The International Maritime Cyber Security Organisation (IMCSO) released its cybersecurity testing methodology for vessels looking to join the Cyber Risk Registry, a risk register database maintained by the IMCSO.
According to IMCSO, the methodology stipulates the conditions under which the cybersecurity assessments will be carried out. It acts as a legal and practical guide for cybersecurity practitioners who must adhere to the standards as a condition of their inclusion on the approved suppliers list, otherwise known as the Certified Supplier Registry, held by the IMCSO.
In addition, the Captain and crew undergoing the assessment will also be required to abide by the methodology and undergo pre-assessment training to become cyber-ready in order to better understand the process and its findings.
Testing will assess security across ten categories under the umbrella term of Operational Technology (OT), i.e., the hardware and software needed to monitor and control the physical processes of the ship. These include navigation, propulsion, electrical systems, communication, safety systems, cargo handling, environmental systems, and maintenance…
