Welcome!

News Feed Item

DNV GL launches Recommended Practice to enhance the cyber security of maritime assets

Managing cyber security risks in maritime and offshore industries

NEW ORLEANS, LA--(Marketwired - December 01, 2016) - Exploring new ways to operate safely while safeguarding life and property are fundamental. When it comes to cyber risk management the definition of safety and maintenance vary from company-to-company. Recently, DNV GL partnered with several clients to identify operational areas with the greatest risk. Together, we evaluated: What are the best options for securing remote connections on ship and offshore systems? Which operational technology on board is most vulnerable to cyber-attacks? The newly published Recommended Practice (RP) on "Cyber Security Resilience Management" helps identify and address potential cyber hazards.

Developed in cooperation with customers, the RP provides guidance on risk assessment, general improvements to cyber security, and the verification of security improvements and management systems. Cyber risk management is an ongoing concern and should be considered as an integral part of the overall safety management in shipping and offshore operations.

"There are various guidelines for managing cyber risk, what sets the DNV GL recommended practice (RP) apart is the practical application and explanation of 'how to' and not just 'what to do'," explained Paal Johansen, DNV GL's Regional Director - Maritime, Americas.

About the RP
To develop the RP, DNV GL used a structured approach to effectively assess and manage cyber security by combining IT best practices with an in-depth understanding of maritime operations and industrial automated control systems. In addition, the RP gives guidance supporting preparations for ISO/IEC 27001 certification.

"With ships and mobile offshore units becoming increasingly reliant on software-dependent systems, cyber security is an important operational and safety issue for the maritime world," said Knut Ørbeck-Nilssen, CEO of DNV GL - Maritime.

The RP covers some of the most common threats to maritime assets, such as vulnerabilities in the electronic chart display and information system (ECDIS), the manipulation of AIS tracking data, as well as jamming and spoofing of GPS and other satellite-based tracking systems.

The RP differentiates between unintentional infections and targeted threats. Unintentional infections include incidents such as software infections through malware as well as weaknesses in software, which can be caused by the misconfiguration of equipment and software, or faulty software designs. Targeted threats include external cyber-attacks by hackers, who can infiltrate systems through phishing, social engineering, or by exploiting weaknesses in control systems. This category also looks at the possibility of cyber-attacks by disgruntled employees and their ability to circumvent physical access controls.

To help the industry prepare for achieving compliance to internationally recognized standards, the RP provides guidance on how to apply ISO/IEC-27001 and ISA-99/IEC-62443 standards. ISA-99/IEC 62443 is the recognized standard for security of the industrial control systems in the operational technology (OT) domain of organizations. Certification to the ISO/IEC-27001 standard demonstrates that a company has a process-driven approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their information security management system. DNV GL offers certification to ISO/IEC-27001, as well as to the ISO-22301 standard for business continuity management, which demonstrates a business' preparedness for a major incident or disaster.

Academy Training
In addition to the RP, DNV GL has developed a wide range of services in close collaboration with several major ship owners aimed at enhancing the cyber security of their assets. DNV GL's Maritime Academy offers e-learning modules aimed at increasing the awareness for cyber security related issues among crews and shore staff. "Studies have found that the human element still accounts for 90 per cent of all cyber security breaches, this means that regular trainings and awareness campaigns are central to any cyber security initiative," said Knut Ørbeck-Nilssen.

About DNV GL
DNV GL is the world's leading classification society and a recognized advisor for the maritime industry. We enhance safety, quality, energy efficiency and environmental performance of the global shipping industry -- across all vessel types and offshore structures. We invest heavily in research and development to find solutions, together with the industry, that address strategic, operational or regulatory challenges.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
More and more companies are looking to microservices as an architectural pattern for breaking apart applications into more manageable pieces so that agile teams can deliver new features quicker and more effectively. What this pattern has done more than anything to date is spark organizational transformations, setting the foundation for future application development. In practice, however, there are a number of considerations to make that go beyond simply “build, ship, and run,” which changes how...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
Without lifecycle traceability and visibility across the tool chain, stakeholders from Planning-to-Ops have limited insight and answers to who, what, when, why and how across the DevOps lifecycle. This impacts the ability to deliver high quality software at the needed velocity to drive positive business outcomes. In his general session at @DevOpsSummit at 19th Cloud Expo, Phil Hombledal, Solution Architect at CollabNet, discussed how customers are able to achieve a level of transparency that e...
Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office. In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, discussed how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved efficienc...
Internet-of-Things discussions can end up either going down the consumer gadget rabbit hole or focused on the sort of data logging that industrial manufacturers have been doing forever. However, in fact, companies today are already using IoT data both to optimize their operational technology and to improve the experience of customer interactions in novel ways. In his session at @ThingsExpo, Gordon Haff, Red Hat Technology Evangelist, will share examples from a wide range of industries – includin...
"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busin...
Between 2005 and 2020, data volumes will grow by a factor of 300 – enough data to stack CDs from the earth to the moon 162 times. This has come to be known as the ‘big data’ phenomenon. Unfortunately, traditional approaches to handling, storing and analyzing data aren’t adequate at this scale: they’re too costly, slow and physically cumbersome to keep up. Fortunately, in response a new breed of technology has emerged that is cheaper, faster and more scalable. Yet, in meeting these new needs they...
The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals...
"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
@DevOpsSummit taking place June 6-8, 2017 at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @DevOpsSummit at Cloud Expo New York Call for Papers is now open.
The cloud competition for database hosts is fierce. How do you evaluate a cloud provider for your database platform? In his session at 18th Cloud Expo, Chris Presley, a Solutions Architect at Pythian, gave users a checklist of considerations when choosing a provider. Chris Presley is a Solutions Architect at Pythian. He loves order – making him a premier Microsoft SQL Server expert. Not only has he programmed and administered SQL Server, but he has also shared his expertise and passion with b...
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...