Cyber security threats have grown in reach and complexity. As a consequence, cyber security has become a concern and should be considered as an integral part of the overall safety management in shipping and offshore operations. With multifaceted vulnerabilities and cyber-attack scenarios (intended or unintended), the answer to cyber security lies in a multifaceted approach to manage risks.
DNV GL uses a systematic approach to assess the cyber security of vessels and their interaction with onshore stakeholders. Best practices from risk management in oil & gas, maritime and energy applications come together to identify threats and build counter-strategies, looking at both technical and behavioural aspects.
Proven cyber security management approaches look at:
- Raising the awareness of all stakeholders, including onshore personnel and offshore crews
- Assessing and implementing defensive and reactive countermeasures
- Monitoring and reviewing effectiveness and robustness of barriers, emphasising continuous improvement
Our approaches address information technology (IT) as well as the industry-specific operational technology (OT) systems. Our range of services and solutions include:
- Organisational and technical gap assessments: According to your needs to reach compliance with regulations and standards (e.g. IMO Resolution MSC.428(98), DNV GL’s Cyber Secure Class Notation, ISO/IEC 27001, NIST Cybersecurity Framework, TMSA 3, GDPR) our cyber security experts will engage with your onshore personnel and offshore crews to check written and unformal praxis of your company and vessels;
- Cyber risk assessment: Our interdisciplinary teams engage with your onshore personnel and offshore crews to identify and address your cyber security risks via various levels of assessment; starting with a high-level self-assessment through an App on Veracity – My Services, to more detailed assessments tailored to your specific business risks.
- Assessment of ships in operation – We provide cyber security assessment & testing onboard your vessels, including visual inspection of the systems and their surroundings, interviews with crew members and testing of systems and networks.
- Cyber security enhancement – Based on a systematic assessment, we help you efficiently close cyber security gaps by supporting the development of improvement plans, looking at systems, the human factor and management procedures.
- Penetration testing – Testing the robustness of your barriers is essential to ensure that your assets are secure. Our penetration testing offer comprehensive and effective validation of your systems and procedures.
- Verification for newbuilds and ships in operation – We provide third-party verification of cyber security requirements throughout the life cycle of a vessel towards the compliance with DNV GL’s Cyber Secure Class Notation or letter of compliance for other classed vessels.
- Training – Our (online) classroom training covers general awareness, management, technical and hacking lessons. Our e-learning solution can be performed on board or in the office, so your crews can address pivotal aspects of any cyber security system – covering the human factor.
- Emergency response exercise – In order to be better prepared for an incident we help you with executing desktop exercises both onboard and onshore to train and verify effective communication, response and recovery activities.
- ISO/IEC 27001 preparedness – DNV GL Maritime assesses and help you improve the existing documentation to help you prepare for certification.
- Certification – DNV GL Business Assurance certify against ISO/IEC 27001 and ISO 22301.
Be on the safe side of cyber security with DNV GL:
- Combining traditional IT security best practices with in-depth understanding of maritime operations and industrial automated control systems
- Local and international experts draw on extensive knowledge and experience in cyber security risk management, maritime operations and the human factor
- All testing and recommended mitigation measures are tailored to specific maritime needs