Cyber safety and security

A holistic, risk-based approach to asset protection

Most ships and offshore assets today have remotely accessible and digitally connected onboard and onshore systems. Increased levels of digitalization are providing key benefits to owners and operations, improving operational efficiency and asset monitoring. But they can also leave assets vulnerable to cyber attacks and cyber crime.

To protect their assets, ship owners and offshore operators must understand the scope of cyber risk for their units and develop clear cyber security and safety procedures. This is formally formally affirmed by the IMO in the MSC 428(98), and shipowners, have thereby to demonstrate that cyber risks are taken care of in their safety and security management practices.

As a next step, maritime stakeholders will also need to go beyond cyber risk management and ensure cyber security by design of their assets or equipments. To that effect, IACS has issued Recommendation 166, providing guidance on how to achieve such cyber security by design.

Cyber approach explained in a drawing

 

BV SOLUTIONS M&O HAS A IN-DEPTH UNDERSTANDING OF THESE IMO REGULATION AND IACS REQUIREMENTS. 

Leveraging the compliance framework developed by BUREAU VERITAS in the form of CYBER MANAGED Class Notation, we have developed bespoke templates, tools and training materials to guide owners through the complete mapping of onboard systems and key risk assessments. Our experts can further develop all the documentation, policies and procedures required to rollout an efficient cyber risk management system and thus be ready for 2021 Cyber ISM requirements.

Finally, working within the CYBER SECURE Class Notation framework , BV Solutions M&O experts can also provide the relevant technical assistance to get prepared for cybersecurity by design, as well as to rollout penetration testing when relevant.

Complying with IMO regulations

COMPLYING WITH IMO REGULATIONS

As of January 1, 2020, IMO’s ISM code requires all onboard safety management systems to integrate cyber risk. The methodology provided in Bureau Veritas’ comprehensive rules, NR 659, enables owners to manage cyber risk, strengthen onboard procedures and protect equipment. Developed collaboratively with marine stakeholders, these rules provide a framework for creating a cyber risk management system.

Creating cyber security procedures

CREATING CYBER SECURITY PROCEDURES

Following a comprehensive cyber risk assessment of asset systems, BV Solutions M&O experts can prepare all necessary cyber management policies and procedures for day-to-day operations.

Laptop in front of a shipyard

STAFF & CREW TRAINING

BVS eAcademy platform provides training sessions to crew and employees that explain cyber security and safety procedures and clarify the roles of personnel.

PREPARING ASSETS FOR CYBER SECURITY CLASS NOTATIONS

Once BV Solutions M&O has developed a complete set of cyber security documentation, owners can submit their papers to classification societies for approval. If cyber security principles are properly implemented onboard and onshore, the vessel can be granted an 1st tier additional Class Notations, such as Bureau Veritas’ CYBER MANAGED.

Going beyond cybersecurity risk management, BV Solutions M&O can also support maritime stakeholders to prepare for the next step of cybersecurity – “cybersecurity by design”, this time aiming at the 2nd tier additional Class Notations, such as BV’s CYBER SECURE.

Typically, BV Solutions M&O can: 

  • Support equipment provider with hardening of their systems
  • Support procurement and construction with the selection of duly certified cyber security solutions,
  • Support designers and yards with securing integration
  • Support commissioning activities with the management of penetration tests if required
Developing a cyber safety ecosystem

DEVELOPING A CYBER SAFETY ECOSYSTEM

Cyber security concerns a range of marine stakeholders: owners, operators, managers, yards and more. BV Solutions M&O experts work with in-house cyber and IT teams, external consultants and solutions providers to define the responsibilities of all stakeholders and offer clear guidance for how cyber security is managed across the maritime ecosystem.