A leading classification society has awarded one of the first cyber security certification to a key original engine manufacturer
Marine technology and engines group Wärtsilä has been awarded Lloyd’s Register (LR) system-level cyber certification, one of the first to be awarded globally.
This relates to Wärtsilä’s network architecture for its integrated main and auxiliary machinery.
LR’s ShipRight SAFE AL2 certification was given to Wärtsilä’s Data Collection Unit (WDCU). It provides Approval-in-Principle (AiP) for the entire Wärtsilä integrated system network, rather than for any individual component.
This certification comes as more ships being built and delivered have information and operational technologies (IT and OT) networked together, increasing their vulnerability to cyber attack.
Therefore, it is a top priority of Wärtsilä to build resilience against unauthorised access, software failures or attacks on ships’ systems.
LR’s certification is a reassurance for shipowners that their IT and OT systems are secure from cyber threats.
WDCU is part of Wärtsilä’s Data Bridge solution for IT and OT. This gathers and transfers operational data to a cloud-based data resource to enable owners and Wärtsilä to remotely monitor onboard equipment.
Data Bridge is a data platform developed by Wärtsilä to enable advanced analytics that provide insight into a vessel’s performance.
It helps ship operators, owners and manager to unlock further improvements to a vessel’s operational and technical efficiency.
ShipRight procedures define an Accessibility Level (AL) for autonomous or remote access to the system for monitoring. It takes into account digitally-enabled systems having remote access to onboard data.
Mandatory within the AiP is a cyber-security risk assessment of the complete onboard integrated operational system.
“This certification validates Wärtsilä’s work in mitigating cyber security risks with the appropriate controls in the integrated system, when collecting and sharing operational data,” said Wärtsilä general manager for cyber security in the marine business. Jonas Blomqvist.
“This takes Wärtsilä lifecycle offering to the next level and knowing that these systems are cyber secure provides customers with the assurance that they are safe to use.”
Wärtsilä has made other inroads in cyber security. It opened an International Maritime Cyber Centre of Excellence (IMCCE) in Singapore, in 2018.
This comprised a Maritime Cyber Emergency Response Team (MCERT) and a cyber academy, in Singapore.
Wärtsilä has also made progress with its vessel traffic technology in 2019. It secured a contract in October to supply its Vessel Traffic Service (VTS) solution to two of France’s leading northern ports.
Calais and Boulogne will upgrade vessel traffic control with this VTS to deliver greater operational efficiency and safety.
This VTS will help the ports manage vessel traffic in these busy harbours, optimising planning and traffic monitoring to reduce waiting time for vessels and allow just-in-time pilotage.
Calais is the leading port in France for passenger traffic and the second largest port in Europe for RoRo vessel traffic. Boulogne-sur-Mer is the leading fishing vessel port in France.
Wärtsilä secured this order from Région Hauts-de-France, the government entity responsible for this tender.
This will be delivered during the Calais Port 2015 project deployment, which is one of the France’s largest maritime construction undertakings, and is the first maritime project within the European Union’s investment plan for priority infrastructures.
Cyber AiP explained
Lloyd’s Register defines ‘cyber-enabled’ systems as those installed on ships that have traditionally been controlled by the ship’s crew. But, increasingly include the capability to be monitored, or monitored and controlled, either remotely or autonomously with or without a crew on board. The level of cyber risk varies from system to system, and mitigation actions need to be made appropriately.
This AiP award comes just one year before the enforcement of IMO’s Resolution MSC.428(98), which means shipping companies must have appropriately addressed cyber-security risks in their Safety Management Systems (SMS) by 1 January 2021.
Guidance and standards on how these cyber-security risk controls shall be built is currently defined by classification societies.
Riviera Maritime Media will be expanding its series of Maritime Cyber Risk Management events in 2020