Surge in Ships Seeking Cybersecurity Classification
A leading offshore safety and verification body has reported a rapid rise in the number of ships seeking to gain a cybersecurity classification.
Ship classification society Bureau Veritas Marine & Offshore (BV) says it has seen a surge in the number of ships applying for its "Cyber Managed" notation. The notation is based on BV's rule NR659 on cybersecurity for the classification of marine units, which was co-developed with marine security experts.
To be awarded a "Cyber Managed" class notation, ships must show that their design, construction, commissioning, and maintenance of onboard computer-based systems are in line with existing cybersecurity best practices and standards, such as IMO MSC-Fal 1-Circ3, NIST, and BIMCO.
A BV spokesperson said: "Cyber Managed works because it is based on a security risk assessment developed from an initial mapping of onboard systems that results in a practical set of requirements.
"The initial risk analysis and mapping exercise can be performed either during the newbuilding phase or at any time during the lifecycle of the vessel. As such, the notation is applicable to both new and existing ships."
As part of the risk assessment process, all the ship's onboard handbook and onshore security policies are reviewed by BV. Vessels are then surveyed to ensure that the documentation they supplied accurately reflects the condition of the hardware installed.
The notation doesn't require new equipment to be fitted to the ship, but rather it works by mitigating risk through protecting remote access and network connections. This can often be achieved through software updates.
According to BV, shipowners in Greece have been pioneers in applying the notation, which is now gaining traction across the entire maritime ecosystem with other shipowners, ship managers, charterers, insurers, and offshore operators. By the end of January 2020, BV predicts that more than 100 ships will be operating under the "Cyber Managed" notation.
"We see that shipowners are willing to invest in ensuring they are addressing cyber-risks, and their charterers are increasingly interested as well," said Paillette Palaiologou, vice president for the Hellenic Black Sea & Adriatic Zone, Bureau Veritas.
"We are seeing interest from insurers as well—and that this notation can be expected to be a factor in the response of underwriters’ assessment of risk."
Source: Information Security Magazine