Maritime cyber security

Securing processes, people and new technology

Vessel systems are becoming increasingly complex and are integrated with other systems both on board and onshore. This requires an extended risk and safety assessment involving cyber security, with the aim to continuously ensure the safety of the crew, passengers and assets.

There are various reasons why owners and ship managers need cyber security, including:

  • New technology, more automation and digitalization, which are being introduced to enable our industry to be more efficient 
  • The ISM Code, underscored by IMO Resolution MSC.428(98) (see also IMO Guidelines on Maritime Cyber Risk Management.)
  • IACS unified requirements for Cyber security mandatory for new vessels contracted for construction after 1st of January 2024, E26 and E27
  • Rating schemes, such as TMSA 3 and OVMSA 2, and RightShip’s vetting and IADC requirements, which may impact your chances of getting a charter 
  • Standard insurance contracts, which exclude coverage of cyber incidents (CL.380); more and more insurance companies are offering to buy back this exclusion if proper cyber security can be proven 
  • Banks, which may want to see proof of proper cyber security in order to grant loans for buying/building vessels 
  • Ensuring continuous operation of vessels during and after an unintentional cyber incident or a malicious targeted/untargeted cyber-attack 

Building cyber security resilience includes assessing the status quo, defining your cyber security objectives, developing measures to reach them and striving for continuous improvement.

  • Cyber security team

Recommended actions and related support
from DNV

DNV recommends assessing all three dimensions relevant to achieve cyber security resilience on board vessels and in offices: people, processes and technology.

DNV recommends assessing all three dimensions relevant to achieve cyber security resilience on board vessels and in offices: people, processes and technology, cf. DNV RP-0496 “Cyber security resilience management for ships and mobile offshore units in operation”.

Cyber-security_people_720

Typical actions to build cyber security resilience in the improvement phase include:

  • Perform general/specialized training and incident response drills for crew and onshore staff
  • Implement a cyber security management system for your fleet
  • Implement technical barriers such as network segregation, USB control, virus scanning, secure local/remote access, and backup and recovery
  • Document vessel topology and SW/HW inventory
Cyber-security_access-improve_720

Cyber secure class notation

DNV’s Cyber secure class notation provides a framework for third-party verification of a vessel’s cyber resilience across people, process and technology barriers. It covers the IMO requirements as well as IACS unified requirements, and uses recognised IEC standards for easy industry uptake. The different levels are defined to ensure a suitable level of security controls and effort for you as an owner or manager, regardless of the segment or the vessel’s complexity:

Cyber security on board vessels and ashore_720x

 

SMS Cyber Security Quick Check

Test where you stand in regard to the IMO requirements on cyber security

 

On-demand webinar: Cyber security in the maritime industry – the ISM Code as another driver (March, 2020)

Request access to the webinar recording and presentation

 

Video: Cyber security awareness

Watch our 20 min video now - or even get the download link

 

Cyber security given priority in TMSA3

Read our topic related article in MARITIME IMPACT

 

E-learning: Maritime Cyber Security Awareness

Address your greatest cyber security vulnerability

 

Assessing cyber security risks is doubly imperative

Read our topic related article in MARITIME IMPACT

Overview of services relevant for owners and managers