The following is text of a news release from DNV GL:
(ATHENS, Greece) — At the Posidonia trade fair Thursday, classification society DNV GL announced the release of its first class notations to help shipowners and operators protect their assets from cybersecurity incidents. The new class notations – Cyber secure – help owners and operators protect vital systems from cybersecurity threats. They will be published on the DNV GL rules page on July 1.
“Whether in machinery, navigation or communication systems, programmable control systems are a longstanding and essential part of ships and offshore units, but the increasing integration and connectivity of these systems represents an ever-larger target for cyber-security threats,” said Knut Orbeck-Nilssen, CEO of DNV GL-Maritime. “As all programmable components are theoretically vulnerable to cybersecurity threats we have set out, with the new Cyber secure class notations, to offer owners and operators a framework to improve and demonstrate their cyber resilience.”
The Cyber secure class notations have three different qualifiers: Basic, Advanced and +. Basic is primarily intended for ships in operation, while Advanced has been designed to be applied throughout the newbuilding process, with requirements for asset owners and operators, system integrators (e.g. yards), and equipment manufacturers. The Basic and Advanced qualifiers cover a number of essential systems, including propulsion, steering, navigation, and power generation. The third qualifier, +, is intended for systems that are not part of the default scope of Basic/Advanced. This gives owners and operators the flexibility to identify the threats, assess, and secure extra systems which are of particular importance to their operations.
The Cyber secure class notations build on DNV GL’s Recommended Practice (DNVGL-RP-0496) on cybersecurity and extends to the cybersecurity assessment of control system components type approval program DNVGL-CP-0231, with which makers can now demonstrate the security of their systems through an independent verification process.
DNV GL has also developed a wide range of services in close collaboration with several major shipowners aimed at enhancing the cybersecurity of their assets. Through its Maritime Academy, DNV GL offers both classroom training and e-learning modules aimed at developing customized working cyber-risk management methodologies and increasing the awareness for cybersecurity related issues among crews and shore staff. DNV GL also helps customers measure the awareness level of crews and shore staff via penetration testing, which is offered not only on the technical level (penetration testing of business networks, computers and onboard machines) but also at the human level. Using social engineering techniques DNV GL can design friendly phishing campaigns, helping customers understand the awareness levels within their company and fine-tune the level and frequency of cyberawareness training.
In addition, DNV GL recently worked with the P&I Club Gard on a video to build awareness and competence among crews and others. It focuses on daily tasks and routines, and aims to de-mystify the cybersecurity issue as well as providing concrete recommendations on how to prevent cyberincidents. The video can be found here: dnvgl.com/csvideo.