New cyber health check tool evaluates vulnerabilities throughout a ship’s lifecycle
Connected systems and cloud-based web applications have become instrumental in improving ship performance. While the benefits are undeniable, the very connectivity of these systems increases their vulnerability to cyber attacks.
Ships have already been the target of ransomware and malware attacks that have cost vessel owners time, money and credibility. The threats are constantly evolving, and shipowners need to maintain a defensive stance throughout their vessels’ lifecycles.
CHART, by Bureau Veritas, helps address these challenges by providing a comprehensive audit of a vessel’s OT/IT architecture, comprising its networks, equipment, security mechanisms and interconnections. The tool can be used at specific times during a vessel’s lifetime to give shipowners a better understanding of their digital assets, and if required, to recommend mitigation measures.
Drawing on BV’s comprehensive knowledge of the cyber security ecosystem, CHART is an additional tool in the range of what BV can provide shipowners to comply with IMO Resolution MSC.428 (98), which requires them to implement effective cyber risk management on their vessels and demonstrate it in their safety management systems. Flag authorities worldwide scrutinise vessels for compliance with this regulation, and while the approach may vary from country to country, certain requirements are universal, including the creation of a management plan detailing the basic measures used to meet cyber security rules.
Moreover, owners should have monitoring and reporting systems in place to chart incidents together with any corrective and preventive actions implemented. Most flags also require audits and specify the need for a clear division of responsibilities among onboard and onshore personnel.
CHART complements BV’s rules and notations on cybersecurity, providing the industry with a tool that ensures OT/IT architectures are correctly identified, and pinpoints existing vulnerabilities. To provide confirmation of measures taken by shipowners, BV has developed three cyber security notations that cover the full range of organisational and technical solutions they put in place:
CYBER MANAGED is an additional Class Notation that confirms shipowners and contractors have developed a complete map of IT and OT systems, undertaken a risk assessment, implemented mitigation measures, incorporated high-level management principles, and developed detailed onboard procedures.
CYBER RESILIENT is an additional Class Notation which guarantees, as of today, a vessel’s compliance with the upcoming Unified Requirement (UR) E26 from IACS that will enter into force for all contracts signed after January 1, 2024. UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning, and operational life of the ship. It covers five key aspects: equipment identification, protection, attack detection, response and recovery.
CYBER SECURE also guarantees compliance with the upcoming Unified Requirement (UR) E26 but adds stringent requirements, making it the additional Class Notation chosen by pioneer owners, and designed for a new generation of hyper-connected vessels, autonomous vessels and military vessels.
CHART represents BV’s most recent effort to support shipowners with technical expertise on the cyber security ecosystem and in-depth knowledge of the highest industry standards. This helps the industry progress on its digital resilience journey with the confidence that the right safeguards are always in place to protect their systems and critical data.