(With link to video) Classification society DNV GL is to release its first class notations to help ship owners and operators protect their assets from cyber security incidents.

The new class notations – Cyber secure – help owners and operators protect vital systems from cyber security threats. They will be published on the DNV GL rules page on 1 July 2018.

'All Programmable Components Are Theoretically Vulnerable'

'Whether in machinery, navigation or communication systems, programmable control systems are a longstanding and essential part of ships and offshore units, but the increasing integration and connectivity of these systems represents an ever-larger target for cyber-security threats,' said Knut Ørbeck-Nilssen, CEO of DNV GL – Maritime.

'As all programmable components are theoretically vulnerable to cyber security threats, we have set out, with the new Cyber secure class notations, to offer owners and operators a framework to improve and demonstrate their cyber resilience.'

Cyber Secure Class Notations

The Cyber secure class notations have three different qualifiers: Basic, Advanced and +. Basic is primarily intended for ships in operation, while Advanced has been designed to be applied throughout the newbuilding process, with requirements for asset owners and operators, system integrators (for example yards), and equipment manufacturers. The Basic and Advanced qualifiers cover a number of essential systems, including propulsion, steering, navigation, and power generation.

The third qualifier, +, is intended for systems that are not part of the default scope of Basic/Advanced. This gives owners and operators the flexibility to identify the threats, assess and secure extra systems which are of particular importance to their operations.

The Cyber secure class notations build on DNV GL’s Recommended Practice (DNVGL-RP-0496) on cyber security and extends to the cyber security assessment of control system components type approval programme DNVGL-CP-0231, with which makers can now demonstrate the security of their systems through an independent verification process.

Cyber Risk Training

Through its Maritime Academy, DNV GL also offers both classroom training and e-learning modules aimed at developing customised working cyber risk management methodologies and increasing the awareness for cyber security related issues among crews and shore staff.

The organisation can also measure the awareness level of crews and shore staff via penetration testing, which is offered not only on the technical level (penetration testing of business networks, computers and onboard machines) but also at the human level. Using social engineering techniques, the organisation can design friendly phishing campaigns, helping customers understand the awareness levels within their company and fine-tune the level and frequency of cyber awareness training.

Building Awareness

DNV GL recently worked with the P&I Club Gard on a video to build awareness and competence among crews and others. It focuses on daily tasks and routines, and aims to de-mystify the cyber security issue as well as providing concrete recommendations on how to prevent cyber incidents. Watch the video on the DNV GL website.