DNV GL addresses cybersecurity

30 Mar 2015
Tor E Svensen: “There are many ways something can go wrong with the systems or software – be it caused by technical or human error, or cyber criminals

Tor E Svensen: “There are many ways something can go wrong with the systems or software – be it caused by technical or human error, or cyber criminals"

DNV GL addressed the increasing problem of cyber threats and cybersecurity in the maritime and offshore industry at this year’s Connecticut Maritime Association (CMA) Shipping event.

During a session with the US Coast Guard, ship owners and class representatives, DNV GL took to the floor to address the issue highlighting that as ships and offshore structure become more and more interconnected, “all programmable components may be exposed to cyber threats, be it machinery, navigation or communication systems”.

“This is a weak spot,” said Tor E Svensen, CEO, maritime, DNV GL. “There are many ways something can go wrong with the systems or software – be it caused by technical or human error, or cyber criminals.”

According to Svensen, cyber-attacks pose an additional risk of someone with evil intent exploiting already existing vulnerabilities. The industry has seen its first cyber events, e.g. the manipulation of AIS, ECDIS and GPS data. Just last year, more than 50 cyber security incidents were detected in the Norwegian energy and oil and gas sector.

DNV GL says it’s always favoured a risk-based approach and also advocates this to reduce cyber risks. Mr Svensen used the session to recommend that asset owners and operators should consider cybersecurity self-assessments, third-party assessments, audits, testing and verification, and suggested that such requirements could also be implemented into future regulations.

Cybersecurity audits or “health checks” are starting points, says DNV GL. With a combination of so-called Hardware In-the-Loop (HIL) and cybersecurity testing, DNV GL’s Marine Cybernetics unit offers tests addressing typical threats such as network storms and penetrations, password attacks, disconnections and communication failures.

Focusing on the integration of software dependent systems, DNV GL introduced its own Integrated Software Dependent Systems (ISDS) standard in 2009. Originally developed for the offshore industry and enhanced ever since, ISDS helps ensure that the integrated and stand-alone control-systems of a vessel perform reliably and safely. ISDS requirements are ensuring quality control throughout the development process, which means the resulting systems are more robust by design.

“If you have already taken care of software integrity, installed data protection and assessed the risks e.g. with HIL testing or ISDS, you are in a good position to take the next step in improving cybersecurity,” Mr Svensen concluded.

Links to related companies and recent articles ...

DNV GL

view more