Lloyd’s Register (LR) has awarded Wärtsilä Digital Accessibility Level 2 SAFE SECURITY Approval in Principle (AiP) for its Data Collection Unit (WDCU) and the network architecture concept for its new build main and auxiliary machinery.
LR’s ShipRight procedure for the ‘assignment of digital descriptive notes for autonomous and remote access ships’ defines an Accessibility Level (AL) to a digital system. In this case, remote access for monitoring the ship's main and auxiliary machinery using external connection is enabled and may be accessed from systems located ashore. As a result, LR awarded Wärtsilä’s system with AL 2 Digital Access for Autonomous/Remote Monitoring.
LR defines ‘digital’ systems as those systems installed onboard ships that have traditionally been controlled by the ship’s crew, but which, through recent advances in IT and operational technology (OT), nowadays include the capability to be monitored, or monitored and controlled, either remotely or autonomously with or without a crew onboard.
The ‘assignment of digital descriptive notes for autonomous and remote access ships’ ShipRight procedure is based on a high level assessment focused on the risks associated to the ‘digitalisation’ of a ship’s operations. The cyber risk is one of those (including human factor, network architecture, software assurance, etc.) that needs to be considered according to the ShipRight Procedure. Therefore, as part of this AiP, LR assessed that an appropriate cyber security governance system is in place to mitigate the risk of introducing vulnerabilities to cyber-attack or other unauthorised access during the design, procurement, construction and installation of the digitally-enabled systems.
At a time when information and operational technologies onboard ships are being networked together, building resilience against unauthorised access, software failures or attacks on ships’ systems has been identified as a risk considered in the design and managed at that level. AiP from LR is of great importance to Wärtsilä’s Data Collection Unit, which as part of Wärtsilä’s Data Bridge solution, as it is used to gather and transfer operational data to the cloud for remote monitoring.
Paolo Scialla, LR’s Principal Specialist, Electrotechnical Systems and Cyber Security, Marine & Offshore said: “Through our ShipRight procedure we are supporting our customers, like Wärtsilä, with identifying potential vulnerabilities and optimising business resilience against risks associated to the digital systems. We’re proud to award Wärtsilä with this Approval in Principle. It demonstrates the company’s strong commitment to protecting their ships’ systems against unauthorised access, software failures and attacks.”
“This certification validates Wärtsilä’s work in mitigating cyber security risks with the appropriate controls in the integrated system, when collecting and sharing operational data. This takes Wärtsilä lifecycle offering to the next level and knowing that these systems are cyber secure provides customers with the assurance that they are safe to use,” said Jonas Blomqvist, Wärtsilä’s General Manager, Cyber Security, Marine Business.