BV Introduces Cyber Health Check Tool
Bureau Veritas (BV) has launched a new Cyber Health Analysis Report Tool (CHART) to help shipowners understand their ships’ digital architecture (OT/IT), specific vulnerabilities and level of preparedness to potential cyber threats.
The aim of the tool is to enable a comprehensive technical assessment of a vessel’s cyber resilience at specific moments throughout its lifetime, responding to the need to constantly review, maintain and update systems in the face of evolving cyber threats.
The tool provides a comprehensive audit of the vessel’s equipment, networks, security mechanisms and interconnections. It validates their compliance with cybersecurity standards, including upcoming regulations from the International Association of Classification Societies (IACS) and flag states. It then delivers a health check report, together with recommended mitigation measures.
IACS Cyber Resilience Unified Requirements UR E26 and UR E27 will require the implementation of stringent cybersecurity protections and will be mandatory from January 1, 2024. UR E26 aims to ensure the secure integration of IT/OT equipment into a vessel’s network during the design, construction, commissioning, and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response, and recovery.
UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems and equipment and provides additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development requirements for new devices before their implementation onboard ships.
IMO Resolution MSC.428(98): Maritime Cyber Risk Management in Safety Management Systems entered into force on January 1, 2021. More industry guidance has subsequently been provided, including BIMCO’s Guidelines on Cyber Security Onboard Ships.