Certified equipment plays a critical role in ensuring the safety of maritime transportation, protecting lives, assets, and the environment. Compliance with a comprehensive set of maritime standards ensures ships adhere to stringent safety regulations, including those governing cybersecurity.
Marine equipment must pass stringent testing and certification in order to guarantee cyber security onboard. There are specific standards that must be complied to. When standards are fulfilled, a company or a vessel is awarded with a certificate proving that the entity is in line with the standard. Serving as a "cyber security passport" for equipment, these certifications attest to adherence to strict safety regulations.
However, what requirements need to be fulfilled to obtain necessary certifications to be in line with cyber security standards for vessels?
Organisational Cybersecurity Standards & Certifications
- ISO/IEC 27001
For information security management systems (ISMS), this is a globally accepted standard. It offers a structure for creating, putting into practice, preserving, and continuously enhancing an ISMS. The standard aids businesses in controlling the risks associated with information security, such as those pertaining to availability, confidentiality, and integrity.
- IMO Guidelines on Maritime Cyber Risk Management
The inclusion of cyber risk management into a ship's safety management system (SMS) is required by IMO Maritime Safety Committee Resolution MSC.428 (98). In order to guarantee the security and dependability of ship operations, it offers the shipping sector a framework and recommendations for cyber threat response tactics.
- NIST Cyber Security Framework
This comprehensive guide serves for organisations that aim to improve their cybersecurity posture by promoting the protection and resilience of critical information and infrastructure. The framework is structured around five core functions—Identify, Protect, Detect, Respond, and Recover—which help organizations manage and mitigate cybersecurity risk in a cohesive and holistic manner.
Technical & Operational Cybersecurity Standards & Certifications
- IEC 62443 Series
This is a collection of standards designed to secure industrial communication networks and systems, particularly those used in industrial automation and control systems. By implementing the IEC 62443 standards, maritime organizations can systematically secure their shipboard systems and networks against cyber threats. This includes establishing robust security policies, managing access control, and ensuring the security of software and network communications essential for the safe navigation and operation of ships.
- DNV Cyber Secure (former DNV GL Cyber Secure)
DNV Cyber Secure is a class notation designed by Det Norske Veritas (DNV) to ensure the cybersecurity of maritime operations. It provides a framework for assessing, improving, and verifying the cybersecurity posture of ships and offshore platforms. It addresses the unique cybersecurity challenges faced by maritime operators by identifying and mitigating vulnerabilities in their IT and OT systems and ensures that these systems are resilient against cyber threats.
- IEC 61162-460
A cybersecurity standard called IEC 61162-460 was created expressly to improve the security of shipboard navigation and communication systems. By incorporating stronger security procedures to guard against cyberattacks and data leaks, it expands upon the IEC 61162-450 standard.
- IEC 63154
This standard focuses on the management of alarms in networking systems. It has significant cybersecurity implications for industries like maritime where network integrity is crucial. The standard indirectly enhances cybersecurity by ensuring the secure handling of alarm data against unauthorized access or manipulation. It supports cybersecurity by enabling prompt detection and responses to cyber incidents through efficient alarm management.
Prominent Certifications Robustel Obtained
- IEC 62443-4-1
As a part of Robustel’s commitment to cybersecurity, a complex evaluation was undertaken allowing Robustel to gain IEC 62443-4-1 certification.
The certificate was awarded in January 2024 by LCIE Bureau Veritas. Over 40 topics were reviewed and some of them are: (SM-7) Development, environment, security; (SM-8) Controls for private keys; (SD-1) Secure design principles; (SD-2) Defence in depth design; (SD-4) Secure design best practices; (SI-2) Secure coding standards; (SVV-1) Security requirements testing; (SVV-2) Threat mitigation testing; (SVV-3) Vulnerability testing; (SVV-4) Penetration testing and (SVV-5) Independence of testers.
- IEC 61162-460
In May 2024 Robustel has launched the MG460 maritime gateway, the product that meets IEC61162-460 standard, which is specified in E27 for navigation system, radio communication and interconnected networks. As the world's first product to receive IEC61162-460 (Edition 3) type approval from DNV, the MG460-Gateway and the 460-Wiresless Gateway not only meet the highest cybersecurity standards for maritime navigation and wireless communication systems but also comply with IEC 60945 and SOLAS vessel standards.
The Bottom Line
For maritime equipment, those mentioned standards are difficult and time-consuming to get certifications for. In addition to building a secure, dependable, and effective maritime network for shipping companies with the most thorough certifications, Robustel never stops working to deliver safe and dependable network communication solutions for international maritime companies.