Lloyd’s Register’s certification validates Wärtsilä Marine’s cyber security measures
The technology group Wärtsilä has been awarded Lloyd’s Register (LR) system-level cyber certification for its network architecture relating to Wärtsilä’s integrated main and auxiliary machinery. The LR’s ShipRight SAFE AL2 certification, which is with Wärtsilä’s Data Collection Unit (WDCU), gives Approval-in-Principle (AiP) for the entire Wärtsilä integrated system network, rather than for any individual component. The certification is one of the first of its kind to be awarded globally.
At a time when information and operational technologies onboard ships are being networked together, building resilience against unauthorised access, software failures or attacks on ships’ systems has become a top priority. The LR certification is, therefore, highly relevant for Wärtsilä’s Data Collection Unit, which as part of Wärtsilä’s Data Bridge solution, is used to gather and transfer operational data to the cloud for remote monitoring. Data Bridge is a data platform developed by Wärtsilä to enable advanced analytics that provide insight into a vessel’s performance. This in turn unlocks the potential for enhancing even further the vessel’s operational and technical efficiency.
The ShipRight procedure defines an Accessibility Level (AL) for autonomous or remote access to the system, in this case meaning cyber access for remote or autonomous monitoring. It particularly takes into account digitally-enabled systems having remote access to onboard data. Mandatory within the AiP is a cyber-security risk assessment of the complete onboard integrated operational system.
“This certification validates Wärtsilä’s work in mitigating cyber security risks with the appropriate controls in the integrated system, when collecting and sharing operational data. This takes Wärtsilä lifecycle offering to the next level and knowing that these systems are cyber secure provides customers with the assurance that they are safe to use,” says Jonas Blomqvist, General Manager, Cyber Security, Marine Business.
Maritime Cyber Risk Management - Standards for defending networks against threats
Lloyd’s Register defines ‘cyber-enabled’ systems as those systems installed onboard ships that have traditionally been controlled by the ship’s crew, but which nowadays include the capability to be monitored, or monitored and controlled, either remotely or autonomously with or without a crew onboard. The level of cyber risk varies from system to system, and mitigation actions need to be made appropriately.
The International Maritime Organization (IMO), in its Resolution MSC.428(98), has announced that by 1 January 2021 maritime administrators must have appropriately addressed cyber-security risks in their Safety Management Systems (SMS). Guidance and Standards on how these cyber-security risk controls shall be built is currently defined by classification societies. For Operational Technology (OT) systems that provide highly integrated solutions to most of the world’s marine industry today, Wärtsilä aligns in most cases with the security standard IEC 62443, as laid out by the International Electrotechnical Commission, for Industrial Automation and Control Systems, which has been developed by a global network of experts from all industry sectors
Wärtsilä’s Smart Marine Ecosystem approach utilises smart technologies within the areas of digitalisation, connectivity, and data exchange to create greater levels of efficiency, safety, and environmental performance. Understanding and effectively dealing with potential cyber security risks introduces a level of safety that adds value to the implementation of these new technologies and ways of working. The certification awarded to Wärtsilä by LR represents a clear message that Wärtsilä is already today integrating cyber secure capabilities within systems in the marine ecosystem.
Image caption: Wärtsilä is committed to integrating cyber security into all its products, systems and services.