Bureau Veritas supports cybersecurity for inland navigation
Between 2019 and 2022, cyberattacks against all global industries quintupled. Inland navigation vessels, operating in proximity to urban areas, are highly vulnerable to such cybersecurity threats. For shipowners, implementing cyber safety and security measures on these vessels is a non-negotiable step to protect their business and assets.
The European Committee for drawing up Standards in the field of Inland Navigation (CESNI) has published a highly valuable best practice guide on cybersecurity in inland navigation ports. It provides an accessible framework for European inland ports of any size or location. With this publication, CESNI aims to give port stakeholders a deeper understanding of cybersecurity risks, threats, mitigation measures and best practices.
The three key points of CESNI’s guide
- Outlining the cybersecurity threat landscape of inland navigation ports, including threat actors, port assets, threat taxonomy and attack scenarios
- Mitigating cybersecurity risks for inland navigation ports, including around 120 tailored mitigation actions to reduce cybersecurity risks for ports
- Guiding the implementation of risk mitigation measures, including tips for actionable security hygiene measures for IT and non-IT stakeholders
Class support for inland vessel cybersecurity
Tackling cyber risks effectively calls for a comprehensive approach for newbuild and in-service inland vessels alike. At Bureau Veritas, we take cybersecurity risk management seriously and have developed a framework for cybersecurity based on our NR 659 Rules. This enables us to identify critical onboard equipment and propose organizational, technical and procedural measures to reduce cyber risk to an acceptable level.
For in-service inland vessels this means:
- Developing a complete inventory of connected onboard and offshore systems, networks and equipment
- Undergoing cyber risk analysis to identify systems and equipment vulnerable to cyber attacks
- Defining and implementing a comprehensive cybersecurity policy or management plan that is valid for the whole fleet
- Putting into practice effective organizational and technical procedures
Whereas for newbuilds it means:
- Constructing vessels that are cybersecure by design
- Selecting cyber-hardened equipment, solutions and services
- Ensuring shipyards undertake every relevant cybersecurity measure during the vessel’s construction
Our Rules help achieve compliance with IMO Resolution MSC.(428)98 and the IACS Unified Requirements (UR) E26 and E27. Though only applicable to seagoing vessels, these URs nonetheless provide a strong and recognized basis. Inland vessel owners may find it helpful to implement their requirements.
Support throughout your cybersecurity journey
Bureau Veritas stands by inland vessel owners’ side to guide them through each step of the ongoing journey to prepare their vessels to face cyber incidents or attacks without major operational disruptions.
We support owners in mapping a complete overview of their connected IT/OT systems so that they can gain a better understanding of the potential surface of attack open to hackers. Further to this, we help owners evaluate the criticality level of their equipment and assess potential mitigation measures. Our approach is holistic: we guide inland vessel owners to create a cyber risk management policy for their whole fleet that addresses rules, roles and responsibilities.
As inland navigation embraces the benefits and adjusts to the challenges of increased connectivity, we are committed to helping owners implement robust security standards.