DNV Standards and Recommended Practices supporting cyber security
DNV invests 5% of revenue in research and innovation, including collaboration with industry and academia on cyber-physical technologies and joint industry projects. These often lead to the publication of peer-reviewed recommended practices, industry standards and guidelines. Here are our overview of publications dedicated to cyber security:
OIL AND GAS
This recommended practice provides a guideline for how to apply the IEC 62443 series of standards in the oil and gas industry. Although the standard describes cyber security requirements for all industries, this recommended practice is tailored to oil and gas. While the standard focuses on what to do, this recommended practice focuses on how to do it.
DNVGL-RP-0496: Recommended practice: Cyber security resilience management for ships and mobile offshore units in operation
Cyber security has become a concern and should be considered as an integral part of the overall safety management in shipping and offshore operations. Our recommended practice (RP) explains the ‘how to do’ and not just the ‘what to do’. We use a structured approach to effectively assess and manage your cyber security by combining IT best practices with an in-depth understanding of maritime operations and industrial automated control systems. In addition, our RP gives guidance supporting preparations for ISO/IEC 27001 certification.
Recognising the increase in connectivity and integration as well as growing risks related to cyber incidents, it is crucial to address cyber security in both design of cyberphysical systems as well as in operation of the vessel. DNV GL has therefore established class notation Cyber secure (see DNVGLRUSHIP Pt.6 Ch.5 Sec.21) addressing cyber security of vessels and their systems.
ELECTRICITY INFRASTRUCTURE & DISTRIBUTION
The objective of this recommended practice (RP) is to propose practical guidelines describing attack surfaces, potential threats and possible countermeasures that a company should take into consideration when planning to improve the security of its protection devices and the digital technology within its substations. The RP aims to improve security for second and third generation substation protection devices. It offers a set of industry reviewed activities to include when planning and assessing the implementation of security measures and controls in the power system.