Maritime Cyber Security

Maritime Cyber Security starts with compliance with IMO MSC.428(98) and will have to be kept up as companies embrace digitization of workflow, remote surveys and inspection, and IoT-driven data analytics. Maritime digitization is not a matter of choice but of commercial survival. Our fully-managed Cyber Security Solution is not just about compliance but enabling our customers to run their vessels and business processes under the protection of the best cybersecurity tools and practices.
Maritime Cyber Security
Process - Cyber Security

IMO Guidelines

In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The resolution stated that an approved SMS should consider cyber risk management in accordance with the objectives and functional requirements of the (International Safety Management) ISM Code. 

It further encourages administrations to ensure that cyber risks are appropriately addressed in SMS no later than the first annual verification of the company’s Document of Compliance (DoC) after 1 January 2021.  As per IMO guidelines, effective cyber risk management should start at the senior management level. Senior management should embed a culture of cyber risk management into all levels and departments of an organization and ensure a holistic and flexible cyber risk governance regime, which is in continuous operation and constantly evaluated through effective feedback mechanisms.

US National Institute of Standards and Technology (NIST) 

In addition to the IMO resolution, the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework Version 1.1 is also used as a reference. The NIST Cybersecurity Framework assists companies with their approach to risk assessments by helping them understand an effective approach to manage potential cyber risks both internally and externally. 

As a result of applying the Framework, a “profile” is developed, which can help to identify and prioritize actions for reducing cyber risks. The profile can also be used as a tool for aligning policy, business, and technology decisions to manage the risks.

The NIST recently released a preliminary draft of its Cybersecurity Framework Profile for Ransomware Risk Management.

National Institute of Standards and Technology

International Association of classification Societies (IACS)

The International Association for Classification Societies (IACS) has issued a “Recommendation on Cyber Resilience (No. 166)”. This recommendation consolidates IACS’ previous 12 recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems, which provide control, alarm, monitoring, safety or internal communication functions that are subject to the requirements of a classification society.

We at Varuna Marine Can help!

Our fully managed cybersecurity solution comes with owner’s dashboard as shown here. The dashboard captures all cyber security-related KPIs and ensures compliance at all times. Our team of Cyber Security experts will carry out an annual and biannual soft and hard audit to ensure a full test of readiness against any external cyber attack. 

Our approach to Cyber Security Compliance in line with MSC.428 (98) and consist of the below modular solution:

1. Onboard vessel and Shore office Network mapping

This helps us to visualise all end points on the Network and apply control measures. Network map also allows to implement network segregation to separate critical business and operational network from non-critical networks. Additionally, firewall and explicit and implicit trust between networks are implemented basis the network map.

2. IT and OT Inventory

This together with Network maps helps us to conceptualise the cyber security policy.

3. Drafting Cyber Security Policy

After studying the Network maps, IT and OT inventory , role definition of personnel within the organisation.

4. Staff Training module

Customised to the organisational needs for the crew and office staff will be clearly defined in relation to the risk identified and recommended control measure.

5. Loading the inventory, network map, training module and all policy in our Dashboard

Where the company cyber security officer and vessel cyber security office can view and control all KPIs in one user friendly dashboard.

6. Active Network Monitoring

This is a modular solution that is provided for owner requiring real time network monitoring for early detection and remedial action for cyber threat.

24/7 Cyber Security call-in line and ticketing-based system available to avail.

Request a 15 minutes Demo at:

It’s free and without any commitment!