Select Page

Cybersecurity for Marine and Offshore

LRQA Nettitude provides independent assurance and threat-led cybersecurity services to marine and offshore organizations around the globe.

Why Do Marine and Offshore Organizations Need to
Pay Attention to Cybersecurity?

The marine and offshore industries are becoming more connected, more dependent on advanced technology and more digitally aware. Most marine and offshore companies are steering their future strategies toward digital transformation.

Statistics confirm that the threat of unauthorised data access and maritime cyber-attacks is serious and growing – and systems or data hacking can directly impact an organization’s ability to control its critical systems. Marine and offshore cyber threats are simply the new risk battleground in industries where safety and security have always been paramount.

Today’s range of cybersecurity-driven challenges include:

1) Reliance on digital communication, automation and interconnected technologies. This leaves infrastructure vulnerable to cyberattacks.

2) Complexity of the marine and offshore ecosystem. Multiple stakeholders, industry bodies, administrations and regulators at an international, national and sector-specific level add additional challenges around compliance with cybersecurity best practices.

3) Potential for legal liability around vessel delays and subsequent cargo, supplier or passenger claims. Marine and offshore organizations must ensure that cybersecurity processes do not impede them in meeting strict timelines.

4) A lack of industry awareness around cyber threats. A lack of awareness and staff training remains an issue in the marine and offshore industries, making them susceptible to targeted phishing attacks.

Facing this complex cyber threat landscape requires a shift in mindset.

Threat-Lead Approach

Cybersecurity is the single largest growing threat to organizations globally, as the expansion of threat surfaces through interconnected technologies and automation significantly increases exposure and risk.

Additionally, the cybersecurity landscape is rapidly changing; as threat actors adjust their approaches in response to advances by security professionals and technical defenders. Through a dedicated Research and Innovation team, LRQA Nettitude looks at how marine and offshore organizations can create a scalable cybersecurity strategy.

Threat Briefings

Cybersecurity
Concerns in
Key Ships Systems

8 Cyber Threats
Facing the Marine and Offshore Sector

Cyber Impacts for
Cruise Ships and Super Yachts

GPS Cybersecurity
Threats and Impacts

Security Considerations
for Remote Access Solutions Onboard Ships

How Targeted Phishing
Emails Are Impacting the
Shipping Sector

Cyber Risks in Ships Communications Systems

Security Challenges
on Modern Ships

Marine and Offshore
Cyber Briefing: Threat Case Studies

IMO Resolution on Cybersecurity (Operational level)

The International Maritime Organization (IMO) released a resolution and guidance around cyber risks in 2017.

1. Resolution (Mandatory) Maritime Cyber Risk Management in Safety Management System (Resolution MSC.428(98))

2. Guidelines (Recommended) on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3)

The Maritime Safety Committee adopted the resolution MSC.428(98) (Maritime Cyber Risk Management in Safety Management Systems) in June 2017. This resolution:

– AFFIRMS that an approved safety management system should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code

– ENCOURAGES administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company’s Document of Compliance (DOC) after 1 January 2021.

The ISM Code covers many areas that are impacted by cyber capabilities such as roles and responsibilities, risk assessments and management, training, awareness and the implementation of relevant procedures to ensure cyber safety is maintained. LRQA Nettitude’s consultants have extensive experience across all areas of cybersecurity including IT/OT architecture, cyber event preparation, technical security controls, assurance/penetration testing. LRQA Nettitude can assist ship operators to be best prepared for the DOC and SMC audits that will be required post-January 2021.

LRQA Nettitude also works closely with ship owners to ensure that operators are preparing at the right pace and priority and with shipyards and marine technology vendors (IT and OT) to ensure that new vessels are built with cybersecurity considerations included from the outset in the designs, build and commissioning.

Cybersecurity For Marine and Offshore

LRQA Nettitude have developed a comprehensive suite of products and services for the marine and offshore market. These are not just designed for Class or for the IMO/ISM Code resolution, but also for organizations to consider holistically the impact and remediation/detection capabilities needed for their whole company, suppliers and cloud services.

Where To Start – The Cyber Journey

Cybersecurity can very quickly descend into technical language and conversations that are hard to relate back to the business. Impacts and threats can be imagined or blown out of proportion. However, it is important to do something, and the best starting point is to understand the risk – the real risk – your organization is facing.

