CYBER SAFETY AND SECURITY
MANAGING CYBER RISKS AT SEA
In today’s digital world, the majority of newbuilds, as well as many in-service vessels have connected and integrated on-board systems. While increased digitalization offers many advantages, it also leaves vessels vulnerable to cyber risks.
To establish vessel security and comply with international regulations and guidelines, ship owners and managers must develop and follow a cyber security risk management plan. Owners must further ensure that shipyards and equipment manufacturers have implemented relevant cyber security protections.
Developed collaboratively with marine stakeholders, Bureau Veritas’ rules and notations provide a comprehensive framework for cyber security. Our holistic approach covers organizational and technical measures, allowing ship owners to protect their assets, define expectations for shipyards and manufacturers, and comply with IMO and IACS cyber requirements.
CYBER MANAGED: CYBER SECURITY RISK MANAGEMENT
Owners of in-service vessels need to prepare for IMO Resolution MSC.428(98), which requires on-board safety management systems to integrate cyber security risk.
To help owners meet the January 1, 2021 deadline and develop a robust cyber risk management system, Bureau Veritas has developed CYBER MANAGED. This notation is based on our NR 659 Rules and applicable to all marine and offshore assets, whether BV-classed or otherwise.
We use a risk-based methodology and standardized framework to analyze onshore and offshore risk, assess its criticality and determine appropriate mitigation measures. Ship owners and contractors are requested to develop a complete map of IT and OT systems (Cyber Repository), high-level management principles (Cyber Policy) and detailed on-board procedures (Cyber Handbook).
CYBER SECURE: CYBER SECURITY BY DESIGN
For newbuilds, IACS’ Recommendation for Cyber Resilience (No 166) defines a set of cyber security goals for design and construction, as well as functional, technical and verification testing requirements.
Bureau Veritas’ CYBER SECURE notation ensures compliance with IACS cyber security guidelines, adding a “secure by design” layer to the procedural aspects covered by CYBER MANAGED. CYBER SECURE further includes requirements for the selection and hardening of on-board equipment. For manufacturers with sufficient equipment hardening, Bureau Veritas can provide a CYBER SECURE Type Approve Certificate.
THIRD PARTY RECOGNITION
Cyber security concerns a range of marine stakeholders: owners, operators, managers, yards, equipment manufacturers, remote service providers, system integrators, charterers, insurers and more.
Bureau Veritas’ rules and notations provide class-verified 3rd party recognition, defining the responsibilities of all stakeholders, offering clear guidance and impartial assurance that cyber security is managed across the shipping ecosystem.