France’s society Bureau Veritas has become the first class society to develop a cyber security notation that covers the exchange of data between ship and shore. SYS-COM, one of two cyber notations launched by BV yesterday, is directed at preventing cyber attacks.
The other cyber notation just launched by BV, SW-Registry, focuses on software change management ensuring that installations of tested new software versions are properly tracked. It requires the creation and maintenance of a certified register of software used in the ship’s onboard systems. SW-Registry is compulsory for newbuild ships using digital systems and enables owners to comply with IACS UR E22, applicable from July 1 last year. Existing ships may choose to create their own register and would benefit from the additional class notation to help indicate their cyber safety level.
Gijsbert de Jong, marine marketing and sales director, BV, commented: “As vessels become increasingly smart and reliant on digital systems, both cyber safety and security have become a major concern for shipowners seeking to protect their data, people, assets and operations. The approach developed by Bureau Veritas enables shipowners to address risks relating to digital onboard systems, including the major cybersecurity threat to communications between ship and shore.”
The new notations are supported by specialist testing services delivered by Bureau Veritas and its partners. Testing services for cyber safety include software code analysis for potential safety risks and simulations using a mathematical model of the ship to test the code in hazardous situations. Cyber security risks are addressed through a security risk assessment possibly completed by software penetration tests.
Additionally, NI 641- Guidelines for Autonomous Shipping was released at the end of December. This guidance note contains the basis for the risk assessment of ships including autonomous systems, the goal-based recommendations for a minimum level of functionality of autonomous and the guidelines for improving the reliability of essential systems within autonomous ships.
Further tools and services are planned for 2018, including a certification scheme covering all onboard systems and equipment and an additional class notation covering continuous monitoring of the state of the onboard systems and logging of security events to ensure traceability.