LR certification validates Wärtsilä cyber security measures

Lloyd’s Register (LR) has awarded Wärtsilä system-level cyber certification for network architecture relating to Wärtsilä’s integrated main and auxiliary machinery.

The LR ShipRight SAFE AL2 certification, which has been awarded to Wärtsilä’s Data Collection Unit (WDCU), gives Approval-in-Principle (AiP) for the entire Wärtsilä integrated system network, rather than for any individual component. The certification is one of the first of its kind to be awarded globally.

At a time when information and operational technologies onboard ships are being networked together, says Wärtsilä, building resilience against unauthorized access, software failures or attacks on ships’ systems has become a top priority.

The LR certification is, therefore, highly relevant for Wärtsilä’s Data Collection Unit, which as part of Wärtsilä’s Data Bridge solution, is used to gather and transfer operational data to the cloud for remote monitoring. Data Bridge is a data platform developed by Wärtsilä to enable advanced analytics that provide insight into a vessel’s performance. This in turn unlocks the potential for enhancing even further the vessel’s operational and technical efficiency.

The ShipRight procedure defines an Accessibility Level (AL) for autonomous or remote access to the system, in this case meaning cyber access for remote or autonomous monitoring. It particularly takes into account digitally-enabled systems having remote access to onboard data. Mandatory within the AiP is a cybersecurity risk assessment of the complete onboard integrated operational system.

“This certification validates Wärtsilä’s work in mitigating cyber security risks with the appropriate controls in the integrated system, when collecting and sharing operational data. This takes Wärtsilä lifecycle offering to the next level and knowing that these systems are cyber secure provides customers with the assurance that they are safe to use,” says Jonas Blomqvist, General Manager, Cyber Security, Marine Business.

Maritime Cyber Risk Management – Standards for defending networks against threats

Lloyd’s Register defines “cyber-enabled” systems as those systems installed onboard ships that have traditionally been controlled by the ship’s crew, but which nowadays include the capability to be monitored, or monitored and controlled, either remotely or autonomously, with or without a crew onboard. The level of cyber risk varies from system to system, and mitigation actions need to be made appropriately.

IMO Resolution

IMO, in its Resolution MSC 428(98), has said that by January 1, 2021 maritime administrators must have appropriately addressed cyber-security risks in their Safety Management Systems (SMS). Guidance and standards on how these cyber-security risk controls should be built is currently defined by classification societies. For Operational Technology (OT) systems that provide highly integrated solutions to most of the world’s marine industry today, Wärtsilä aligns in most cases with the security standard IEC 62443, as laid out by the International Electrotechnical Commission, for Industrial Automation and Control Systems, which has been developed by a global network of experts from all industry sectors

Wärtsilä’s Smart Marine Ecosystem approach utilizes smart technologies within the areas of digitalization, connectivity, and data exchange to create greater levels of efficiency, safety, and environmental performance. Understanding and effectively dealing with potential cyber security risks introduces a level of safety that adds value to the implementation of these new technologies and ways of working.