Maritime

Cyberattacks on medical devices and their Impact

Cyber attacks against shipyards, vessels, offshore installation and remote maritime infrastructure have increased in a very alarming way.

As vessels are becoming more and more connected with much more feature sets that can be controlled remotely the attack surface has been increased which has led to increasing attack vectors.

The impact of cyber attack against these systems and infrastructure can cause a great deal of damage on the safety of saleres, on the operations of these vessels and can cause very big financial impact due to penalties.

Regulation & Standards

In April 2022, the International Association of Classification Societies (IACS) released two new Unified Requirements relating to cyber resilience on board marine vessels.

Entering into force on January 1, 2024 and applying to all new builds and contracts on and after this date, the two URs are:

• UR E26: Cyber Resilience of Ships
• UR E27: Cyber Resilience of On-Board Systems and Equipment

Both of these requirements have an entry into force date for new construction vessels that have a contract signing on or after January 1, 2024. Upon this entry into force date, these requirements will be mandatory for new construction ships and offshore vessels.

Cyber Security as a Business Enabler

As regulation is preventing companies from selling these systems and devices without the right level of security. Companies which comply with these regulations will have a great opportunity to sell their products and to be a supplier for other companies whose regulations are enforced up on them.

Cyber security will be a very important differentiator element for companies searching to align with national and international cyber security regulation.

Challenges & Solution

These cybersecurity regulations and standards oblige companies to raise the security bar of their vessels and infrastructure to a very high level.

CEO and CISO must have a defined roadmap and strategies to deploy their security program across their whole company and products.

This security Program must lead to the right type approval and classification approval.

Hence we propose we provide consultancy services to deploy these security program (IT & OT) and we provides several services in a Security as a Service (SaaS) model to support you through the whole phases of these security programs.

As an example we propose:

• Risk management (Risk Identification, Risk assessment,Security objective and Security measures)
• Security Concept (Secure Product Architectural Design)
• Security Test (Function testing covering security requirements, Fuzzing and Penetration testing)
• Secure Code (Secure Coding Guidelines, Code review)
• SecDevOps (Static Code Analysis and Dynamic Code Analysis)
• FOSS/FSW (Free and Open Source SoftWare management and conformity)
• Private Data Management (Compliance with GDRP)
• Vulnerability Monitoring
• Incident Management