December 01, 2016 12:08 ET

DNV GL launches Recommended Practice to enhance the cyber security of maritime assets

Managing cyber security risks in maritime and offshore industries

NEW ORLEANS, LA--(Marketwired - December 01, 2016) - Exploring new ways to operate safely while safeguarding life and property are fundamental. When it comes to cyber risk management the definition of safety and maintenance vary from company-to-company. Recently, DNV GL partnered with several clients to identify operational areas with the greatest risk. Together, we evaluated: What are the best options for securing remote connections on ship and offshore systems? Which operational technology on board is most vulnerable to cyber-attacks? The newly published Recommended Practice (RP) on "Cyber Security Resilience Management" helps identify and address potential cyber hazards.

Developed in cooperation with customers, the RP provides guidance on risk assessment, general improvements to cyber security, and the verification of security improvements and management systems. Cyber risk management is an ongoing concern and should be considered as an integral part of the overall safety management in shipping and offshore operations.

"There are various guidelines for managing cyber risk, what sets the DNV GL recommended practice (RP) apart is the practical application and explanation of 'how to' and not just 'what to do'," explained Paal Johansen, DNV GL's Regional Director - Maritime, Americas.

About the RP
To develop the RP, DNV GL used a structured approach to effectively assess and manage cyber security by combining IT best practices with an in-depth understanding of maritime operations and industrial automated control systems. In addition, the RP gives guidance supporting preparations for ISO/IEC 27001 certification.

"With ships and mobile offshore units becoming increasingly reliant on software-dependent systems, cyber security is an important operational and safety issue for the maritime world," said Knut Ørbeck-Nilssen, CEO of DNV GL - Maritime.

The RP covers some of the most common threats to maritime assets, such as vulnerabilities in the electronic chart display and information system (ECDIS), the manipulation of AIS tracking data, as well as jamming and spoofing of GPS and other satellite-based tracking systems.

The RP differentiates between unintentional infections and targeted threats. Unintentional infections include incidents such as software infections through malware as well as weaknesses in software, which can be caused by the misconfiguration of equipment and software, or faulty software designs. Targeted threats include external cyber-attacks by hackers, who can infiltrate systems through phishing, social engineering, or by exploiting weaknesses in control systems. This category also looks at the possibility of cyber-attacks by disgruntled employees and their ability to circumvent physical access controls.

To help the industry prepare for achieving compliance to internationally recognized standards, the RP provides guidance on how to apply ISO/IEC-27001 and ISA-99/IEC-62443 standards. ISA-99/IEC 62443 is the recognized standard for security of the industrial control systems in the operational technology (OT) domain of organizations. Certification to the ISO/IEC-27001 standard demonstrates that a company has a process-driven approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their information security management system. DNV GL offers certification to ISO/IEC-27001, as well as to the ISO-22301 standard for business continuity management, which demonstrates a business' preparedness for a major incident or disaster.

Academy Training
In addition to the RP, DNV GL has developed a wide range of services in close collaboration with several major ship owners aimed at enhancing the cyber security of their assets. DNV GL's Maritime Academy offers e-learning modules aimed at increasing the awareness for cyber security related issues among crews and shore staff. "Studies have found that the human element still accounts for 90 per cent of all cyber security breaches, this means that regular trainings and awareness campaigns are central to any cyber security initiative," said Knut Ørbeck-Nilssen.

About DNV GL
DNV GL is the world's leading classification society and a recognized advisor for the maritime industry. We enhance safety, quality, energy efficiency and environmental performance of the global shipping industry -- across all vessel types and offshore structures. We invest heavily in research and development to find solutions, together with the industry, that address strategic, operational or regulatory challenges.

Contact Information