The certification confirms ABB’s cyber security solutions meet DNV’s ‘Cyber Secure SP1’ requirements based on the internationally recognised standard for control system cyber security, IEC62443. The certification is in line with and goes beyond the International Maritime Organization’s (IMO) resolution MSC.428(98) to protect power, propulsion and automation systems on board ships, as well as the confidentiality and integrity of remote connections. ABB’s certification for ship operating systems from DNV is a significant advancement to the previous SP0 verification achieved by the company in 2021 both in terms of scope and level of security controls.
From January 2021, the IMO requires every ship’s safety management system to include a cyber security risk assessment. Since the resolution has come into force, it has been complemented by additional guidelines. However, the IMO’s risk assessment needed for compliance does not specify the means of protecting systems and networks at sea, leaving it to ship owners to make their own cyber security arrangements. DNV’s cyber secure rules and the IEC62443 standard fill this important gap with concrete requirements.
“Cyber security awareness in the maritime industry is increasing fast,” said Jarle Coll Blomhoff, Group Leader for Cyber Safety and Security, DNV. “However, owners alone cannot take the full burden of responsibility. They rely on the expertise from yards, suppliers and classification societies to make sure they are prepared to deal with cyber threats both onboard and on shore. The security ABB offers as a built-in feature for systems demonstrates that these new threats and the importance of building cyber protection into every link of the supply chain are recognized throughout the maritime industry.”
The new certification acknowledges ABB’s cyber security solution as providing the required protection for onboard systems, but also enabling system recovery to pre-attack status and troubleshooting to find the root cause of a breach. Approvals to remotely connect to the vessel must be controlled by the onboard crew, with only actively accepted and encrypted connections being permitted. In addition, ABB also offers continuous support to reduce their customers’ cyber operations workload.
“SP1 certification marks a significant upgrade in the cyber security levels for ships,” said Ahmed Hassan, Head of Cyber Security, ABB Marine & Ports. “While it is crucial to secure the communication between the vessel and the Cloud, it is also important to build cyber security into the systems essential for operation, while separating these from the non-essential ones. This builds ‘Defence in depth’ into the vessel design – a mechanism with several security controls where if one measure fails, another will come into play to protect assets. As a result, cyber security risks can be mitigated on an increasingly stronger level that goes beyond what has been possible in the marine industry up until now.”