Strengthening Maritime Cyber Security in Modern Vessel Design and supply
As the maritime industry continues to advance, the integration and connectivity of vessel systems have become more complex and essential to its functionality. This evolution demands rigorous adherence to cyber security measures. From July 1, 2024, compliance with the new IACS Unified Requirements for cyber security (UR E26 and UR E27) will be mandatory, reinforcing the importance of cyber-resilience throughout the vessel design and construction process.
Key considerations for yards and manufacturers include:
- System Integration and Connectivity: Ensuring that network topologies and remote connections are designed with security as a cornerstone.
- Manufacturer Selection: Choosing partners not only for their technological prowess but also for their commitment to cyber security standards.
- Dual Focus on Security and Safety: Balancing the prevention of intentional cyber attacks with the management of software lifecycle and quality through standards like DNV's ISDS.
It is also critical for yards to secure their own IT infrastructure to prevent disruptions and safeguard intellectual property. This holistic approach will ensure that new vessels are not only functionally advanced but also robust in their defence against cyber threats.
Recommended steps for yards to build cyber security resilience
Secure Yard Infrastructure: It is crucial for yards to protect their own information (IT) and operation (OT) systems to safeguard production and the intellectual property rights of innovative designs. We advise yards to adhere to best practices in cyber security, such as the ISO 27001, NIST Cyber Security Framework for IT, and the IEC 62443 standard for OT systems. These standards help to align IT and OT security efforts, enhancing overall effectiveness. Additionally, training personnel, implementing robust procedures, and installing technical barriers are essential to maintaining a secure infrastructure.
Compliance with IACS UR E26 and E27 using DNV cyber secure rules and class notation
- Secure Vessel Design: Adhere to applicable cyber security rules and standards in your vessel design to ensure compliance and enhance security. This strategic approach not only meets regulatory demands but also leverages new digital technologies to future-proof your vessel designs.
- Procure Cyber-Secure Parts and Components: When ordering parts and components, choose suppliers that meet cyber security product certification standards. This ensures that all parts used in your vessels are verified for security, supporting overall system integrity.
- Integrate Suppliers Securely: Implementing cyber security in new vessel designs requires seamless coordination between shipyards and key suppliers of software-based control systems. Establish clear security specifications for manufacturers and suppliers to streamline integration, reduce costs, and boost security.
- DNV’s Flexible Framework: DNV offers a flexible cyber secure framework suitable for various levels of vessel complexity. It aligns with globally recognized IEC standards (IEC62443 for control and automation systems, and IEC61162-460 for navigation and communication systems) ensuring compliance with IACS cyber security requirements.
Need support?
DNV offers robust, class-independent advisory and testing services to address your cybersecurity needs. Our team, including Certified Ethical Hackers and experts in management systems, provides broad industry coverage and comprehensive support. We can assist with:
- Cybersecurity assessments, testing, and improvements for your systems.
- Gap assessments and strategic preparations for yards, suppliers, and owners.
- Assessment, testing and improvement of cyber security barriers for your systems.