Threats to cybersecurity continue to increase in number and appear from unexpected new angles because of increasing sophistication of cyberattacks. A novel methodology is required not only to protect data but also to achieve safe and reliable operations at sea.

The first step toward securing control systems is to make sure they are designed and operated in accordance with recognized international standards and recommendations, such as the International Organization for Standardization 27000 series, the International Electrotechnical Commission 62443 family of standards, the National Institute of Standards and Technology framework, or the International Association of Drilling Contractors cybersecurity guidelines. In addition, testing and probing these systems and their associated networks for possible vulnerabilities and robustness under high traffic loads are important steps to verifying that the implementation of the design is safe, secure, and conducted in accordance with the vendor’s or the system integrator’s documentation.

This paper provides tangible examples of findings from cybersecurity and network health tests performed on various vessels and installations—such as shuttle tankers; drilling rigs; and floating production, storage, and offloading vessels—by the DNV GL Marine Cybernetics Advisory. Typical pitfalls of onboard cybersecurity are discussed, such as inadequate protection mechanisms, installation failures and mismatches between documentation and installation, vulnerabilities in controllers, and insufficient network capacities. 

Find the paper on the HSSE-SR Technical Discipline Page free for a limited time.