GMM Safety | 2024-06-21 | Case Security |

The newly established International Maritime Cyber Security Organization (IMCSO) began its operations on June 18, 2024.

Its goal is to improve cybersecurity risk assessment across the maritime industry.

The initiative is in response to increased cyber risks in the maritime sector and aims to accelerate and improve cybersecurity measures onboard vessels.

IMCSO has implemented a comprehensive certification programme for security consultants and created a professional register to help shipping companies hire qualified professionals.

This initiative will ensure the maritime industry can identify and employ qualified cybersecurity personnel, addressing the sector’s current approaches.

The organization will also validate report outputs to ensure consistency and accuracy, keeping them in a central database available to authorities and third parties.

This approach will help determine the cyber risk level of vessels, allowing port authorities and insurers to make more informed decisions.

The chairman and CEO of IMCSO, Campbell Murray, stated that the IMO has mandated cybersecurity, requiring shipping firms to implement and regularly audit measures to protect their onboard safety management systems.

This mandate has resulted in the forming of a new maritime cybersecurity company, which IMCSO seeks to standardize.

IMCSO’s Maritime Standard cyber certification program provides training in four distinct domains.

Cyber workers can become offensive security practitioners or maritime cybersecurity specialists, with extra certifications available in secure by design and cloud security.

A major issue cited by IMCSO is the pressure on ship captains, who sometimes lack the time and knowledge to accompany cyber inspectors.

The organization intends to address this by enabling the security industry to undertake consistent and suitable testing, hence decreasing complexity, overheads, and delays.

IMCSO will maintain an authorized supplier registry, including approved cybersecurity suppliers in the maritime specialization.

This registry will profile firms and list the individual qualifications of their employees, making it easier for shipping companies to recruit qualified personnel.

IMCSO also intends to provide a shareable and searchable dataset of standardised vessel-by-vessel data.

This will allow the organization to monitor cyber risk trends and update key stakeholders, such as the IMO, shipbuilders, insurers, and management firms.

Captain Kaela Bermeister said that the IMCSO promises to simplify the risk assessment process and provide third parties with the necessary information to identify risks appropriately.

This will result in more accurate cyber insurance coverage and help the industry become more resilient.

Caroline Yang, president of the Singapore Shipping Association, emphasized the importance of IMCSO’s independent validation, stating that it will help their members select cybersecurity testers efficiently, guaranteeing the necessary expertise is onboard while making it easier to comply with the IMO requirements.

Reference: The Digital Ship