ClassNK releases its Cybersecurity ApproachMar 29, 2019 09:15 AM
(TOKYO) — Classification society ClassNK has released the ClassNK Cybersecurity Approach, which outlines its basic approach to ensuring onboard cybersecurity for ships. It was released alongside its Guidelines for Designing Cybersecurity Onboard Ships for newbuilding designs as the first part of the ClassNK Cybersecurity Series, which incorporates requirements for taking onboard cybersecurity measures.
Response to cyberthreats is an urgent matter for the entire maritime industry. The ClassNK Cybersecurity Approach was compiled as a basic way of thinking for helping stakeholders take appropriate measures for onboard cybersecurity and is also based on trends in international institutions and maritime bodies.
In the ClassNK Cybersecurity Approach, ensuring navigational safety is regarded the most important goal of onboard cybersecurity. To achieve it, it is of high priority to ensure availability of systems in terms of operation technology (OT) as well as information technology (IT) systems, which support operation of ships. To mitigate cyber-risks in both IT and OT, the society will propose measures based on a balanced combination of physical, technical, and organizational approaches, such as designing ships and onboard equipment with security by design, constructing management systems during service, etc.
Specifically, ClassNK will classify cybersecurity controls into different layers, and clarify what each stakeholder should do for each layer by adopting requirements from the existing standards on cybersecurity that are considered applicable to ships. Further, in light of the increased use of IT for the operation of ships and international trends in cybersecurity, the society will analyze the latest information with experts and propose current best practices in cybersecurity controls for ships.
Based on these concepts, ClassNK will continually publish guidelines and standards that specify the parties responsible for implementing cybersecurity controls and the details thereof as part of the ClassNK Cybersecurity Series.
At the same time, ClassNK released its Guidelines for Designing Cybersecurity Onboard Ships for newbuilding designs targeting shipyards and ship-building owners as the first part of the ClassNK Cyber Security Series. The guidelines include security measures from the NIST SP800-53(*) compiled for the U.S. government that can apply to ships, and the latest IACS recommendations. The guidelines which include the ClassNK Cybersecurity Approach are available to download free of charge via ClassNK’s website www.classnk.com for those who have registered for the ClassNK “My Page” service. To register for the “My Page” service free of charge, go to the ClassNK website www.classnk.com and click on the “My Page Login” button.
As part of the ClassNK Cybersecurity Series, ClassNK will also be releasing the Cybersecurity Management System for Ships that targets ship management, and Software Security Guidelines that target ship software in the near future.
(*) A special document entitled “Recommended Security Controls for Federal Information Systems” by the National Institute of Standards and Technology(NIST)