Welcome!

News Feed Item

DNV GL launches Recommended Practice to enhance the cyber security of maritime assets

Managing cyber security risks in maritime and offshore industries

NEW ORLEANS, LA--(Marketwired - December 01, 2016) - Exploring new ways to operate safely while safeguarding life and property are fundamental. When it comes to cyber risk management the definition of safety and maintenance vary from company-to-company. Recently, DNV GL partnered with several clients to identify operational areas with the greatest risk. Together, we evaluated: What are the best options for securing remote connections on ship and offshore systems? Which operational technology on board is most vulnerable to cyber-attacks? The newly published Recommended Practice (RP) on "Cyber Security Resilience Management" helps identify and address potential cyber hazards.

Developed in cooperation with customers, the RP provides guidance on risk assessment, general improvements to cyber security, and the verification of security improvements and management systems. Cyber risk management is an ongoing concern and should be considered as an integral part of the overall safety management in shipping and offshore operations.

"There are various guidelines for managing cyber risk, what sets the DNV GL recommended practice (RP) apart is the practical application and explanation of 'how to' and not just 'what to do'," explained Paal Johansen, DNV GL's Regional Director - Maritime, Americas.

About the RP
To develop the RP, DNV GL used a structured approach to effectively assess and manage cyber security by combining IT best practices with an in-depth understanding of maritime operations and industrial automated control systems. In addition, the RP gives guidance supporting preparations for ISO/IEC 27001 certification.

"With ships and mobile offshore units becoming increasingly reliant on software-dependent systems, cyber security is an important operational and safety issue for the maritime world," said Knut Ørbeck-Nilssen, CEO of DNV GL - Maritime.

The RP covers some of the most common threats to maritime assets, such as vulnerabilities in the electronic chart display and information system (ECDIS), the manipulation of AIS tracking data, as well as jamming and spoofing of GPS and other satellite-based tracking systems.

The RP differentiates between unintentional infections and targeted threats. Unintentional infections include incidents such as software infections through malware as well as weaknesses in software, which can be caused by the misconfiguration of equipment and software, or faulty software designs. Targeted threats include external cyber-attacks by hackers, who can infiltrate systems through phishing, social engineering, or by exploiting weaknesses in control systems. This category also looks at the possibility of cyber-attacks by disgruntled employees and their ability to circumvent physical access controls.

To help the industry prepare for achieving compliance to internationally recognized standards, the RP provides guidance on how to apply ISO/IEC-27001 and ISA-99/IEC-62443 standards. ISA-99/IEC 62443 is the recognized standard for security of the industrial control systems in the operational technology (OT) domain of organizations. Certification to the ISO/IEC-27001 standard demonstrates that a company has a process-driven approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their information security management system. DNV GL offers certification to ISO/IEC-27001, as well as to the ISO-22301 standard for business continuity management, which demonstrates a business' preparedness for a major incident or disaster.

Academy Training
In addition to the RP, DNV GL has developed a wide range of services in close collaboration with several major ship owners aimed at enhancing the cyber security of their assets. DNV GL's Maritime Academy offers e-learning modules aimed at increasing the awareness for cyber security related issues among crews and shore staff. "Studies have found that the human element still accounts for 90 per cent of all cyber security breaches, this means that regular trainings and awareness campaigns are central to any cyber security initiative," said Knut Ørbeck-Nilssen.

About DNV GL
DNV GL is the world's leading classification society and a recognized advisor for the maritime industry. We enhance safety, quality, energy efficiency and environmental performance of the global shipping industry -- across all vessel types and offshore structures. We invest heavily in research and development to find solutions, together with the industry, that address strategic, operational or regulatory challenges.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists examined how DevOps helps to meet the de...
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
Cloud applications are seeing a deluge of requests to support the exploding advanced analytics market. “Open analytics” is the emerging strategy to deliver that data through an open data access layer, in the cloud, to be directly consumed by external analytics tools and popular programming languages. An increasing number of data engineers and data scientists use a variety of platforms and advanced analytics languages such as SAS, R, Python and Java, as well as frameworks such as Hadoop and Spark...
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
"We are a monitoring company. We work with Salesforce, BBC, and quite a few other big logos. We basically provide monitoring for them, structure for their cloud services and we fit into the DevOps world" explained David Gildeh, Co-founder and CEO of Outlyer, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Automation is enabling enterprises to design, deploy, and manage more complex, hybrid cloud environments. Yet the people who manage these environments must be trained in and understanding these environments better than ever before. A new era of analytics and cognitive computing is adding intelligence, but also more complexity, to these cloud environments. How smart is your cloud? How smart should it be? In this power panel at 20th Cloud Expo, moderated by Conference Chair Roger Strukhoff, paneli...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Join us at Cloud Expo June 6-8 to find out how to securely connect your cloud app to any cloud or on-premises data source – without complex firewall changes. More users are demanding access to on-premises data from their cloud applications. It’s no longer a “nice-to-have” but an important differentiator that drives competitive advantages. It’s the new “must have” in the hybrid era. Users want capabilities that give them a unified view of the data to get closer to customers and grow business. The...
Cloud promises the agility required by today’s digital businesses. As organizations adopt cloud based infrastructures and services, their IT resources become increasingly dynamic and hybrid in nature. Managing these require modern IT operations and tools. In his session at 20th Cloud Expo, Raj Sundaram, Senior Principal Product Manager at CA Technologies, will discuss how to modernize your IT operations in order to proactively manage your hybrid cloud and IT environments. He will be sharing bes...
After more than five years of DevOps, definitions are evolving, boundaries are expanding, ‘unicorns’ are no longer rare, enterprises are on board, and pundits are moving on. Can we now look at an evolution of DevOps? Should we? Is the foundation of DevOps ‘done’, or is there still too much left to do? What is mature, and what is still missing? What does the next 5 years of DevOps look like? In this Power Panel at DevOps Summit, moderated by DevOps Summit Conference Chair Andi Mann, panelists loo...
"Loom is applying artificial intelligence and machine learning into the entire log analysis process, from start to finish and at the end you will get a human touch,” explained Sabo Taylor Diab, Vice President, Marketing at Loom Systems, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The current age of digital transformation means that IT organizations must adapt their toolset to cover all digital experiences, beyond just the end users’. Today’s businesses can no longer focus solely on the digital interactions they manage with employees or customers; they must now contend with non-traditional factors. Whether it's the power of brand to make or break a company, the need to monitor across all locations 24/7, or the ability to proactively resolve issues, companies must adapt to...
A look across the tech landscape at the disruptive technologies that are increasing in prominence and speculate as to which will be most impactful for communications – namely, AI and Cloud Computing. In his session at 20th Cloud Expo, Curtis Peterson, VP of Operations at RingCentral, highlighted the current challenges of these transformative technologies and shared strategies for preparing your organization for these changes. This “view from the top” outlined the latest trends and developments i...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
@DevOpsSummit at Cloud Expo taking place Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center, Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is ...