CHART by Bureau Veritas
Since 2019, cyber events have increased more than fivefold. As modern ships use increasingly connected digital systems to improve their operations and business, owners must take action to ensure these integral features remain uncompromised. Bureau Veritas has developed CHART, a cyber health analysis report tool, to help them gain visibility on cyber risks.
What are the challenges of maintaining cyber security resilience?
We place a lot of confidence in digital ecosystems and tools – sometimes without a complete technical understanding and awareness. When these tools are key to the operation of a ship, and a business, owners have to feel confidence on certain key points:
- Is the design actually resilient and ready for any real-world threat?
- Is the maintenance routine sufficiently thorough?
- Is the ship digital system open to any vulnerabilities?
The consequences of any cyber security breach can be devastating, so it is vital that owners can maintain visibility over their systems.
Cyber Security Analyst
Bureau Veritas M&O
We have received really positive feedback on CHART by Bureau Veritas. I’m confident in its ability to accurately assess the compliance of future IoT/IT architectures, and help shipyards and ship owners become more cyber resilient.
What is CHART by Bureau Veritas?
Our internally developed cyber health analysis report tool, CHART by Bureau Veritas can be used at any point in a ship’s life to assess vulnerabilities. Simply, CHART has been developed to bring ship owners confidence when faced with a complex and unfamiliar journey. Bureau Veritas has drawn on its comprehensive knowledge of the cyber security ecosystem to create this support.
Designed in collaboration with marine stakeholders, and drawing from Bureau Veritas’ extensive experience in cyber resilience matters, this new tool can:
Conduct a comprehensive audit of ship OT/IT architecture
CHART by Bureau Veritas provides both an enhanced view digital architecture, and a detailed cyber security health check report that identifies vulnerabilities
CHART by Bureau Veritas delivers a clear overview of existing vulnerabilities, enhanced with appropriate mitigation measures.
Help comply with standards
CHART by Bureau Veritas can also assist in compliance with IMO Resolution MSC.428 (98), which requires the implementation an effective ship cyber risk management procedure. By logging both incidents and preventative actions, CHART can satisfy most Flag requirements for cyber security measures.
What cyber security risks do vessels face?
The addition of connected systems, including cloud based or remote management technology, improve ship efficiency and processes, but open the door to potential interference.
The more digitally connected a vessel is, the greater the potential surface of attack it provides for cybersecurity criminal activity.
This problem is exacerbated when we consider the long intended life span of a ship. You might reasonably expect a smartphone or laptop to remain secure and updated for a couple of years, but a ship should last for decades. Cyber security features onboard can become outmoded long before the ship itself does. Maintaining cyber resilience is therefore a far more intensive task than many may anticipate.
The issue is a crucial one. Cyber security incidents can put the vessel, cargo, operations and even lives at risk. Maintaining security must therefore be a priority for owners.
Does my ship need to achieve regulatory compliance for cyber security?
Absolutely yes! New regulation will come into effect in 2024, and the earlier owners are prepared, the better. As of 2024, IACS unified Requirements (UR) E26 and E27 will apply to new build ships and contracts on or after 1 January, and require the implementation of technical cybersecurity protections.
The two IACS URs are:
- UR E26, aiming to ensure cyber resilience by design for vessels
- UR E27, requiring cyber resilience by design of all systems and equipment onboard
Ship owners will need to call upon experts to audit their networks and equipment to make sure they are implemented correctly. From these audits, they will be able to find a pathway to compliance if they are not already on track.
How do I know if my ship is vulnerable to cyber attacks?
The only way to be sure is to maintain constant vigilance. Daily cyber vulnerability reviews are needed, even if a ship’s digital architecture implements cybersecurity controls.
CHART by Bureau Veritas helps make this simpler by delivering a clear initial overview of existing vulnerabilities in the ship’s digital ecosystem. CHART can also be used to take steps towards a more resilient system, with suggested mitigation methods accompanying the report.