Tsakos Group of Companies has selected DNV GL to assist in preparing a cybersecurity management system for its fleet and onshore facilities – the first such management system developed by a shipping company in cooperation with DNV GL’s Advisory Services. The Greek shipping organization will implement a comprehensive system of safeguards and procedures to protect their assets from cyber risks. DNV GL is the first classification society to put this kind of cybersecurity service into practice.
“We wanted to assure our charterers and customers that our systems would be adequately protected from cyber risks by implementing the highest standards of cybersecurity on board our vessels and on shore. DNV GL’s proactive attitude in addressing such newly arising industry challenges, its clear vision and commitment to the highest standards assists us in achieving this,” says Sokratis Dimakopoulos, Deputy Managing Director of Tsakos Columbia Shipmanagement (TCM), the ship management arm of the Tsakos Group.
“The partnership between TCM and DNV GL has been very fruitful, and we look forward to enhancing this cooperation in the future,” says Knut Ørbeck-Nilssen, CEO of DNV GL – Maritime. “DNV GL is committed to help customers manage cybersecurity risks and advance the competitiveness of their assets. Managing risks related to cyber safety and security requires a systemic integrated approach that understands and covers all layers of asset management and their interconnections, from infrastructure technology and software, to human-system interaction, data management and company-wise policy and preparedness.”
Recently published guidelines on marine cybersecurity by the Round Table of international shipping associations had called upon shipping companies to further enhance the security of their IT systems. One of their key recommendations was for shipping companies to develop a cybersecurity management system to ensure that they not only have a broad overview of the cyber and information security risks which may occur during their assets’ lifecycles, but also maintain sustainable and resilient procedures to protect vessels and their systems against cyber threats.
Tsakos has been working with DNV GL to create an information security management system which will provide a comprehensive framework for assessing cyber vulnerabilities and implementing the necessary measures for mitigating risks and responding to potential system breaches. “We follow a pragmatic approach based on a thorough risk and gap analysis. The resilience of the resulting procedures and management system will then be verified through penetration testing carried out by the DNV GL Group company Marine Cybernetics,” explains Nikolaos Kakalis, Manager of DNV GL Maritime R&D and Advisory in Greece.
On board vessels, the navigational equipment and systems like the Electronic Chart Display and Information System (ECDIS), control and automation systems, as well as communication networks are considered of high vulnerability to potential cyber threats, making them, along with the user awareness, key focus areas in the development of cybersecurity management systems.
“To further enhance the preparedness of our company for dealing with potential cybersecurity threats effectively, we are planning to take the next step and apply for certification to the information security management systems (ISO 27001) standard,” adds Nikolaos Palaiologos, the IT Manager of TCM. To achieve compliance with the ISO 27001 standard, companies need to demonstrate a process-driven approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their information security management system. TCM will be one of the first shipmanagement companies worldwide to apply for certification to ISO 27001.