New Organization Seeks to Build Maritime Cyber Security Capabilities
A new group calling itself the International Maritime Cyber Security Organisation (IMCSO) is launching to provide an independent third-party standard to elevate cybersecurity services in the maritime world. According to the organization, while there are many cyber professionals few have specialized maritime expertise while the threat to ships and shipping interests continues to increase.
While no specific example of a ship being commandeered or victimized by a cyber attack has been documented, shipping companies, port authorities, and even the International Maritime Organization (IMO) have been attacked. As ships become more connected and while the prospects of remotely operating ships loom for the future, experts highlight that cyber dangers are only increasing for the maritime world.
“Cybersecurity has been mandated by the International Maritime Organization (IMO) which requires shipping companies to implement measures to protect their onboard safety management systems and to regularly audit them. However, the change in legislation has given rise to a new maritime cyber security industry that has proven to be variable in its approach to assessing systems and interpreting the standards,” explains Campbell Murray, CEO of IMCSO.
He explains the goal of the organization is to raise the standard of cybersecurity risk assessment across the maritime industry. IMCSO reports it will devise certification programs for security consultants and a professional register, and validate report outputs to ensure consistency. They plan to provide tools both to identify experts in maritime cyber security as well as to track the risk to individual vessels.
They point out that captains, officers, and crewmembers are busy and do not necessarily have the expertise to oversee cyber auditors conducting assessments. IMCSO aims to address the challenges emerging in the sector by equipping the security industry to conduct these tests in an appropriate, safe, and uniform manner, thus enabling the sector to benchmark compliance. One of the challenges they point to is a variety of different methodologies currently and varying requirements over the information that needs to be submitted to port authorities and insurers.
In addition to a certification program with training, IMCSO plans to provide registries. It will highlight cyber security suppliers within the maritime cyber security specialty. Shipping companies they report will be able to search the database to look for personnel experienced in a specific domain and location.
A risk register database will also be maintained by the IMCSO containing the results of ship assessments and audits enabling relevant parties to access the cyber risk profile of any given vessel. Through standardization of data and formats, they say it will make it much easier for the consumers of this information, such as port authorities and insurance providers, to consider a vessel’s cyber risk.