Cyber security for in-service vessel
In-service vessels are a prime target for cyber attacks, due to their often limited layers of technical and operational cyber protection. Increasing cyber safety and security measures is non-negotiable for ship owners looking to avoid cyber interference and its dangerous and expensive consequences.
Bureau Veritas has developed a comprehensive cyber security framework for in-service vessels that helps owners protect their ships and comply with cyber security regulations. By working with our subsidiary, Bureau Veritas Solutions – Marine & Offshore, owners can develop and implement a customized cyber security management system. Bureau Veritas’ experts then use key classification rules to verify the proper implementation of cyber security measures and assess vessel compliance.
To begin their cyber security journey, ship owners must develop a complete inventory of at-risk systems. This inventory covers all onboard and some onshore Operation Technology (OT) and Information Technology (IT) systems and equipment. BV Solutions M&O supports owners in mapping a holistic overview of their connected systems, paving the way for a better understanding of potential risk areas.
Following the mapping of IT and OT systems, in-service vessels should undergo a cyber risk analysis that assesses threats and vulnerable areas. BV Solutions M&O can help owners determine relevant risks, evaluate equipment vulnerability to attack, and assess mitigation measures to be applied.
Once a cyber risk analysis has been conducted, ship owners can develop a cyber policy and procedures for cyber risk management tailored to their in-service vessel. BV Solutions M&O supports owners in creating a cyber policy that addresses onboard cyber security rules and defines crewmembers’ roles and responsibilities, in accordance with the International Safety Management (ISM) Code.
In-service vessels must comply with IMO Resolution MSC.428 (98) which requires ships to include cyber risk management in their safety management systems. Bureau Veritas helps owners of in-service vessels verify compliance with IMO regulations, ensuring that all aspects of their cyber risk management system have been properly implemented.
Owners of in-service vessels who have successfully developed a cyber risk management system using a risk-based methodology can earn Bureau Veritas’ CYBER MANAGED class notation. This notation proves that in-service vessels are compliant with IMO regulations, so ships can continue sailing safely worldwide.