Developed by IASME and supported by The Royal Institution of Naval Architects (RINA), the IASME Maritime Cyber Baseline scheme launched.
The scheme aims to help shipping operators and vessel owners to improve their cyber security and align with the IMO Maritime Cyber Risk Management guidelines.
It is also open to vessels of all sizes and classifications, including yachts, commercial, passenger ships and merchant vessels.
It provides a way for operators and owners to improve their cyber security to counter emerging threats and to reduce the likelihood of a cyber-attack disrupting their day-to-day operations.
Furthermore, the IASME Maritime Cyber Baseline scheme enables shipping operators and vessel owners to reassure supply chain partners, passengers, flag and port authorities that a vessel has the suitable cyber security controls and processes in place.
Chris Boyd, Chief Executive of The Royal Institution of Naval Architects, stated:
The Royal Institution of Naval Architects are delighted to be supporting IASME’s new maritime cyber security scheme and recognise it as an effective way for operators and owners to improve the security of their vessels
The scheme is focussed on a set of security controls that have maximum impact on cyber security and give the best return on the effort and investment in their implementation. It has two stages of assurance:
- Verified self-assessment – basic level of assurance
- Audited – higher level of assurance
The controls that must be put in place onboard are the same for both levels of assurance.
Verified self-assessment
The verified self-assessment requires ship owners/operators to answer a series of questions about their vessel using the IASME secure online portal.
The owner is required to sign a declaration attesting that the answers to the questions are accurate. The applicant then receives feedback from the assessor on how they can improve the security of their vessel depending on the answers provided to the various questions.
Audited
The audited stage involves a review of systems, processes and to verify the answers provided in the self-assessment. This level must be completed by all vessels 500 gwt or over to achieve certification.
If the vessel passes the assessment, it is awarded Maritime Cyber Baseline certification. To maintain certification, an annual verified self-assessment must be completed on the first and second anniversary of the audit to demonstrate continued compliance.
Smaller vessels under 500 gwt are required to complete the verified self-assessment stage only to achieve certification.
All vessels of 500 gwt or over are required to complete both the verified self-assessment stage and the audited stage to achieve certification.
This news comes as DNV will acquire the industrial cyber security specialist Applied Risk, thus creating the world’s largest industrial cyber security practice.
What is more, Bureau Veritas and Vestas have both been impacted by cyber attacks recently, affecting their operations.