Connecting The Dots Across The Oceans

Apply Now

New Cyber Risk Register For Maritime Vessels By IMCSO

By /

IMCSO releases cybersecurity assessment methodology for maritime vessels into cyber risk register

The International Maritime Cyber ​​Security Organisation (IMCSO), an independent maritime standards organisation, released a new methodology for assessing cybersecurity on Monday. The methodology is designed for maritime vessels seeking to assess their cyber risk and join the IMCSO Cyber ​​Risk Register, a risk register database maintained by the International Maritime Cyber ​​Security Organisation (IMCSO).

 The methodology aims to provide standardized testing for IMCSO certified cyber security advisors and senior maritime officers to assess them by defining the scope of the test and the language used to ensure that the test is planned, executed and reported. It also seeks to define the scope, language and end product required to train senior shipping personnel and assess operational technology by creating standardized tests.

The program is designed to support IMCSO certified cyber security advisors and the senior maritime officers who work with them, enabling them to conduct comprehensive and effective assessments. By creating a common language and methodology, the methodology improves the reliability and comparability of cyber security testing across the shipping industry, helping ships better understand and mitigate their cyber risks.

IMCSO noted that the test will assess the security of ten categories under “operational technology infrastructure”, which is the hardware and software required to monitor and control the physical operation of the ship. These include navigation, propulsion, electrical and communication systems, safety systems, cargo handling, environmental systems, maintenance systems, human factors, and regulatory and compliance issues. The assessment can be conducted at sea, onshore, or a combination of both.

Currently, the only operational technology standards available to the industry are those related to the manufacturing industry, and few standards directly assess operational technology.

The Cybersecurity Assessment Methodology defines the conditions under which a cybersecurity assessment must be conducted. It is a legal and practical guide for cybersecurity practitioners, who must comply with the standard as a condition of being included in the approved supplier list or approved supplier register maintained by IMCSO. The captain and crew undergoing the assessment will also be required to comply with the methodology and undergo pre-assessment training to be cyber-ready, so as to better understand the process and its results.

IMCSO CEO Campbell Murray said that there is currently no standard in the maritime sector to judge the quality of cyber risk assessments. “The methodology will set a precedent by providing a set of criteria that assessors should consider when engaging and against which to measure maritime security. This is a significant step forward in standardizing expectations and requirements in the maritime sector,” he added.

In addition, it is often difficult for shippers to objectively assess their operational technology suppliers, Murray explained: “Third parties and shippers have common dependencies, with common goals and integrated processes. However, with the increase in supply chain attacks, they pose a real risk to operations. This can strain relationships, but by taking a systematic approach to standardized risk assessments, companies can rely on the process to validate their suppliers’ cybersecurity posture on their behalf.”

The components of the IMCSO cybersecurity assessment methodology include basic requirements covering rules of engagement, authorization, scope of work, objectives and areas of testing; scope of work, which specifies project details and objectives and has been signed by both parties; and rules of engagement covering testing guidelines, including permitted time and limitations; permissions and legal considerations to ensure compliance with laws and written consent of stakeholders. It also covers testing methods involving the methods used; and outputs, including expected outputs such as reports and recommendations; and timelines such as start and end dates with key milestones.

The cybersecurity assessment methodology also includes a communication plan that includes contact points and reporting protocols; risk management and contingency plans to mitigate potential risks such as downtime or data loss; confidentiality and data handling to protect sensitive data and results; testing activities are conducted by qualified personnel and critical issues are reported immediately; ensuring security results are presented in an organized and easy-to-understand format; and delivering the final report in a secure and confidential manner.

The report will take a practical approach and make clear recommendations.

A Premier Source of Global Maritime Insight

MarineInsight360 is the leading online platform dedicated to providing comprehensive information about the marine industry. As a leading global platform, it not only provides information but also educates people around the world on a variety of maritime topics such as shipping, navigation, maritime law, and marine engineering. Dedicated to promoting awareness and understanding of the complexity of the marine world, MarineInsight360 is an essential reference for professionals, students, and anyone interested in the marine sector.

Ready for a rewarding career at sea? Dive into the vast wealth of global oceanographic knowledge and explore the endless opportunities in this exciting and dynamic maritime industry!

Follow us and never miss an update.
For customer support contact us at: info@marineinsight360.com
Copyrights © 2025 Marine Insight 360 | All Rights Reserved.
Scroll to Top