Cyber security approval of components and systems

Certify your components or systems and secure digital services with DNV’s Cyber secure type approval and become compliant with IACS UR E27.

It is recognised that today’s software-based maritime and offshore control systems are increasingly being integrated, connected to Internet, remotely accessed and implemented by use of commercially available software and communication protocols. The drivers are e.g. optimization of performance, improved operations, reduced costs and regulatory compliance.

However, this comes with an increased cyber risk, as such technologies are more often susceptible to malicious codes and attacks.

What is cyber security type approval and why do it?

The “DNV-CP-0231 Cyber security capabilities of systems and components” type approval programme is a flexible certification regime that demonstrates the cyber security capabilities of on-board control and bridge systems.

IACS new Unified Requirements (UR E26 and UR E27) for cyber security will be mandatory from 1 st of January 2024. DNV already offer TA in accordance with the upcoming mandatory requirement.

Systems type approved in accordance with DNV rules edition July 2021 for class notation Cyber secure(Essential) will meet IACS UR E26 and E27. The TA-process will be amended with audit of relevant additional development activities in accordance with IACS UR E27 section 5.

By choosing this type approval class programme, manufacturers can demonstrate compliance with recognized security requirements. DNV type approval is based on the IEC 62443 standard for industrial automation and control systems as well as the IEC 61162-460 for navigation and communication systems. Securing control and bridge systems is especially important in today’s trends of Information Technology (IT) and Operational Technology (OT) connectivity and complexity, as well as the need for live updates on an asset’s status and the increase in cyber-criminal activities.

The type approval process follows the normal type approval process as given in DNV-CP-0231:

  1. Manufacturer selects the desired security profile
  2. Verification of security capabilities performed via document assessment
  3. Testing of security functions
  4. On successful completion, a certificate is issued

Your Benefits

With DNV’s Cyber security type approval, your products are certified to be cyber secure, and the foundation for digital value adding services is established:

  • Compliance with IACS UR E27, mandatory for new vessels contracted after 1st of January 2024
  • Reduced risk of down-time, negative publicity and cyber security incidents
  • Positive marketing by having an independent cyber security certification
  • Type approval of systems are pre-qualified installation on board vessels with DNV Cyber Secure Class Notation
  • Reduced scope of document approval in projects
  • Type approved systems facilitates more digital and additional value adding services such as e.g. condition-based maintenance and remote support
  • Increased security and quality of your products due to 3rd party verification based on recognised IEC standards