Maritime Cyber Baseline Certification Scheme

The Maritime Cyber Baseline
Certification Scheme

The Maritime Cyber Baseline Certification Scheme has been designed to assist vessel operators and owners to improve their cyber security, prepare for attacks and to ensure that cyber security plans meet the IMO Maritime Cyber Risk Guidelines:

  • Provides reassurance for your business, your crew, passengers, customers and other operators that your vessel has the correct security controls and processes in place.
  • Aligns with the IMO Maritime Cyber Risk Management guidelines and makes evident your true commitment to best security practices.
  • Indicates that you have a baseline level of cyber assurance.
  • Provides the ability to demonstrate your compliance by displaying a Maritime Cyber Baseline certificate on your vessel and on any business communications.

IASME is launching the Maritime Cyber Baseline certification scheme on 24th November. This scheme allows vessels of all sizes to achieve a basic level of cyber security in line with the IMO Maritime Cyber Risk Management. The scheme is operated by trained Certification Bodies who are maritime security experts and can provide guidance and support to vessel owners and operators to improve the security of their vessels through implementing good cyber security controls.

Certification is available to vessels of all sizes. Smaller vessels under 500 gwt complete the assessment solely using the online portal. Larger vessels 500gwt and over are audited by an assessor either in-person or via a remote video link to verify that all the required security controls have been put into place. Certification is renewed annually, with the in-person assessment taking place every three years. This provides a balance between the cost of the assessment and the level of assurance provided, ensuring that the scheme remains affordable and accessible to all vessel owners and operators.

A route to compliance and improved cyber security

The maritime industry accounts for the movement of 90% of world trade, making it a very attractive target for cyber criminals.

In 2017 the IMO (the International Maritime Organisation) issued ‘Guidelines on Maritime Cyber Risk Management’, providing high-level recommendations to safeguard shipping from current and emerging cyber threats and vulnerabilities, including functional elements that support effective cyber risk management.

The guidelines came into force on 1 January 2021 and maritime organisations, including vessel owners and operators, must now be able to demonstrate that they can execute an effective cyber security plan and address the risks in a way that improves the security of their operations.

Developed by Infosec Partners in conjunction with IASME, the UKs leading information assurance organisation, and supported by RINA (Royal Institution Naval Architects), the Maritime Cyber Baseline Certification scheme provides an affordable and practical way for vessel owners and operators to achieve compliance in accordance with the IMO Maritime Cyber Risk Management guidelines, namely:

  • The International Maritime Organisation (IMO) Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3) and
  • IMO resolution MSC.428 (98).

The rise of maritime OT brings additional cyber challenges

Maritime cyber security risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised.

New technology, automation and digitisation means that vessels are more connected than ever, bringing a higher risk of cyber attacks. In fact over the past 3 years cyber-attacks on the maritime industry’s operational technology (OT) systems have increased by 900%, and with an increase in smart technology within the sector, this trend will only continue.

Therefore securing OT and the complex networks and connected environments is critical for cyber resilience. However, a 2020 Safety at Sea and BIMCO Maritime Cyber Security survey reported that despite the majority of respondents viewing cyber-attacks as a high/medium risk, few appeared to be prepared for attacks.

The Maritime Cyber Baseline Certification Scheme is designed to assist vessel operators and owners to continually improve their cyber security to counter emerging threats and remain cyber resilient. It provides a process of identifying, analysing, assessing cyber-related risks and mitigating them to an acceptable level.

Suitable for vessels of all sizes

The scheme is accessible to owners and operators of vessels of all sizes across the globe, including:

  • Cargo vessels
  • Passenger vessels
  • Yachts
  • Ferries
  • Specialised craft

Simple steps to achieving and maintaining certification

To achieve certification for a vessel, applicants follow a practical pathway:

  • Stage 1: Answer a series of easy-to-understand questions and complete the verified self-assessment using the IASME online platform.
  • Stage 2: An IASME assessor undertakes a review of your systems, processes and collates evidence to verify the answers provided in stage 1. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.
  • Stage 3: once your self-assessment has been verified, you will be officially awarded vessel certification for 3 years.
  • Stage 4: in order to maintain certification, the vessel owner/operator must complete and pass an annual verified self-assessment on the first and second anniversary of the audit to demonstrate their continued compliance.

Developed and supported by Assurance, Maritime
and Cyber Security experts

IASME Consortium

The Maritime Cyber Baseline scheme is managed and operated by the  IASME CONSORTIUM

IASME Consortium is a cyber security certification organisation that operates a network of over 250 Certification Bodies across the UK who improve and certify the cyber security of organisations. IASME has a particular focus on making cyber security guidance and certification affordable for smaller organisations and champions diversity through its neuro and gender diverse team.

IASME is the sole partner for the UK government to operate the national Cyber Essentials scheme. IASME’s own highly-regarded Governance, Counter Fraud and IoT device certification schemes have been developed to provide a unique combination of affordable security across a range of sectors.

Royal Institution of Naval Architects Crest

Supported by RINA (Royal Institution Naval Architects), an internationally renowned professional institution whose members are involved at all levels in the design, construction, maintenance and operation of marine vessels and structures.

As trusted experts in cyber security, Infosec Partners have a proven track record in helping maritime and shipping organisations become cyber secure. Our maritime cyber security experts are available to advise you on how your systems and processes can be adapted in order to safeguard against current and emerging threats, and meet the IMO compliance standards.

Maritime Cyber Risk Compliance

Find out more about the Maritime Cyber Baseline

Please leave a few contact details and one of our Trusted Advisors will get back to you. Or call us to speak with someone immediately:

+44 845 257 5903

maritimecyberbaseline@infosecpartners.com