Welcome to the
CyberIQs Knowledge Centre

Clear all

Cyber security assessments in the maritime industry

3 Posts
3 Users
New Member
Joined: 2 years ago
Posts: 1
Topic starter  

Hi everyone! do you know of any resources for assessing cybersecurity in the maritime industry? There seems to be some guidelines around cyber security developed by BIMCO but it seems very generic. I do need to assess the cyber security posture for several organisations in the maritime sector. What frameworks can I use?, Are assessment for companies in the maritime industry different than in other industries?


New Member
Joined: 2 years ago
Posts: 1

Hey Willjack, maritime companies are assessed like the rest of companies. The only different is that they have an OT (operational technology ) side which falls within the vessels. ISO27001 and NIST frameworks are probably the most frequent security frameworks in used to improve the organisation's posture. My recommendation is that you use one these two frameworks to assess the "traditional" IT and the "Guidelines on Cyber Security on board Ships" created by BIMCO to create a security baseline for the company's vessel fleet.

good luck!

konsultant reacted
Active Member
Joined: 2 years ago
Posts: 9

Rupeshh, as Richardc mentioned risk in maritime organization is treated with the same frameworks. Some organizations are ISO others (few) NIST.

My recommendation is that you use NIST is your customers are happy. The reason I suggest NIST is because it was specifically designed for organizations in the critical industries and because in the special case of the maritime industry the United States Cost Guard customized and created especial NIST profiles for organizations in the maritime industry.

The customizations are for the following maritime areas:


  • Maritime Bulk Liquids Transfer
  • Offshore Operations
  • Passenger Vessel Operations

In each are the USCG developed which are the main drivers and objectives of organizations operating in these specific areas of maritime, and these profiles allow you to align your cyber risk reduction practices to meet these drivers.

Let me provide you with an example, let's say your customer falls within the Passenger Vessel Operations sector within maritime.

The mission objectives and drivers developed by USCG are the following:

C-1       Mission Objective 1: Maintain Human Safety. C-3

C-2       Mission Objective 2: Maintain Marine Safety and Resilience. C-12

C-3       Mission Objective 3: Maintain Environmental Safety. C-23

C-4       Mission Objective 4: Maintain Guest Support, Basic Hotel Services. C-32

C-5       Mission Objective 5: Maintain Regulatory Compliance. C-45

C-6       Mission Objective 6: Assure Secure Communications by Function and Mode. C-56

C-7       Mission Objective 7: Optimize and Enhance Guest Experience and Value  C-72

C-8       Mission Objective 8: Maintain Supply Chain and Turnaround. C-83

C-9       Mission Objective 9: Disembarking, Embarking, and Turnaround. C-90

C-10     Mission Objective 10: Coordinate Port Operations. C-101

C-11     Mission Objective 11: Assure (Optimize) Asset Lifecycle Management C-116

C-12     Mission Objective 12: Maintain Passenger Information and Accounting Systems. C-124

C-13     Mission Objective 13: Manage, Monitor, and Maintain Non-Guest-Facing Back Office Technology. C-136


You can develop a NIST assessment and program for your client that aligns with any of these drivers that they wishes to pursuit for their organization. This customization provides the highest level of integration between business and risk reduction.

Maritime: Oil & Natural Gas | NCCoE (nist.gov)

Ask questions if you need it!