An end-to-end ecosystem for cyber security

Cyber attacks have become an omnipresent risk to industries, as more digitalized and connected assets come online and into service. The marine industry is no exception, with high-profile cybercrimes already successfully perpetrated against shipping companies.

To shield vessels from the rising tide of cyber attacks, the International Maritime Organization (IMO) adopted Resolution MSC.428 (98). This first step requires ship owners to develop and implement onboard cyber safety and security procedures and mitigation measures into their safety management systems. They have until January 1, 2021 to comply.

Achieving this will require a joint effort from marine stakeholders along the value chain to create a cyber security ecosystem. But what does that system look like, and how can it be achieved?

Introducing the players

Many organizations will be involved in building a comprehensive cyber security ecosystem, from ship design and construction to assessment and operations.

• Ship owners and operators ensure that all vessels are equipped with a cyber risk management system and corresponding documentation compliant with IMO Resolution MSC.428 (98) and the International Safety Management Code.
• Shipyards deliver newbuilds prepared for compliance with IMO Resolution MSC. 428 (98), and IACS Recommendation 166. Shipyards will also likely need to ensure the secure integration of connected equipment onboard in the future.
• Marine equipment manufacturers provide secure design for marine equipment to be installed onboard, including hardened software components.
• Cyber solution providers develop security solutions for connected assets, including cleaning stations, endpoint monitoring, encryption and IT/OT secured infrastructure.
• Cyber service providers offer proactive solutions to help ship operators reduce cyber risks, including training, intelligence on potential threats, 24-hour monitoring and incidence response services.
• Marine insurers help clearly determine the level of cyber risk onboard, in order to include cyber security in insurance policies.

Supporting the ecosystem

Several organizations are crucial to supporting the development of a cyber ecosystem.

Flag states – and classification societies, when acting as a recognized organization on a flag state’s behalf – engage with ship operators at a local level. They verify that proper cyber security measures have been implemented and are being maintained within the statutory framework.

Classification societies are also continuously updating their rules to ensure vessel compliance with the regulatory framework, offering technical guidance and providing independent and third party review. Finally, industry associations represent the interests of groups of ship owners, yards and equipment manufacturers, helping members work with both the IACS and the IMO to develop a set of requirements and regulations.

Connecting the dots

Partnerships and joint projects will be key to developing a cyber ecosystem, bringing together industry players to share expertise and build new solutions for minimizing cyber risk.

Bureau Veritas is already working with equipment providers and service providers to create the cyber security world of tomorrow. We chair the IACS cyber panel, which aims to make cyber rules uniform across classification societies and are a member of France Cyber Maritime.

Our experts work proactively with cyber security stakeholders worldwide, providing technology assessment and approval. In Greece, for example, we recently awarded type approval certification to IQ Solutions’ VCell technology, a fully integrated ITC solution.

With several other projects underway, including future unmanned and autonomous vessels, Bureau Veritas is looking forward to playing its part as a trusted partner in helping stakeholders achieve compliance with cyber security best practices.