New anti-cyber-attack regulations impact BWMS

Like any networked system or control software on board a ship, the ballasting process, including the treatment system, can be susceptible to a cyber attack, with hackers looking for an entry point to a vessel’s operational technology systems.

Concern is such that the International Association of Classification Societies adopted in 2021 two new Unified Requirements (UR) to increase the cyber resilience of ships.

UR E26 and UR E27 will be applied to new ships contracted for construction on and after 1 January 2024.

The requirements are twofold: to ensure the secure integration of equipment into the vessel’s network throughout its operational lifespan; and to make the interface between users and computer-based systems and equipment more resilient.

“This could be a problem for legacy systems,” said BIO-UV Group project manager Charlène Ceresola, “It is not the case with a BIO-SEA unit, but older ballast water treatment systems can be susceptible to a cyber attack. If the ballasting system is hacked and its pumps operated remotely, ship stability is at risk; a ship could sink, and lives could be lost. It is much more than simply an environmental threat.”

Ms Ceresola said, “We are following these guidelines and have developed greater cyber-secure functions to our software ahead of the requirement. In an increasingly connected and digitalised world, every component on board a ship has to be cyber secure.”

BIO-UV Group completed testing of the new cyber-secure function in 2022, with full type-approval expected later this year.