ME Maritime Cyber Baseline is a cyber security certification scheme for maritime vessels of all sizes and classifications. Certification gives assurance to owners, managers and clients that suitable cyber security controls and processes are in place on maritime vessels to reduce the risk of a cyber attack occurring.
Introducing Sea World Management S.A.M
Founded in 1990, Sea World Management S.A.M. is a Ship Management Company formed by a team of over 30 shipping experts specialising in product tanker, dry bulk, and offshore cable vessels management.
The Monaco based firm offers a comprehensive service platform for investors and ship owners to manage investments across all shipping segments. The Technical Management Team operates all managed vessels in full compliance with the International Safety Management Code and International regulations to meet the requirements of ship-owners, flag states, port states, class societies, charterers and other stakeholders.
How does IASME Maritime Cyber Baseline certification work?
Developed in partnership with maritime experts, Infosec Partners and supported by The Royal Institution of Naval Architects, IASME Maritime Cyber Baseline supports a path towards compliance within the IMO Maritime Cyber Risk Management guidelines.
The IASME Maritime Cyber Baseline scheme has been designed with two stages of assurance:
- Level One is a verified assessment and offers a basic level of assurance
- Level Two includes an audit and offers a higher level of assurance
The Level One verified assessment requires the applicant to answer a series of questions about the vessel using the IASME secure online portal. The questions cover key aspects such as ‘Firewalls and Security Gateways’, ‘Secure Configuration’, ‘Managing Vulnerabilities’, ‘Access Control’ and ‘Malware Protection’.
A supervisor at board level is required to sign a declaration attesting that the answers to the questions are accurate. The verified assessment is then forwarded to a designated IASME Maritime Cyber Assessor to review. If the pass mark is achieved, the vessel is awarded a Level One Maritime Cyber Baseline Certification which is valid for one year.
The Level Two audit certification firstly requires the applicant to complete the verified assessment; once completed and a pass mark achieved, the IASME Maritime Cyber Assessor follows a strict schedule of technical tests. If the vessel passes, it is awarded a Level Two Maritime Cyber Baseline certification which is valid for three years.
Certifying a fleet of vessels
In July 2023, Sea World Management S.A.M were asked by Italian Cable Layer Shipowners – a leader operator in the production of cables for energy and telecommunication – to achieve IASME Maritime Cyber Baseline for their fleet of four vessels.
We spoke to Stefano Dalmasso, Offshore HSEQ Manager at Sea World Management S.A.M. who gave us some insights about the process of certifying a fleet of ships.
“Due to the sensitive nature of maritime operations and the potential risks associated with cyber threats, we endeavour to establish a high level of cyber security by firstly reviewing the Safety Management System (SMS) for all of our vessels against the following guidelines:
- UK Government Dept of Transport/IET, Code of Practice: Cyber Security for Ships
- BIMCO “Guidelines on Cyber Security Onboard Ships
- OCIMF, Tanker Management and Self-Assessment
- IMO “Guidelines on Maritime Cyber Risk Management” MSC-FAL.1/Circ.3 & MSC resolution 428 (98)
This review is effective at identifying potential cybersecurity threats and vulnerabilities specific to the maritime environments such as the type of ship, its operational area, onboard systems, crew capabilities, and potential adversaries. After completing the SMS review, our next priority was to complete the IASME Maritime Cyber Baseline Level One assessment questionnaire.
Initially, our ship-based Electronic Technical-Officer (ETO) and our contracted IT-support company completed the Maritime Cyber Baseline Level One verified assessment and submitted it through the online portal provided by IASME
In the first instance, we received constructive feedback from our designated Assessor that some ‘fine-tuning’ was required to obtain the pass mark and achieve Level One Certification. In light of this, we dispatched an expert IT Engineer to visit each vessel we were certifying who was then able to retrieve all the required data the Assessor needed to pass the Level One assessment criteria.
Thanks to the extended and valued support from our designated Assessor, Mr. William Wright of Closed Door Security, our fleet has achieved our first ever IASME Maritime Cyber Baseline Certifications. The whole process took less than six months, and we achieved certification for the four ships in early March 2024.
Cyber security is of course an integral part of the ships auditing process (ISSC Audit) to meet the requirements set by Flag States and delegated Recognised Organisations, such as Lloyd’s Register of Shipping (LRS), American Bureau Veritas (ABS), Registro Italiano Navale (RINA) etc. By also having the IASME Maritime Cyber Baseline certification in place, we can show these authorities and the whole maritime sector that we take cyber security seriously and have put processes in place to help reduce the risk of a cyber attack occurring on our ships. Completing the assessment has also given us updated information in regard to our IT and OT systems, will be of significant value when we need to complete our own Shipboard Security Verification Audits (ICCS/ISPC code).
Where to next?
Our next proactive step towards best industry practice is to achieve the Level Two IASME Maritime Cyber Baseline Certification for all those vessels that are currently certified to Level One.”
To find out more about IASME Maritime Cyber Baseline, email the scheme Certification Manager, [email protected]