Classification society ClassNK has released the ClassNK Cyber Security Approach which outlines its basic approach to ensuring onboard cyber security for ships. It was released alongside its Guidelines for Designing Cyber Security Onboard Ships for newbuilding designs as the first part of the ClassNK Cyber Security Series which incorporates requirements for taking onboard cyber security measures.
Response to cyber threats is an urgent matter for the entire maritime industry. The ClassNK Cyber Security Approachwas compiled as a basic way of thinking for helping stakeholders take appropriate measures for onboard cyber security and is also based on trends in international institutions and maritime bodies.
In the ClassNK Cyber Security Approach, ensuring navigational safety is regarded the most important goal of onboard cyber security. To achieve it, it is of high priority to ensure availability of systems in terms of operation technology (OT) as well as information technology (IT) systems, which support operation of ships. To mitigate cyber risks in both IT and OT, the Society will propose measures based on a balanced combination of physical, technical, and organisational approaches, such as designing ships and onboard equipment with security by design, constructing management systems during service, etc.
Specifically, ClassNK will classify cyber security controls into different layers, and clarify what each stakeholder should do for each layer by adopting requirements from the existing standards on cyber security that are considered applicable to ships. Further, in light of the increased use of IT for the operation of ships and international trends in cyber security, the Society will analyse the latest information with experts and propose current best practices in cyber security controls for ships.
Based on these concepts, ClassNK will continually publish guidelines and standards that specify the parties responsible for implementing cyber security controls and the details thereof as part of the “ClassNK Cyber Security Series”.
At the same time ClassNK released its Guidelines for Designing Cyber Security Onboard Ships for newbuilding designs targeting shipyards and ship-building owners as the first part of the ClassNK Cyber Security Series. The guidelines include security measures from the NIST SP800-53 – a special document entitled “Recommended Security Controls for Federal Information Systems” by the National Institute of Standards and Technology (NIST) – compiled for the US Government that can apply to ships, and the latest IACS recommendations. The guidelines which include the ClassNK Cyber Security Approach are available to download free of charge via ClassNK’s website for those who have registered for the ClassNK “My Page” service. To register for the “My Page” service free of charge, visit the ClassNK website www.classnk.com and click on the “My Page Login” button.
As part of the ClassNK Cyber Security Series, ClassNK will also be releasing the Cyber Security Management System for Ships that targets ship management, and Software Security Guidelines that target ship software in the near future.