The widescale impact of COVID-19 had not hit when DNV GL Maritime Advisory (DNV GL) was contracted to conduct a cyber security assessment and penetration test for an offshore asset. Before long, however, travel had become a risk, and the parties were forced to evaluate alternative means of performing the related surveys, which resulted in the completion of DNV GL’s first remote cyber security test.
Cyber security assessments and penetration testing involve the examination of an asset’s systems to find weaknesses in the network’s perimeter. Traditionally, testing involves a DNV GL Certified Ethical Hacker carrying out a series of activities aboard the asset, simulating a cybersecurity breach. With no option in the near-term to access the asset physically, DNV GL and the client worked together to define an extensive plan that would allow the assessment and the penetration testing to take place remotely. The plan involved DNV GL staff from Maritime and Digital Solutions in offices across three different countries, as well as personnel from client both in an office setting and on the asset. Each party was responsible for tasks related to the set-up of the test infrastructure, or aspects of the assessment itself.
As technology becomes more sophisticated and critical equipment becomes more interconnected, companies need to make changes that will increase their cyber defenses and the ISM Code has become another driver for this. With the requirements from IMO, ship owners and managers need to have cyber risk management incorporated into their Safety Management System (SMS) and verified at 1st Annual audit after January 1, 2021. By bridging the cyber security in information technology and operational technology critical infrastructures, DNV GL Maritime Advisory can help companies navigate their digital transformation with services that help in assessing, improving and verifying cyber security related to the increased use of technologies in our industry.
“Our world is becoming increasingly interconnected; that statement is applicable on so many fronts at this moment in history,” said Antony DSouza, Executive Vice President and Regional Manager for DNV GL Maritime Region Americas. “With the global transformations taking place, there is no company that should think cybersecurity is irrelevant to them. With trust, cooperation, and out of the box thinking, we can support our clients in these challenging times and work together towards a successful future.”