(PARIS) — Bureau Veritas has developed a comprehensive approach to support shipowners in addressing maritime cyber-risks. A new series of classification notations, guidelines and services enable owners to comply with regulatory requirements, safeguard their crews and protect their assets from both malfunction and malicious attack.
Bureau Veritas now offers two cybernotations. The first, SW-Registry, focuses on software change management ensuring that installations of tested new software versions are properly tracked. It requires the creation and maintenance of a certified register of software used in the ship’s onboard systems. SW-Registry is compulsory for newbuild ships using digital systems and enables owners to comply with IACS UR E22, applicable from July 1, 2017. Existing ships may choose to create their own register and would benefit from the additional class notation to help indicate their cybersafety level.
A second new notation, SYS-COM, addresses cybersecurity, and is directed at preventing malicious cyberattacks. SYS-COM is a voluntary notation covering the exchange of data between ship and shore. Bureau Veritas is now the only classification society to offer a notation for this specific risk, identified as a key cybersecurity threat to digital ship data and systems. The experience from projects with shipowners and providers of ship equipment and technology systems has been vital in developing and testing the Bureau Veritas approach. Recent announcements of projects with Bourbon and Kongsberg are examples.
The new notations are supported by specialist testing services delivered by Bureau Veritas and its partners. Testing services for cyber safety include software code analysis for potential safety risks and simulations using a mathematical model of the ship to test the code in hazardous situations. Cybersecurity risks are addressed through a security risk assessment possibly completed by software penetration tests.
Additionally, "NI 641- Guidelines for Autonomous Shipping" was released at the end of December. This guidance note contains the basis for the risk assessment of ships including autonomous systems, the goal-based recommendations for a minimum level of functionality of autonomous and the guidelines for improving the reliability of essential systems within autonomous ships.
Further tools and services are planned for 2018, including a certification scheme covering all onboard systems and equipment and an additional class notation covering continuous monitoring of the state of the onboard systems and logging of security events to ensure traceability.
For more information, visit www.bureauveritas.com/marine-and-offshore.
