Cyber security threats have grown in reach and complexity. As a consequence, cyber security has become a concern and should be considered as an integral part of the overall safety management in shipping and offshore operations. With multifaceted vulnerabilities and cyber-attack scenarios (intended or unintended), the answer to cyber security lies in a multifaceted approach to manage risks.
DNV GL uses a systematic approach to assess the cyber security of vessels and their interaction with land-based management. Best practices from risk management in oil & gas, maritime and energy applications come together to identify threats and build counter-strategies, looking at both technical and behavioural aspects.
Proven cyber security management approaches look at:
- Raising the awareness of all stakeholders, including onshore personnel and offshore crews
- Assessing and implementing defensive and reactive countermeasures
- Monitoring and reviewing effectiveness and robustness of barriers, emphasising continuous improvement
Our approaches address information technology (IT) as well as the industry-specific operational technology (OT) systems. Our range of services and solutions include:
- Recommended practice “Cyber security Resilience Management (for ships and mobile offshore units in operation)”: To guide owners, managers and operators of ships or mobile offshore units towards enhanced cyber security of their assets.
- Cyber security assessment: Our interdisciplinary teams engage with your onshore personnel and offshore crews to identify and address your cyber security risks via various levels of assessment; starting with a high-level self-assessment through an App on MyDNVGL, to more detailed assessments tailored to your specific business risks.
- Cyber security enhancement – Based on a systematic assessment, we help you efficiently close cyber security gaps by supporting the development of improvement plans, looking at systems, the human factor and management procedures.
- Penetration testing – Testing the robustness of your barriers is essential to ensure that your assets are secure. Our penetration testing offer comprehensive and effective validation of your systems and procedures.
- Verification for newbuilds - We provide third-party verification of cyber security requirements throughout the newbuild project life cycle and issue a letter of compliance (LOC).
- Verification for ships in operation - We provide an assessment of your vessel’s on-board cyber security and issue a LOC.
- Training – Our classroom training covers management, technical and hacking lessons. Our e-learning solution can be performed on board or in the office, so your crews can address pivotal aspects of any cyber security system – covering the human factor.
- ISO/IEC 27001 preparedness – DNV GL Maritime assesses the existing documentation to help you prepare for certification.
- Certification – DNV GL Business Assurance certify against ISO/IEC 27001 and ISO 22301. (Note that certification will limit the possibility for provision of consulting services).
Be on the safe side of cyber security with DNV GL:
- Combining traditional IT security best practices with in-depth understanding of maritime operations and industrial automated control systems
- Local and international experts draw on extensive knowledge and experience in cyber security risk management, maritime operations and the human factor
- All testing and recommended mitigation measures are tailored to specific maritime needs