(HELSINKI) — The technology group Wartsila has been awarded Lloyd’s Register (LR) system-level cybercertification for its network architecture relating to Wartsila’s integrated main and auxiliary machinery. The LR’s ShipRight SAFE AL2 certification, which is with Wartsila’s Data Collection Unit (WDCU), gives approval in principle (AiP) for the entire Wärtsilä integrated system network, rather than for any individual component. The certification is one of the first of its kind to be awarded globally.
At a time when information and operational technologies onboard ships are being networked together, building resilience against unauthorised access, software failures or attacks on ships’ systems has become a top priority. The LR certification is, therefore, highly relevant for Wartsila’s Data Collection Unit, which as part of Wartsila’s Data Bridge solution, is used to gather and transfer operational data to the cloud for remote monitoring. Data Bridge is a data platform developed by Wartsila to enable advanced analytics that provide insight into a vessel’s performance. This in turn unlocks the potential for enhancing even further the vessel’s operational and technical efficiency.
The ShipRight procedure defines an accessibility level (AL) for autonomous or remote access to the system, in this case meaning cyberaccess for remote or autonomous monitoring. It particularly takes into account digitally-enabled systems having remote access to onboard data. Mandatory within the AiP is a cybersecurity risk assessment of the complete onboard integrated operational system.
Lloyd’s Register defines "cyber-enabled" systems as those systems installed on board ships that have traditionally been controlled by the ship’s crew, but which nowadays include the capability to be monitored, or monitored and controlled, either remotely or autonomously with or without a crew on board. The level of cyber-risk varies from system to system, and mitigation actions need to be made appropriately.
The International Maritime Organization (IMO), in its Resolution MSC.428(98), has announced that by Jan. 1, 2021 maritime administrators must have appropriately addressed cybersecurity risks in their safety management systems (SMS). Guidance and standards on how these cybersecurity risk controls shall be built is currently defined by classification societies. For operational technology (OT) systems that provide highly integrated solutions to most of the world’s marine industry today, Wartsila aligns in most cases with the security standard IEC 62443, as laid out by the International Electrotechnical Commission, for industrial automation and control systems, which has been developed by a global network of experts from all industry sectors
Wartsila’s Smart Marine Ecosystem approach utilises smart technologies within the areas of digitalisation, connectivity, and data exchange to create greater levels of efficiency, safety, and environmental performance. Understanding and effectively dealing with potential cybersecurity risks introduces a level of safety that adds value to the implementation of these new technologies and ways of working.