Skip to main content

Superyacht
Cyber Risk / Security Assessment

Understand the systems you have onboard, their criticality, what cyber security threats you may be facing and how to treat the risk

Overview

The Cyber Security Assessment (CSA) or for some Flag States referred to as a Cyber Risk Assessment (CRA), is where our experts work with you to understand the systems you have onboard, their criticality and what cyber security threats you may be facing.  We then work with you to ascertain what security measures you may already have in place to mitigate those threats, and what more can be done to reduce the risk. 

The CR/SA is often our starting point for building a Cyber Security Plan (CSP), as it enables us to rapidly immerse ourselves in how you operate and identify any risks that you may have. 

Both the Introductory Cyber Risk Review and the Full Cyber Risk Assessment meet the IMO Cyber Guidelines.  

Introductory Cyber Risk Review

The Introductory Maritime Cyber Risk Review is designed to introduce vessels to cyber security risk in a more gentle fashion, the service is aimed at vessels with a less mature cyber security posture.  The 90 minute workshop, addresses a number of essential cyber security controls and explains their importance in simple terms. The output is a report of recommendations which are prioritised and bespoke to the client.

Once the vessel has addressed the recommendations within the resultant report, the vessel should consider engaging CND for a Full Cyber Risk Assessment.

Full Cyber Risk Assessment

Busy vessels may wish to divide the workshop into 2 or 3 hour sessions. The workshop itself takes between 4 and 6 hours.

The Cyber Risk Assessment is a two-day (including reporting) workshop, led by a CND cyber security Principal Consultant and attended by your stakeholders, such as your IT Managed Service Provider, if you have one and technical members of crew. Within the workshop, we discuss a multitude of cyber security controls from a number of popular cyber security frameworks, but with a special emphasis on maritime.

The day is spent delving into numerous topics including, Security Architecture, System Hardening, and Insider Threat Prevention, with our experts offering advice and clarification.​ The ensuing discussion will assess if and how those risks are being managed and the impact any residual risk may have on your vessel. Our experts will guide you through any questions and offer advice and clarification during the workshop.

The output is a report where the various risks are prioritised along with the recommended actions to remediate them or investigate them further.

The Cyber Risk Assessment is designed to help you bridge the gap between your current cyber security position and where you need to get to in order to mitigate or manage your cyber security risks.

The United States requires all ships, U.S. flagged ships and foreign flagged ships that call on ports in the U.S, to ensure cyber risk management is appropriately addressed in their SMS.

United States Coast Guard

The Cyber Security Assessment is to adopt a risk management approach to assessing and mitigating the risks associated with the threat actors that are relevant to the ship or ships that are being assessed.

IET Code of Practice Cyber Security for Ships

IASME Maritime Cyber Baseline

We are an IASME Maritime Cyber Baseline Certification Body

The Maritime Cyber Baseline scheme provides an affordable and practical way for vessel owners, operators, managers, and builders to improve the cyber security systems onboard their vessels and helps reduce the possibility of a cyber attack occurring.

Maritime Cyber Baseline covers all vessel classifications and supports a path towards compliance within the IMO Maritime Cyber Risk Management guidelines.

The Maritime Cyber Baseline scheme is supported by the Royal Institution of Naval Architects.

Simply choose between a Level 1 verified self assessment, or a Level 2 audit