Learn how the Maritime Cyber Baseline can help you comply with IMO MSC.428(98)
The IASME Maritime Cyber Baseline provides, through certification, a practical and low cost method for demonstrating compliance to the IMO Maritime Cyber Resolution MSC.428(98).
To support you through the certification process, Infosec Partners offer a 1 day Maritime Cyber Baseline training course, providing the latest understanding of the scope and requirements. What it means for your organisation, and what is required in order to pass a Maritime Cyber Baseline certification audit.
The training defines a formal program for vessels, fleets and third parties to achieve and maintain formal compliance to the IMO 2021 cyber regulations.
Discover the steps to Compliance
The Infosec Partners’ Maritime Cyber Baseline Awareness Training is a 1 day CPD Certified course delivered by our team of maritime cyber security experts.
Designed for vessel owners, engineers, captains, management companies, shipyards and anyone else interested in cybersecurity of vessels at sea, the course outlines the required steps to discover, then secure a vessel’s systems, including the necessary processes to ensure that the vessel meets compliance.
The training details a structured framework assurance that cyber risks are appropriately managed and that there are both resources and processes in place to detect and respond to potential cyber breaches.
Participants will learn:
- How to check your own systems for readiness
- What areas of cyber are reviewed and tested
- What is considered ‘good enough’ in each area
By the end of the 1 day course, participants will have knowledge in the following areas of the Maritime Cyber Baseline and IMO Cyber Resolution:
- Boundary firewalls
- Secure configuration
- IT/OT Environments
- Access control
- Malware protection
- Patch management
Can I demonstrate compliance to IMO Maritime Cyber Resolution MSC.428(98) without getting the Maritime Cyber Baseline certification?
Yes, you can, although it is likely to be more expensive and take longer through the need for external consultants and additional services. In addition, many within the maritime industry report that they are putting significant effort into demonstrating compliance yet are not 100% confident that they are in fact compliant.
The Maritime Cyber Baseline enforces a standard level of control that can be evidenced across a large range of vessels. Without the Maritime Cyber Baseline it is difficult to know whether security controls and procedures are adequate and if compliance has been met.
Insurance is a key driver for the introduction of the Maritime Cyber Baseline scheme. Brokers and underwriters typically attempt to gauge the effectiveness of a potential policy holders’ cybersecurity controls onboard through a series of questionnaires, often without a clear method of marking and grading responses. In some instances, they also demand that technical tests are performed to demonstrate levels of protection, and these are different across insurance products as there are no baseline tests. Through the Maritime Cyber Baseline scheme, insurance brokers can measure cyber protection against a common baseline without incurring costs pre-quotation stage. This should also allow the market to stabilise, ultimately resulting in reduced premiums.
To mitigate against the risks of unqualified consultants and businesses providing cyber security advice to the maritime sector, there is a strict program to certify both an organisation and also a consultant to be approved to run the audits and produce certifications.
A company wishing to become a certification body for the Maritime Cyber Baseline must demonstrate they have a formal company wide accreditation such as ISO 27001 or IASME Governance, whilst individual consultants must work for an approved certification body and also demonstrate experience and professional qualification in the following 3 areas:
- Cyber Security Professional
- Maritime Experience
- Operation Technology (OT)
In order for the Maritime Cyber Baseline to run effectively there is a need for a single entity to administer and operate the scheme.
IASME is an organisation that has a history of operating large scale certification schemes and is committed to helping businesses improve their cyber security, risk management and governance through an effective and accessible range of certifications.
IASME currently operates the most widely deployed optional cyber certification globally – Cyber Essentials – on behalf of the UK NCSC. In addition, IASME offers IASME Governance, which is an alternative and easier route to achieve business wide cyber assurance than ISO 27001, plus a number of schemes across other sectors, including the Civil Aviation Authority Assure Scheme, Counter Fraud Fundamentals Scheme and the Internet of Things Security Assured scheme.