Cyber Secure class notation
Address risk of cyber security incidents and demonstrate cyber security vessel capabilities and IMO and IACS UR E26 compliance with DNV Cyber secure class notation.
Due to the increasing focus both from regulators and potential attackers, as well as complexity of vessels’ digital systems, along with new safety risks for the system, crew and passengers, it is essential to establish sufficient and efficient cyber security barriers. Increased focus is driven by:
- New technology, more automation and digitalization
- An increase in cyber incidents is affecting shipping and offshore
- Regulations and laws such as the IACS UR E26 are being introduced
- Inclusion of cyber security in charterer’s vetting evaluations
Our Cyber secure class notation
The Cyber secure class notation from DNV has been developed to address the cyber security of a vessel’s main functions and the owner’s operational needs. It establishes recognised requirements for vessels and offshore units in operation and newbuilds across different segments and security levels and is well aligned with IACS UR E26 and E27.
The Cyber secure class notation comprises three different qualifiers:
- Cyber Secure entry-level class notation addresses the most critical vulnerabilities. In addition, the notation requires that a cyber security management system is established to ensure secure ship operation and meet the upcoming IMO resolution MSC.428(98). This level is suitable for vessel in operation where limited changes may be done to onboard systems.
- Cyber secure (Essential) includes all of the entry-level notation above, but in addition examines the control systems in more detail to ensure security controls/capabilities at security profile 1 (profile of IEC 62443 security level 1). It is primarily intended for more complex ships in operation, whereby cyber security is implemented into existing procedures and systems, aiming to establish an adequate security level. This level is mandatory for vessels contracted for construction after 1st of July 2024 by the IACS UR E26.
- Cyber Secure (Advanced) covers the same scope as the Essential scope, however with increased system security level (security profile 3). This is primarily intended for advanced and complex newbuilding projects where significant investment is done to lift cyber security defences and is designed to protect against intentional violations using sophisticated means and specific control system skills.
The notations cover 10 and important onboard essential functions, including propulsion, steering, navigation, power generation, watertight integrity and others.
- The (+) plus notation allows the owner to include additional systems. It addresses threats as well as assesses and secures additional systems which are particularly important for operations and not part of the standard scope of essential and important functions such as cargo systems, entertainment systems, IT systems and drilling systems.
All qualifiers verify the full process for implementation of cyber security barriers onboard the vessel: for asset owners and operators, system integrators (e.g. yards) and equipment manufacturers. The notation’s security levels are based on the international technical standard IEC and have been adapted for the maritime industry.
Evidence of compliance towards the Cyber secure class notation can also be provided as a verification service for non-DNV classed vessels.
With DNV’s Cyber secure class notation, you can stay safe and compliant, and get ahead in the digital transformation of the maritime industry:
- Less risk of cyber security threats and reduced downtime due to cyber attacks
- Proof of cyber security resilience for your vessel and ensure compliance with the IMO cyber risk resolution as well as IACS unified requirements E26
- Increased charter probability due to better vetting score from charterers and oil majors
- Regular audits to verify continuous compliance and focus on upcoming cyber security threats
- Increased cyber security awareness of both crew and shore personnel