The diagram below shows how you can start with a simple risk assessment that can be used to progress to more strategic plans and capabilities.

Class Services

LRQA Nettitude is part of one of the world’s largest and most respected classification societies and can guide you through a non-prescriptive, fully integrated, risk-based approach, assuring the security of cyber-enabled ships from concept to operation. The following technical guidance has been developed by LRQA Nettitude to allow clients to adopt cyber technology safely and securely:

LR Cybersecurity Framework (CSF)
Defining a best practice cyber framework for the marine and offshore industries, aligned to recognised standards.

LR ShipRight Procedures
Defining cyber requirements for a vessel to be in Class both at design/build stages and in operational use.

Type Approvals
Defining requirements for HW and SW components deployed onboard a vessel.

Compliance-Based Services

As well as preparing for the IMO operational requirements to be met through the ISM Code and implemented Safety Management System, LRQA Nettitude also helps the organization adopt best practice industry standards. As advised by BIMCO, to successfully defend against attacks, a marine business should understand which events could happen, what the consequences of those events would be, and how they can be detected. This summarises LRQA Nettitude’s approach well.


LRQA Nettitude provides marine and offshore organizations around the world with security services for managing corporate governance, risk management and compliance with sector-specific regulatory requirements like BIMCO, TMSA, IMO, IACS, US Coastguard, UK DfT as well as NIST, ISO and PCI DSS.

We provide these services for applications within all areas including passenger and cruise vessels, LNG, bulk carriers, tankers, mega yachts, military systems and fixed and mobile offshore assets.

Effective Cybersecurity Strategy at The Organizational Level

Developing an effective, relevant and pragmatic approach to the threats faced by cyber incidents starts with strategic intent and direction. Ensuring that the risks are understood and that the right operational capabilities and actions are taken is key. Ensuring a governance process that manages changes and provides the right level of assurance is essential.

Appropriate coverage of ships, shore, fixed and mobile assets, and third parties as well as future buildings, regulations, and Class and national requirements must be part of this holistic approach. LRQA Nettitude has developed guidance on how to build an effective cybersecurity strategy and program and can assist your organization in implementing this from the board room to the engine room.

LRQA Nettitude Can Help Your Maritime Organization Become Cyber Secure

Explore our related cyber services for maritime clients:

Cybersecurity Strategy
and Planning

Create a board-level
cybersecurity strategy & plan

Learn More

ISO 27001

Addresses requirements
for an information security
management system

Learn More

Security Audit

Analyse your IT infrastructure,
exposing weaknesses and
high-risk practices

Learn More

Managed Security

Outsource your network
security services to
cybersecurity experts

Learn More

Managed Detection
and Response

Improve your ability to detect
and respond to threats

Learn More

Red Teaming

Assessment that simulates
threats to evaluate how you
would stand up to a real adversary

Learn More

Social Engineering

Explore human weaknesses
found in the organization

Learn More

Penetration Testing

Evaluate the security
of your system(s)

Learn More

Web Application Testing

Assess applications for
potential bugs before
going live

Learn More

Incident Response

Address and manage the
aftermath of a security breach
or attack

Learn More

Security Training

Deliver security awareness
training for key business
stakeholders such as employees

Learn More

Why Choose LRQA Nettitude As Your Cybersecurity Partner?

Mitigate cyber risk

LRQA Nettitude is perfectly placed to act as a trusted partner for marine and offshore organizations as they build a robust cybersecurity strategy. LRQA Nettitude provides a complete suite of maritime cybersecurity services to help clients identify, protect, detect, respond, and recover from cyber threats.

We understand the threat landscape and the changing regulations faced by the marine and offshore industries and know how to deliver a cost-effective solution while reducing vulnerability to cyber threats. Our work helps to ensure that marine and offshore organizations assets and processes are secure, safe, sustainable, and compliant with the applicable regulations.

LRQA Nettitude helps its clients to stay one step ahead of cybercriminals, giving a first-line cyber defence and response to all types of incident, and resilience to stand up to cyber-attacks. It also encourages intelligence sharing amongst the technology industry, and sophisticated testing to mitigate an organizations risk of a breach or an attack at every level.

LRQA Nettitude’s cybersecurity credentials

As a trusted member of CREST and one of the world’s first accredited CBEST testing organizations you can be sure that you are in the most capable hands.

