CHART by BUREAU VERITAS: a tool to assess a vessel’s cyber resilience

Technology moves fast. In 2023, your phone is a mini-computer, your house talks back to you, and your fridge orders its own groceries. This same wave of digitalization has come for the shipping industry, with vessels integrating more digital systems onboard every year.

While greater digitalization is making ships more efficient, it also dramatically increases the surface of attack for cybercrime. Across industries, cyberattacks quintupled between 2019 and 2022—and ships, which carry 90% of global trade, will inevitably become targets for hackers. IMO Resolution MSC.428(98), which came into force January 1, 2021, was a first direct response to cyber threats faced by shipowners worldwide.

For owners, protecting vessels from cyberattack is now both a good business investment and a matter of compliance. But this is easier said than done.

“Security features that were up-to-date when a ship first sets sail may be obsolete within months”, says Philippe Vaquer, Head of Cyber Security at Bureau Veritas. “Cyber vulnerabilities must be carefully monitored and successfully minimized, despite their potential complexity.”

CHARTing a course to cyber security

To help shipowners comply with cyber security requirements, Bureau Veritas has developed CHART by Bureau Veritas – our Cyber Health Analysis Report Tool. Shipowners can use CHART by Bureau Veritas at any point in a vessel’s lifecycle to map a ship’s digital architecture, assess vulnerabilities, and achieve compliance.

• Vessel audit: CHART by Bureau Veritas ensures shipowners possess a correct overview of a vessel’s digital architecture, ensuring shipowners know exactly what is onboard. This covers information technology (IT) and operational technology (OT) systems, equipment, networks, as well as security mechanisms, and points of interconnection.
• Vulnerability assessment: When connected to the vessel, CHART by Bureau Veritas identifies existing vulnerabilities in digital systems by listening and scanning its networks while collecting relevant data. Based on this analysis, Bureau Veritas can recommend mitigation measures to protect the ship from future cyberattacks.
• Compliance check:  Ensuring the accuracy of the digital assets inventory and knowledge of their vulnerabilities, CHART by Bureau Veritas can be used to verify compliance with IMO Resolution MSC.428(98), and to address requirements from Flag states or the International Association of Classification Societies (IACS).

The value of ongoing cyber security

When it comes to cyber security, shipowners need to play the long game. Depending on vessel type, ships may be on the water up to 30 years. Meanwhile, cyber attackers are constantly updating their techniques and searching for new vulnerabilities. This means that a ship’s cyber health is a question of ongoing analysis and improvement.

“Marine equipment has a long lifecycle,” says Philippe Vaquer. “That’s why a tool like CHART by Bureau Veritas is extremely useful to shipowners. Whenever required, it can take a snapshot of ship networks, finding vulnerabilities and inconsistencies so they can be fixed and made compliant with regulatory systems.”

This is crucial to futureproofing the shipping industry. “We designed CHART by Bureau Veritas to protect vessels – their operations, their cargo, their data – for the long-term,” Philippe notes. “By applying our technical expertise to cyber security, our experts can help shipowners improve their fleets’ digital resilience and safeguard their business.”