Class societies are homing in on cyber security and alternative fuels ꟷ and launching a range of guidance and notations in these areas
Cyber security is currently a huge topic in the passenger ship – and indeed entire maritime – industry, and several class societies have released recent initiatives to boost cyber defence.
DNV GL has joined forces with major maritime industry sectors to establish a cyber security risk management guideline for ships in operation.
It has produced an easy-to-follow three-pronged approach that enables maritime organisations to take on the challenge of controlling cyber security risks adapted to an industry with limited budgets. The recommended practice for cyber security resilience management for ships and mobile offshore units in operation (DNVGL-RP-0496) was designed to simplify the task of controlling cyber security risks, not only for IT-skilled personnel but also for a wider audience with minimal cyber security expertise. DNV GL senior cyber security service manager Patrick Rossi presented this to delegates at the European maritime cyber risk management summit, jointly organised by Riviera Maritime Media and Norton Rose Fulbright.
Once the critical mission objectives are established, a cruise operator would determine the most critical systems to concentrate on. “We aimed to provide easy guidance to address not just the ‘what to do’ but the ‘how to do it’, and have addressed over 1,000 comments from all segments of the industry during its development,” said Mr Rossi. The guidelines will help identify the most critical assets in terms of cyber security and determine whether they are low, medium or high risk, and create different checklists for each.
DNV GL is also working with several cruise operators at the vessel building stage to instigate cyber security measures during design and construction, rather than adding them later. This is a first for the industry, highlighting the increased focus on cyber security.
Mr Rossi told Passenger Ship Technology the benefits of taking this approach: “There is so much more that we can do in terms of increasing cyber security when factoring this in at the design and build stage; once the vessel has been built it becomes more of a challenge to build cyber security into the design, overhauling the ship’s network infrastructure to address the risks afterwards would not make economic sense.”
While Mr Rossi pointed out that a lot is known about cyber security risks relating to IT, less is known about operational technology (OT), which is just as, if not more critical when it comes to cyber threats. By looking at these aspects in relation to cyber security at the build and design phase, risks in both areas can be managed and “a competency bridge can be built between the two worlds”, leveraging the more readily available cyber security know-how from the IT domain towards the OT domain.
Lloyd’s Register (LR) launched its Cyber Secure programme at Seatrade Cruise Global in March this year. This follows on from the launch of guidelines and a notation in this area last year.
Indeed, cyber security is such a big focus for LR that in the last 18 months it has invested more heavily in this area than any other, LR marine and offshore director Nick Brown told PST.
The Cyber Secure programme is a set of services designed to help ship operators understand how cyber secure they are now and what level of security they want to achieve in future. Added to the mix is helping clients with the changing cyber security regulatory environment.
Mr Brown summed up the programme as “recognising that an individual system on a ship in terms of operational technology is very much connected with many other systems”.
“You could find 20 different manufacturer logos on a bridge and engine control room, who are concerned with their particular system.” Therefore they do not necessarily see the inter-dependence on different systems. Mr Brown warned: “Certain things like software upgrades could result in catastrophic failure of the ship if interdependency of systems is not understood and recognised.”
Important elements of the Cyber Secure programme include a gap analysis service, using NIST 800 – the US cyber security guidelines that are expected to launch next year – as a standard basis to compare what a ship operator is currently doing concerning suppliers and OEMS against NIST to see where there might be gaps.
“We can then use the results to work towards compliance, which leads to certification against the standard, then move into more of a maintenance regime, and agree with the company to carry out certain drills where hacks are simulated and we support them as to how they respond,” said Mr Brown.
The programme has been launched in partnership with science and engineering company QinetiQ, which brings its cyber security skills and experience to complement LR’s expertise in marine.
And Mr Brown said that this would not be the end of the journey.
“As connectivity becomes more affordable and commonplace there will always be malicious hackers there, so we are looking at how to build on our current emergency and response service to use it for cyber threats,” Mr Brown summed up.
Class societies are also focusing on alternative power such as batteries and to this end Bureau Veritas (BV) launched a new series of notations and rules addressing the requirements of energy storage systems (ESS) to support ship operators in reducing emissions.
Released in July, they provide a framework for electric and hybrid power solutions. The class notations include power management, power back-up and zero emission standards.
It is expected that the notations will encourage wider uptake of energy storage systems to provide both operational and environmental benefits.