We are proud to be one of the few global companies that is certified by CREST across all key disciplines. Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence. In parallel, we were the first organization to be accredited for our Security Operation Centre services.

LRQA Nettitude are certified by a range of governing bodies for our work within highly regulated industries, in the maritime sectors and the payment card industry and are approved as a Qualified Security Assessor (QSA) company. We practise what we preach and have the highest levels of rigour applied to all the risk management and security controls that are relevant to our organization itself. We are certified against ISO 27001 and ISO 9001.

LRQA Nettitude’s research and development

Through its research and development (R&D) as well as active client work, LRQA Nettitude’s dedicated R&D team analyses and studies threat actor behaviour, gaining greater insight into the specific threat landscape within the maritime sector. You can also access LRQA Nettitude’s latest zero-day discoveries through LRQA Nettitude Labs and subscribe to receive LRQA Nettitude’s most recent findings as they are publicly released. 

General Enquiry.

speak to our experts

Cybersecurity for Marine and Offshore

LRQA Nettitude provides independent assurance and threat-led cybersecurity services to marine and offshore organizations around the globe.

Why Do Marine and Offshore Organizations Need to Pay Attention to Cybersecurity?

The marine and offshore industries are becoming more connected, more dependent on advanced technology and more digitally aware. Most marine and offshore companies are steering their future strategies toward digital transformation.

Statistics confirm that the threat of unauthorised data access and maritime cyber-attacks is serious and growing – and systems or data hacking can directly impact an organization’s ability to control its critical systems.

Marine and offshore cyber threats are simply the new risk battleground in industries where safety and security have always been paramount.

Today’s Range of Cybersecurity-Driven Challenges Include:

1) Reliance on digital communication, automation and interconnected technologies. This leaves infrastructure vulnerable to cyberattacks.

2) Complexity of the marine and offshore ecosystem. Multiple stakeholders, industry bodies, administrations and regulators at an international, national and sector-specific level add additional challenges around compliance with cybersecurity best practices.

3) Potential for legal liability around vessel delays and subsequent cargo, supplier or passenger claims. Marine and offshore organizations must ensure that cybersecurity processes do not impede them in meeting strict timelines.

4) A lack of industry awareness around cyber threats. A lack of awareness and staff training remains an issue in the marine and offshore industries, making them susceptible to targeted phishing attacks.

Threat-Lead Approach

Cybersecurity is the single largest growing threat to organizations globally, as the expansion of threat surfaces through interconnected technologies and automation significantly increases exposure and risk.

Additionally, the cybersecurity landscape is rapidly changing; as threat actors adjust their approaches in response to advances by security professionals and technical defenders.

Through a dedicated Research and Innovation team, LRQA Nettitude looks at how marine and offshore organizations can create a scalable cybersecurity strategy.

Why Choose LRQA Nettitude As Your Cybersecurity Partner?

Mitigate cyber risk

LRQA Nettitude helps its clients to stay one step ahead of cybercriminals, giving a first-line cyber defence and response to all types of incident, and resilience to stand up to cyber-attacks.

It also encourages intelligence sharing amongst the maritime industry, and sophisticated testing to mitigate an organizations risk of a breach or an attack at every level.

LRQA Nettitude’s cybersecurity credentials

As a trusted member of CREST and one of the world’s first accredited CBEST testing organizations, you can be sure that you are in the most capable hands.

We are proud to be one of the few global companies that is certified by CREST across all key disciplines.

Our team of consultants have achieved the highest accreditations for Penetration Testing, Red Teaming, Incident Response services and Threat Intelligence.

In parallel, we were the first organization to be accredited for our Security Operation Centre services.

LRQA Nettitude are certified by a range of governing bodies for our work within highly regulated industries, in the financial sectors and the payment card industry and are approved as a Qualified Security Assessor (QSA) company.

We practise what we preach and have the highest levels of rigour applied to all the risk management and security controls that are relevant to our organization itself. We are certified against ISO 27001 and ISO 9001.

LRQA Nettitude’s research and development

Through its research and development (R&D) as well as active client work, LRQA Nettitude’s dedicated R&D team analyses and studies threat actor behaviour, gaining greater insight into the specific threat landscape within the maritime sector.

You can also access LRQA Nettitude’s latest zero-day discoveries through LRQA Nettitude Labs and subscribe to receive LRQA Nettitude’s most recent findings as they are publicly released.

General Enquiry.

speak to our experts