification for 3 years.
- Stage 4: in order to maintain certification, the vessel owner/operator must complete and pass an annual verified self-assessment on the first and second anniversary of the audit to demonstrate their continued compliance.