The maritime industry is integral to the flow of global commerce, transporting over 80% of the world’s goods. The push towards reducing carbon emissions has been a significant catalyst for the maritime industry to rapidly adopt connected technologies. Organisations are under pressure to integrate their ships and equipment into digital networks to remain competitive and this has made them particularly vulnerable to cyber attacks. Over the past decade the industry which now relies heavily on interconnected systems for operations, logistics, and communication has witnessed a sharp rise in cyber incidents with severe consequences. These threats have real-world consequences that can impact the environment, the economy, and the safety of human lives.
The top cyber threats facing the maritime industry today:
Ransomware Attacks: Cyber attacks where malicious software (ransomware) is used to encrypt or lock critical systems and data, rendering them inaccessible until a ransom is paid to the attackers. For example, the 2017 NotPetya attack cost Maersk over $300 million.
GPS Spoofing and Jamming: Ships rely on GPS for navigation, but cyber criminals can manipulate GPS signals to mislead vessels, potentially causing collisions, groundings, or delays.
Port Disruptions: Ports, with interconnected IT and operational systems, are vulnerable to attacks that can delay cargo, disrupt supply chains, and incur financial losses.
Phishing and Social Engineering: Human error remains a weak link, with phishing emails tricking employees into revealing sensitive information.
Legacy Systems: Many ships and ports facilities use outdated technology which no longer receive security patches or updates from vendors, leaving them exposed to known vulnerabilities that hackers can exploit.
Maritime Cyber Baseline: A Solution to Maritime Cyber Security Challenges
What is Maritime Cyber Baseline?
IASME Maritime Cyber Baseline (MCB) is a cyber security certification scheme for vessels of all classifications. The important cyber security controls outlined in the scheme help vessels take significant steps towards compliance with the cyber requirements set by the International Maritime Organisation (IMO), Port Authorities and Classification Authorities.
Certification demonstrates that a vessel has been independently assessed and achieved a baseline cyber security standard.
How MCB Works
MCB operates on two levels, offering two stages of assurance:
Level One: Verified Self-Assessment (£750 plus VAT)
At this level, organisations complete a self-assessment covering key areas such as firewalls, secure configuration, vulnerability management, access controls, and malware protection. The assessment is verified by a trained MCB Assessor, ensuring that the vessel meets the required standards.
Level Two: Audited Assessment (£1,950 plus VAT for both levels)
Level Two involves a technical audit conducted by an Assessor from one of IASME’s Certification Bodies.
Vessels that have passed the certification will receive a badge and a digital certificate that can be displayed onboard and on business communications.
Business Benefits of MCB
Certifying your vessel to Maritime Cyber Baseline provides a range of benefits:
Assurance
Reassure your supply chain partners, passengers, and flag and port authorities that your vessel has suitable cyber security controls and processes in place to reduce the risk of a cyber attack occurring.
Resilience
By implementing the cyber security controls and practices outlined in the MCB framework, you’ll be better prepared to prevent, detect, and respond to cyber incidents, reducing the likelihood of costly disruptions.
Competitive Edge
In today’s market, a cyber security certification is a differentiator. An MCB certification can give you a competitive advantage over organisations that lack robust cyber resilience.
Cost Savings
While there’s an upfront investment in achieving certification, the long-term savings from avoiding cyber incidents can be significant.
Future-proofing
MCB helps future-proof your organisation by providing a strong foundation to adapt to evolving cyber threats.
To find out more about IASME Maritime Cyber Baseline, email the scheme Certification Manager [email protected]