Cyber security scheme developed by Malvern company will help prepare maritime industry for increasing cyber threats

Royal Institute of Naval Architects

A new scheme developed by Malvern-based IASME and supported by The Royal Institution of Naval Architects (RINA), will help shipping operators and vessel owners in the maritime industry improve their cyber security and align with the IMO Maritime Cyber Risk Management guidelines.

The maritime industry accounts for the movement of 90 per cent of world trade, making it very attractive for cyber criminals. Over the past three years cyber-attacks on shipping have increased by 900 per cent.

The digitisation of the maritime sector and the development of autonomous vessels means the cyber security risk to shipping is likely to increase and few vessels are sufficiently prepared for an attack, despite the 2020 Safety at Sea and BIMCO Maritime Cyber Security survey reporting that despite most respondents do see cyber-attacks as a significant risk.

The IASME Maritime Cyber Baseline scheme is open to vessels of all sizes and classifications, including yachts, commercial, passenger ships and merchant vessels. It provides an affordable and practical way for operators and owners to improve their cyber security to counter emerging threats and to reduce the likelihood of a cyber-attack disrupting their day-to-day operations. The scheme has been developed in partnership with maritime experts Infosec Partners.

The IASME Maritime Cyber Baseline scheme enables shipping operators and vessel owners to reassure supply chain partners, passengers, flag and port authorities that a vessel has the suitable cyber security controls and processes in place. They can demonstrate compliance through an IASME Maritime Cyber Baseline digital certificate that can be displayed onboard a vessel and in any business communications.

Chris Boyd, Chief Executive of The Royal Institution of Naval Architects, said: “The Royal Institution of Naval Architects are delighted to be supporting IASME’s new maritime cyber security scheme and recognise it as an effective way for operators and owners to improve the security of their vessels. The maritime sector is a vital part of the global economy; RINA and its members play a key part in ensuring the vessels are secure throughout their lifecycle. We encourage all those involved in the sector to look at IASME Maritime Cyber Baseline as a practical way to reduce the disruptive impact of cyber-attacks.”

Dr Emma Philpott MBE, CEO of IASME said: “We are really excited to be tackling the difficult issue of cyber security within shipping with our new Maritime Cyber Baseline scheme. IASME has revolutionised the approach to cyber security within businesses through our IASME Governance certification and most recently has worked with the Civil Aviation Authority to deliver their cyber security audit scheme for the aviation sector. We look forward to getting directly involved with shipping operators and owners to improve their security and get them certified to the new scheme”

The scheme is focussed on a set of core security controls that have maximum impact on cyber security and give the best return on the effort and investment in their implementation. It has two stages of assurance:

  • Verified self-assessment = basic level of assurance
  • Audited = higher level of assurance

The controls that must be put in place onboard are the same for both levels of assurance.

The verified self-assessment requires ship owners/operators to answer a series of questions about their vessel using the IASME secure online portal. The owner is required to sign a declaration attesting that the answers to the questions are accurate. The applicant receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.

The audited stage involves a review of systems, processes and to verify the answers provided in the self-assessment. This level must be completed by all vessels 500 gwt or over to achieve certification.

If the vessel passes the assessment, it is awarded Maritime Cyber Baseline certification. To maintain certification, an annual verified self-assessment must be completed on the first and second anniversary of the audit to demonstrate continued compliance.