In its latest issue of Be Cyber Aware at Sea, Phish and Ships discuss DNV GL’s piece on achieving type approval for cyber security, outlining the steps involved to cyber resilience.
The rapid digitalization of the shipping industry calls for more, enhanced cyber protection not only for the shipping companies, but for the vessels themselves as well.
According to DNV GL, the type approval process begins with with an assessment of the equipment and its documentation, including installation
and operation manuals, applying DNV GL’s stringent and challenging evaluation principles. This often results in revisions before the next phase, product evaluation and test procedure, can begin.
Following, tests are to be conducted to ensure that cyber security equipment is sufficiently robust to prevent penetration attempts while also assessing
aspects such as encryption strength.
DNV GL provides further information concerning the process covers, according to which:
- Human user identification and authentication
- Unique identification and authentication
- Multifactor authentication for all interfaces
- Access privileges
- Software process and device identification and authentication
- User control and functionality
- System integrity
- Data confidentiality
- Restriction to data flows
- Response time to cyber events
- Network/system segmentation
- Monitoring of events
- Resource availability
- The cyber security software must allow the protected application to run without interference.
Dr Mate J Csorba, Global Service Line Leader at DNV GL Digital Solutions commented that
What we are assessing is the security capability of the product. We check the capability and integrity of features such as firewalling and the configuration of the system.
