Welcome!

News Feed Item

DNV GL launches Recommended Practice to enhance the cyber security of maritime assets

Managing cyber security risks in maritime and offshore industries

NEW ORLEANS, LA--(Marketwired - December 01, 2016) - Exploring new ways to operate safely while safeguarding life and property are fundamental. When it comes to cyber risk management the definition of safety and maintenance vary from company-to-company. Recently, DNV GL partnered with several clients to identify operational areas with the greatest risk. Together, we evaluated: What are the best options for securing remote connections on ship and offshore systems? Which operational technology on board is most vulnerable to cyber-attacks? The newly published Recommended Practice (RP) on "Cyber Security Resilience Management" helps identify and address potential cyber hazards.

Developed in cooperation with customers, the RP provides guidance on risk assessment, general improvements to cyber security, and the verification of security improvements and management systems. Cyber risk management is an ongoing concern and should be considered as an integral part of the overall safety management in shipping and offshore operations.

"There are various guidelines for managing cyber risk, what sets the DNV GL recommended practice (RP) apart is the practical application and explanation of 'how to' and not just 'what to do'," explained Paal Johansen, DNV GL's Regional Director - Maritime, Americas.

About the RP
To develop the RP, DNV GL used a structured approach to effectively assess and manage cyber security by combining IT best practices with an in-depth understanding of maritime operations and industrial automated control systems. In addition, the RP gives guidance supporting preparations for ISO/IEC 27001 certification.

"With ships and mobile offshore units becoming increasingly reliant on software-dependent systems, cyber security is an important operational and safety issue for the maritime world," said Knut Ørbeck-Nilssen, CEO of DNV GL - Maritime.

The RP covers some of the most common threats to maritime assets, such as vulnerabilities in the electronic chart display and information system (ECDIS), the manipulation of AIS tracking data, as well as jamming and spoofing of GPS and other satellite-based tracking systems.

The RP differentiates between unintentional infections and targeted threats. Unintentional infections include incidents such as software infections through malware as well as weaknesses in software, which can be caused by the misconfiguration of equipment and software, or faulty software designs. Targeted threats include external cyber-attacks by hackers, who can infiltrate systems through phishing, social engineering, or by exploiting weaknesses in control systems. This category also looks at the possibility of cyber-attacks by disgruntled employees and their ability to circumvent physical access controls.

To help the industry prepare for achieving compliance to internationally recognized standards, the RP provides guidance on how to apply ISO/IEC-27001 and ISA-99/IEC-62443 standards. ISA-99/IEC 62443 is the recognized standard for security of the industrial control systems in the operational technology (OT) domain of organizations. Certification to the ISO/IEC-27001 standard demonstrates that a company has a process-driven approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their information security management system. DNV GL offers certification to ISO/IEC-27001, as well as to the ISO-22301 standard for business continuity management, which demonstrates a business' preparedness for a major incident or disaster.

Academy Training
In addition to the RP, DNV GL has developed a wide range of services in close collaboration with several major ship owners aimed at enhancing the cyber security of their assets. DNV GL's Maritime Academy offers e-learning modules aimed at increasing the awareness for cyber security related issues among crews and shore staff. "Studies have found that the human element still accounts for 90 per cent of all cyber security breaches, this means that regular trainings and awareness campaigns are central to any cyber security initiative," said Knut Ørbeck-Nilssen.

About DNV GL
DNV GL is the world's leading classification society and a recognized advisor for the maritime industry. We enhance safety, quality, energy efficiency and environmental performance of the global shipping industry -- across all vessel types and offshore structures. We invest heavily in research and development to find solutions, together with the industry, that address strategic, operational or regulatory challenges.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Niagara Networks exhibited at the 19th International Cloud Expo, which took place at the Santa Clara Convention Center in Santa Clara, CA, in November 2016. Niagara Networks offers the highest port-density systems, and the most complete Next-Generation Network Visibility systems including Network Packet Brokers, Bypass Switches, and Network TAPs.
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
Extreme Computing is the ability to leverage highly performant infrastructure and software to accelerate Big Data, machine learning, HPC, and Enterprise applications. High IOPS Storage, low-latency networks, in-memory databases, GPUs and other parallel accelerators are being used to achieve faster results and help businesses make better decisions. In his session at 18th Cloud Expo, Michael O'Neill, Strategic Business Development at NVIDIA, focused on some of the unique ways extreme computing is...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Outlyer, a monitoring service for DevOps and operations teams, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Outlyer is a monitoring service for DevOps and Operations teams running Cloud, SaaS, Microservices and IoT deployments. Designed for today's dynamic environments that need beyond cloud-scale monitoring, we make monitoring effortless so you ...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex softw...
What if you could build a web application that could support true web-scale traffic without having to ever provision or manage a single server? Sounds magical, and it is! In his session at 20th Cloud Expo, Chris Munns, Senior Developer Advocate for Serverless Applications at Amazon Web Services, will show how to build a serverless website that scales automatically using services like AWS Lambda, Amazon API Gateway, and Amazon S3. We will review several frameworks that can help you build serverle...
In his General Session at 17th Cloud Expo, Bruce Swann, Senior Product Marketing Manager for Adobe Campaign, explored the key ingredients of cross-channel marketing in a digital world. Learn how the Adobe Marketing Cloud can help marketers embrace opportunities for personalized, relevant and real-time customer engagement across offline (direct mail, point of sale, call center) and digital (email, website, SMS, mobile apps, social networks, connected objects).
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
SYS-CON Events announced today that Hitrons Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Hitrons Solutions Inc. is distributor in the North American market for unique products and services of small and medium-size businesses, including cloud services and solutions, SEO marketing platforms, and mobile applications.
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, will discuss some of the security challenges of the IoT infrastructure and relate how these aspects impact Smart Living. The material will be delivered i...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., will discuss how these tools can be leveraged to develop a lasting competitive advanta...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, will provide a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services ...
VeriStor Systems has announced that CRN has named VeriStor to its 2017 Managed Service Provider (MSP) 500 list in the Elite 150 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies, and maximize their return on IT investments. In today’s fast-paced business environments, MSPs play an important role...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...