Lloyd’s Register (LR) has awarded Wärtsilä system-level cyber certification for its network architecture relating to Wärtsilä’s integrated main and auxiliary machinery.
The LR’s ShipRight SAFE AL2 certification, which is with Wärtsilä’s Data Collection Unit (WDCU), gives Approval-in-Principle (AiP) for the entire Wärtsilä integrated system network, rather than for any individual component. The certification is one of the first of its kind to be awarded globally.
At a time when information and operational technologies onboard ships are being networked together, building resilience against unauthorized access, software failures or attacks on ships’ systems has become a top priority. The LR certification is, therefore, highly relevant for Wärtsilä’s Data Collection Unit, which as part of Wärtsilä’s Data Bridge solution, is used to gather and transfer operational data to the cloud for remote monitoring. Data Bridge is a data platform developed by Wärtsilä to enable advanced analytics that provide insight into a vessel’s performance.
The ShipRight procedure defines an Accessibility Level (AL) for autonomous or remote access to the system, in this case meaning cyber access for remote or autonomous monitoring. It particularly takes into account digitally-enabled systems having remote access to onboard data. Mandatory within the AiP is a cyber-security risk assessment of the complete onboard integrated operational system.
“This certification validates Wärtsilä’s work in mitigating cyber security risks with the appropriate controls in the integrated system, when collecting and sharing operational data. This takes Wärtsilä lifecycle offering to the next level and knowing that these systems are cyber secure provides customers with the assurance that they are safe to use,” says Jonas Blomqvist, General Manager, Cyber Security, Marine Business.
The International Maritime Organization (IMO), in its Resolution MSC.428(98), has announced that by January 1, 2021 maritime administrators must have appropriately addressed cyber-security risks in their Safety Management Systems (SMS). Guidance and Standards on how these cyber-security risk controls shall be built is currently defined by classification societies. For Operational Technology (OT) systems that provide highly integrated solutions to most of the world’s marine industry today, Wärtsilä aligns in most cases with the security standard IEC 62443, as laid out by the International Electrotechnical Commission, for Industrial Automation and Control Systems, which has been developed by a global network of experts from all industry sectors.
