How we are ensuring cybersecurity across all our digital ship systems
Kongsberg Maritime is one of the first maritime engineering companies to establish a certified baseline of cybersecurity for all digital products, a process requiring close collaboration with DNV
Cybersecurity is emerging as a key topic in the maritime industry as vessels become ever-more reliant on their digital technology and connectivity. Numerous operators and shipping companies and even some ports have already been targeted by hackers in the past five years. Such attacks can result in operational disruption, data breaches, and financial losses. Worse, cyber-attacks are growing in sophistication and scale.
According to ship owners’ associations, cyberattacks could cripple navigation, propulsion, and cargo handling, leading to significant delays, rerouting, and even vessel grounding. The rise of state-based cybersecurity threats in the past two years should also give vessel owners pause.
Creating a cybersecurity plan with DNV
To address this, we initiated a programme two years ago to make our key digital products cyber secure though independent, third-party verification. This ensures that owners, operators, and shipyards can deploy our digital solutions and be confident that they are protected from modern cyber threats.
Working in close partnership with DNV, we began by testing our DP systems, which are vital for offshore operations, for Security Level 1 (SL 1). This first level security includes completion of some 40 requirements that takes a holistic approach to onboard systems in design and operation of the vessel, as well as supporting processes, comprehensive documentation, and adherence to security, quality, health, safety and environmental (QHSE) standards.
Working with DNV, we began by testing our DP systems for Security Level 1 (SL 1) which requires completion of 40 standards
Achieving this certification for our K-Pos DP system is just the beginning.
"To be the first product going through the test process requires extra care and preparation due to the large amount of detail going into it. As K-Pos now has paved the way, it enables a smoother process to implement cyber security across our product range," says Oscar Kallerdahl, Director Cyber Security A&C at Kongsberg Maritime.
Kallerdahl has years of experience in systems and integration for the maritime industry, and he notes the special challenges that come with making ships cyber secure.
"We deploy a defence in depth approach to our system design... You need to be very sharp in how you design the system; we now have the certificate to show that our products are safe"
“System design and integration are challenging areas which require detailed focus from our side in our system design, and when adding cybersecurity requirements on top, there are even more details to consider. We deploy a defence in depth approach to our system design,” he says, noting that the trend towards integrated solutions makes cybersecurity more challenging. “You need to be very sharp in how you design the system; we now have the certificate to show that our products are safe.”
Being leaders on cybersecurity for the maritime industry
He also points out that Kongsberg Maritime is one of the first such companies to push ahead with such a comprehensive programme aimed at establishing a baseline of cybersecurity for all digital products. That work has required a close collaboration with DNV.
“We've been pushing our teams extremely hard and DNV have supported us all through our very intense test plan. We did cybersecurity certification for K Chief 600, and it took 12 months just for one product,” says Kallerdahl. “We have taken our learnings and set up a plan for 15 products into a test period of two months, and this must be a record, for both us and for them.”
DNV and Kongsberg Maritime created a unified approach to interpreting and documenting certification requirements. This streamlined way of working means quicker approvals and enhanced focus on product testing
The collaboration with DNV started with defining methodology and templates, which has been a key part in developing an efficient process. Working together, DNV and Kongsberg Maritime created a unified approach to interpreting and documenting certification requirements. This streamlined way of working means quicker approvals and enhanced focus on product testing.
Kallerdahl reports that his team is coming to the end of an intense testing period of 15 key products within Automation and Control. The next step is to expand testing into Integration & Energy, and Propulsions & Handling product families.
The result for customers will be greater confidence in our integrated systems in information and energy management. Compliance with cybersecurity regulations also means more charter business for vessel owners, thanks to better vetting scores. It may also be benefit to ship owners who don’t have access to large IT departments of their own.
Shipyards can benefit because they know the subsystems, they work with have already been vetted and approved.
It all adds up to greater confidence in digital solutions aimed at future proofing vessels.
For more information: