Ensure cyber security compliance for your maritime products and systems.
Today’s advanced maritime and offshore control systems, built on comprehensive software and standard communication protocols, improve product quality, streamline development, and enable remote optimization. Benefits include:
- enhanced performance,
- reduced maintenance costs,
- boosted vendor revenue through value-added services,
- and enhanced appeal of their products.
Despite these benefits, the increased integration of such technologies exposes them to cyber threats, including malicious attacks and codes.
To address these vulnerabilities, the International Association of Classification Societies (IACS) is implementing new unified requirements (URs) for cyber security from July 1, 2024, increasing cyber-security requirements for yards and vendors. This has two main sets of rules: E26, which governs vessel design and operation for yards, designers and owners; and E27, which applies to essential onboard systems. These URs oblige owners, yards and suppliers to build cyber security barriers into their systems and vessels, and ship classification societies to verify it.
Opting for Cyber Security Type Approval (TA) simplifies and expediates the route to compliance for system suppliers. Some key benefits for system suppliers aiming to simplify vessel specific compliance include:
- Streamlined Certification: Simplifies the compliance pathway by minimizing the need for vessel-specific design approvals, which are often costly and time-consuming.
- Reduced Requirements: Eliminates the need for manufacturer surveys for Cyber Security, further simplifying the certification process.
- Faster Market Entry: Accelerates compliance efforts, enabling faster certification and quicker access to the market.
- Competitive Advantage: Transforms a regulatory requirement into an opportunity to gain a competitive edge in the market.
All essential and crucial systems on board must have a product certificate. This requirement covers class-scheme equipment like control systems and statutory-scheme systems including navigation, communication, and fire mitigation systems. As per IACS UR E26 [1.3.2] and DNV rules, the required systems include:
- Propulsion
- Steering
- Anchoring and Mooring
- Electrical Power Generation and Distribution
- Fire Detection and Extinguishing Systems
- Bilge and Ballast Systems, Loading Computer
- Watertight Integrity and Flooding Detection
- Lighting: Emergency lighting, low locations, navigation lights, etc.
- Safety Systems: Systems where disruption or impairment could pose risks to ship operations, such as emergency shutdown, cargo safety, pressure vessel safety, and gas detection systems.
- Navigational Systems: Required by statutory regulations.
- Communication Systems: Required by both class rules and statutory regulations.
DNV offers Type Approval as the recommended and most efficient method to meet the upcoming mandatory requirements for multi-vessel delivery. This approval simplifies product certification and reduces vessel-specific verification efforts.
Additionally, to prevent service interruptions and intellectual property theft, suppliers and manufacturers must secure their IT infrastructure. A cyber attack resulting in customer data leakage can severely damage a supplier's finances and reputation.
Steps for suppliers to build cyber security resilience and achieve compliance
Compliance with IACS UR E26 and 27:
DNV's Type Approval program provides a flexible and compliant approach, ensuring systems meet IACS unified requirements. This offers operators and managers confidence in the security of their services. Additionally, DNV offers third-party ship classification services. The program aligns with the following IEC standards:
- IEC 62443: For control and automation systems.
- IEC 61162-460: For navigation and communication systems.
Ensure cyber security in your system and infrastructure:
For systems and infrastructure, maintaining robust cyber security is crucial. Here's how to achieve that:
- Secure System Design:
- Develop secure systems and components to enhance the attractiveness of your products.
- Support yards and owners by ensuring vessels are safe and secure.
- Secure Remote Connections:
- Build trust with vessel operators by providing cyber-secure verifications.
- Offer value-adding digital services such as condition-based maintenance and remote support, enhancing vessel efficiency.
- Secure Manufacturing Infrastructure:
- Protect your information (IT) and operation (OT) systems to secure production and intellectual property.
- Adhere to best practices like ISO 27001 and NIST for cyber security.
- Train personnel, implement procedures, and establish technical safeguards, particularly if offering remote services that integrate your cloud services into customer operations.
Need support?
DNV has competent class-independent advisory and testing resources which can support you with broad industry coverage and a range of trainers, management system expertise and Certified Ethical Hackers, as well as with assessment, testing and improvement of cyber security barriers for your systems.