Cyber safety, security and autonomous shipping addressed with new Bureau Veritas notations and guidelines
Bureau Veritas has developed a comprehensive approach to support shipowners in addressing maritime cyber risks. A new series of classification notations, guidelines and services enable owners to comply with regulatory requirements, safeguard their crews and protect their assets from both malfunction and malicious attack. Bureau Veritas now offers two cyber notations: The first, SW-Registry, focuses on software change management ensuring that installations of tested new software versions are properly tracked. It requires the creation and maintenance of a certified register of software used in the ship’s onboard systems. SW-Registry is compulsory for newbuild ships using digital systems and enables owners to comply with IACS UR E22, applicable from 1 July 2017. Existing ships may choose to create their own register and would benefit from the additional class notation to help indicate their cyber safety level. A second new notation, SYS-COM, addresses cyber security, and is directed at preventing malicious cyber attacks. SYS-COM is a voluntary notation covering the exchange of data between ship and shore. Bureau Veritas is now the only classification society to offer a notation for this specific risk, identified as a key cyber security threat to digital ship data and systems. The experience from projects with shipowners and providers of ship equipment and technology systems has been vital in developing and testing the Bureau Veritas approach. Recent announcements of projects with Bourbon and Kongsberg are examples. Gijsbert de Jong, Marine Marketing & Sales Director, Bureau Veritas: “As vessels become increasingly smart and reliant on digital systems, both cyber safety and security have become a major concern for shipowners seeking to protect their data, people, assets and operations. The approach developed by Bureau Veritas enables shipowners to address risks relating to digital onboard systems, including the major cybersecurity threat to communications between ship and shore.” The new notations are supported by specialist testing services delivered by Bureau Veritas and its partners. Testing services for cyber safety include software code analysis for potential safety risks and simulations using a mathematical model of the ship to test the code in hazardous situations. Cyber security risks are addressed through a security risk assessment possibly completed by software penetration tests. Jean-François Segretain, Technical Director, Bureau Veritas added: “Bureau Veritas continues to invest in developing specialist skills to help our clients leverage the power of digital systems to improve fleet efficiency and performance, while keeping their ships, crew and data safe.” Additionally, NI 641- Guidelines for Autonomous Shipping was released at the end of December. This guidance note contains the basis for the risk assessment of ships including autonomous systems, the goal-based recommendations for a minimum level of functionality of autonomous and the guidelines for improving the reliability of essential systems within autonomous ships. Further tools and services are planned for 2018, including a certification scheme covering all onboard systems and equipment and an additional class notation covering continuous monitoring of the state of the onboard systems and logging of security events to ensure traceability.