ABB obtains DNV cybersecurity certification for ship operating systems – Digital Ship
DNV has awarded ABB Cyber Secure Essential SP1 certification for its ship automation, propulsion and power systems, fully integrated with the remote access system.
The certification confirms that ABB’s cybersecurity solutions meet DNV’s “Cyber Secure SP1” requirements based on the internationally recognized standard for cybersecurity of control systems, IEC62443.
Certification complies with and goes beyond International Maritime Organization (IMO) resolution MSC.428(98) to protect shipboard power, propulsion and automation systems, as well as privacy and the integrity of remote connections. ABB’s certification for DNV’s ship operating systems is a significant step up from the company’s previous SP0 audit in 2021, both in terms of the scope and level of security controls.
From January 2021, the IMO requires every ship’s safety management system to include a cybersecurity risk assessment. Since the resolution entered into force, it has been supplemented by additional guidelines. However, the IMO risk assessment needed for compliance does not specify how to protect systems and networks at sea, leaving shipowners to make their own cybersecurity arrangements. DNV’s cybersecurity rules and the IEC62443 standard fill this important gap with concrete requirements.
“Awareness of cybersecurity in the maritime industry is growing rapidly,” said Jarle Coll Blomhoff, group leader for cybersecurity and security, DNV. “However, owners alone cannot take full responsibility. They rely on the expertise of shipyards, suppliers and classification societies to ensure they are ready to deal with cyber threats on board and ashore. The security offered by ABB as an integrated functionality for systems demonstrates that these new threats and the importance of integrating cyber protection into every link of the supply chain are recognized throughout the maritime industry.
The new certification recognizes ABB’s cybersecurity solution as providing the required protection for embedded systems, but also enabling system recovery to pre-attack state and troubleshooting to find the root cause of a breach. Permissions for remote connections to the ship must be controlled by the crew on board, with only actively accepted and encrypted connections allowed. In addition, ABB also offers ongoing support to reduce the workload of cyber operations for its customers.
“The SP1 certification marks a significant improvement in ship cybersecurity levels,” said Ahmed Hassan, Cybersecurity Manager, ABB Marine & Ports. “While securing communication between the ship and the cloud is crucial, it is also important to integrate cybersecurity into systems critical to operations, while separating them from those that are not. This incorporates ‘defense in depth’ into the ship’s design – a mechanism with multiple security checks where if one measure fails another will kick in to protect the assets. As a result, cybersecurity risks can be mitigated to an increasingly strong level that goes beyond what has been possible in the maritime industry so far.