- Maritime
- Insights
- Industry topics
- Maritime cyber security
Why cyber security is essential for your business
The digitalization of the maritime industry is taking place at a rapid pace. However, with critical infrastructure increasingly connected it is also being exposed to added cyber security risks.
New digital systems are radically enhancing the operational efficiency of ships and significantly enhancing their environmental performance. Digital technologies are increasingly applied to areas like navigation, logistics and communication, contributing to greater energy efficiencies and reduced emissions.
As digital technologies make rapid advances, so do the systems that can cause them harm. The threat of cyber criminals and state-sponsored actors is greater than ever and shipping’s position as a vital industry at the heart of global supply chains makes it a prime target for cyber-attacks.
With the Operational Technology (OT) and Information Technology (IT) components of vessels increasingly interlinked and inter-dependable, attacks on these systems can be extremely impactful.
IT is typically more mature when it comes to cyber security, with established procedures, technology and training being applied using an information security management system (ISMS) – at least onshore. A breach of IT systems can have significant reputational and financial impact. However, it typically does not impact the safe operation of your ships and units.
OT is less mature when it comes to cyber security, and an attack on on-board OT systems can be extremely impactful, resulting in, for example, a manipulation of a vessel’s navigation and positioning system, which can jeopardize the vessel’s and crew’s safety. As a class society, we work together with the industry to ensure owners, yards and suppliers are prepared to build and operate cyber-secure ships and offshore units.
What makes cyber security increasingly important in maritime?
- Advances in digitalization, more automation and increasingly inter-connected technologies are delivering major benefits to shipping, helping to drive decarbonization efforts. However, as these technologies make rapid advances, so do the technologies that can do them harm. While modern technological advancements like Artificial Intelligence (AI) can help shipping take giant leaps forward, they can also be used to significantly enhance the sophistication of cyber-attacks.
- The global volume of cyber-attacks grew by 38% between 2021 and 2022. However, the uptake of preventative and mitigative measures in the maritime industry has been slow. According to DNV’s Maritime Cyber Priority report in 2023, only 40% of those surveyed said that their organization is investing enough in cyber security.
- The regulatory environment around cyber security is developing quickly. The IMO’s cyber resolution from 2021 requires owners, operators, and managers to have a cyber-security management system in place. This is being expanded with the implementation of IACS new unified requirements (URs) for cyber security E26 and E27 in July 2024. These URs oblige owners, yards and suppliers to build cyber security barriers into their systems and vessels, and ship classification societies to verify it.
- Commercial cyber requirements and risks, like TMSA 3 and lack of insurance coverage, can impact the probability of getting a charter and may lead to significant financial risk.
Why DNV is the right partner for cyber security
- DNV’s purpose is to safeguard life, property and the environment, and regards the increasing frequency and scale of cyber-attacks as one of the biggest threats to the safety and future development of shipping.
- As one of the global leaders in the technological and regulatory evolution of the maritime industry, DNV recognizes that the digitalization and decarbonization of shipping – two elements which are mutually dependent – is reliant on strong cyber security.
- DNV now has over 500 dedicated cyber security professionals. Combined with our strong maritime domain knowledge, this helps us to support our customers in building digital robustness and cyber security resilience into their design and operation.
“The combination of cyber security expertise and in-depth knowledge of maritime regulation and control systems is what makes DNV unique in this context. It was a positive experience to have a cyber security expert on board who was able to talk to the crew as well as understand the maritime systems on board and find his way around the vessel.”
How DNV is making shipping more cyber-secure
- As a Recognized Organization on behalf of authorities, we deliver ISM audits which include cyber risk.
- As a class society, we offer the Cyber secure class notation for secure vessel design and operation and cyber secure type approval to support manufacturers with cyber-secure systems and components and ensure compliance with IACS Unified requirements.
- As maritime cyber security expert advisor with e.g. certified ethical hackers, we tailor our support to our clients needs including e.g. cyber risk assessment/improvements, penetration testing and training both on board and in the office.