BV classed Seaspan’s two ferries that were delivered in the first quarter of this year. These broke new ground by combining LNG propulsion with ESS.
Bureau Veritas passenger ship business development manager Jean-Jacques Juenet said that the batteries in Seaspan’s ferries could be used for a range of reasons: for back-up or during manoeuvring to avoid starting an extra diesel generator, or to take up a quick load increase.
Mr Juenet said: “Batteries may not be the cheapest solution but they are very clean and I think the technology has made a lot of progress, gaining volume in power. Next year we will see more of these advancements.”
“Software upgrades could result in catastrophic failure of the ship if interdependency of systems is not understood and recognised” Nick Brown, Lloyd’s Register
US class society ABS has also upped its focus on the application of new hybrid electric technologies, and has worked with Sandia National Laboratories and other project partners to study the technical, economic and regulatory feasibility of building a zero-emission, hydrogen fuel cell-powered, high-speed passenger vessel, the SF-Breeze.
ABS issued a conditional approval in principle for this concept to verify that the design would be compliant with applicable regulations and rules.
Its work here has fed into its Advisory on Hybrid Electric Power Systems, published in March this year.
ABS global marine vice president Matthew Tremblay said: “Our work with Sandia Labs and the project team provided practical knowledge that was integrated directly into development of the advisory.”
He said that ABS took a “measured approach in evaluating the potential advantages and disadvantages, challenges and level of readiness” for the primary hybrid electric power systems and components most suited for marine applications.
Mr Tremblay said that the advisory provides critical information that marine and offshore owners and operators need to make smarter decisions about energy generation and storage.
The list of technologies addressed in the advisory includes lithium-ion batteries, supercapacitors, flywheel energy storage, fuel cells, wind and solar.
ABS also issued its Guide for Use of Lithium Batteries in the Marine and Offshore Industries in March 2017 which was developed to help facilitate effective installation and operation of lithium battery systems.
Explaining the reasons behind ABS’ extensive work within electric hybrid propulsion, Mr Tremblay said: “As technology evolves and regulatory complexities increase, the marine industry is faced with the reality of both complying with environmental regulations and meeting operational demands.” To deal with these challenges, owners and operators are turning to more non-conventional sources of energy to power and propel vessels. Therefore, as the industry moves ahead, hybrid electric power systems will play a “key role in meeting the regulatory and operational demands placed on vessels”.
Industries such as electric utilities and aerospace are already applying renewable energy technologies to their products to reduce their environmental footprint, while “still maintaining their competitive edge”, Mr Tremblay said.
He warned that it is critical that lessons learned and experiences in the adaptation of hybrid electric power in other sectors are considered as the marine industry examines its options.
LNG is a big focus for class societies when it comes to the ferry and cruise sectors. Bureau Veritas has recently carried out a lot of work within this sector, with projects including Tallink’s dual-fuelled Megastar ferry, which was delivered in January this year.
It is also classing Spanish operator Balearia’s LNG dual-fuelled ship, which is under construction at La Naval. Brittany Ferries’ new LNG ferry is also classed by BV, and is currently being constructed at Flensburger shipyard in Germany.
“LNG will become more or less a standard for large ferries in Europe due to marine pollution rules in Europe being very restrictive; LNG is the most elegant way to solve that,” said Mr Juenet.
He singled out that there are several LNG bunker ships under development, allowing bunkering to become easier in Europe.
LNG cruise bunkering is also becoming easier due to the larger cruise operators highlighting their need for LNG.
BV has developed bunkering guidelines, and for MegaStar, BV’s Tecnitas arm conducted risk analysis for bunkering in Helsinki and Tallinn. The class society has also classed LNG bunkering vessels.
Mr Rossi: Four key cyber security areas
Biggest weakness: Awareness. “We are lacking in this because maritime cyber-attack scenarios are not a usual scenario, we do not believe that it is possible, and can cut corners.” Leaving ship operators vulnerable to threats.
Biggest strength: There is a good approach to safety training drills. “Risk management is very much a part of maritime culture,” Mr Rossi observed. Therefore it would not be too hard to extend this to extra checks, such as cyber security.
Biggest opportunity: Mr Rossi said that there was a “lot of free advice available” for ship operators on cyber security, so they should take advantage of this. This should be their first step, giving them a very clear picture via such steps as self-assessment tools.
Biggest threat: Limited resources in current times and little time left to take action before the attackers gain more ground in the maritime sector.