Addressing the cyber security challenge
Cyber security has become a major concern for the marine industry. It needs to be addressed appropriately to protect the rapidly growing fleet of connected ships and their software-controlled and integrated systems from cyber-attacks. Against a backdrop of significant cyber security weaknesses in critical technology, lack of insurance coverage for losses caused by cyber incidents and an increase in reporting of such incidents, the objective is to safeguard information, operational technology infrastructure and connected equipment. This is achieved through control of physical access to hardware, protection against harm from networks, data or code injection and awareness training to avoid (intended) malpractice by operators.
Bureau Veritas has developed a holistic approach to support its clients to manage the cyber security challenge. In line with the cyber security framework developed by the US National Institute of Standards and Technology (NIST), the three main steps are: identify to protect, detect to mitigate and recover to improve. As technical standards alone are insufficient, security management and risk analysis are fundamental to building hardware and software security audits and treatment and change management plans.
A new series of class notations and technical requirements covering the ship, its onboard systems and the data transfer between ship and shore-based facilities is currently being introduced to support shipowners and managers to keep control of their smart assets and systems.