Make sure your products and systems are not exposed to cyber risks
Today’s advanced maritime and offshore control systems are comprehensive software-based systems using commercial software and standard communication protocols that entail cyber risks.
IACS new Unified Requirements (UR E26 and UR E27) for cyber security will be mandatory from 1st of January 2024. DNV already offer Type Apporval in accordance with the upcoming mandatory requirement.
Comprehensive control systems ensure advanced products with high-quality systems and correspondingly less development costs with fewer delays. Moreover, remote connections are used to optimize products, improve operation and reduce maintenance costs, and they allow vendors to offer value-adding services to increase revenue and the attractiveness of their products.
However, these come with cyber risk, as such technologies are more often susceptible to malicious codes and attacks.
In addition, suppliers and manufacturers need to focus on a secure IT infrastructure to avoid service interruption and the theft of their IP rights. A hack of a service supplier with the corresponding leak of customer data can have a detrimental impact on the supplier’s finances and reputation.
Recommended steps for suppliers in building cyber security resilience
Secure system design: Design and manufacture secure systems and components to make your products more attractive and to support yards and owners in constructing and operating safe and secure vessels.
Secure remote connection of additional value-adding services: Provide trust to vessel operators and managers with cyber secure system verification and open the possibility for more value-adding digital services from vendors, such as condition-based maintenance, remote maintenance, backup and recovery and more. These all support more efficient vessel operation.
- DNV’s rules for Cyber secure type approval offer a flexible framework for different levels of system verification well aligned with recognized IEC standards (IEC62443 for control and automation systems, and IEC61162-460 for navigation and communication systems), and compliant with IACS unified requirements. It provides assurance to operators and managers that their services are built on secure solutions. In addition to the third-party ship classification services, DNV’s class-independent advisory and testing units can also support you with assessment, testing and improvement of cyber security barriers.
Secure manufacturing infrastructure: As a manufacturer, you have your own information (IT) and control (OT) system infrastructure. This should be cyber secure in order to safeguard production and intellectual property (IP) rights of innovative designs and solutions. We recommend your IT follow best practice cyber security using recognized standards such as ISO 27001 and NIST. Personnel should be trained, procedures should be implemented, and technical barriers should be in place. This is especially important if you are considering offering remote services to your customers in which your cloud services become part of their operation.
- DNV has competent class-independent advisory and testing resources which can support you in this task with broad industry coverage and a range of trainers, management system expertise and Certified Ethical Hackers.