The technology group Wärtsilä has been awarded Lloyds Register (LR) system-level cybersecurity certification for fully connected and integrated operational systems. It is one of the first times the certification has been awarded globally.
The LR’s ShipRight SAFE AL2 certification, which is with Wärtsilä’s Data Collection Unit (WDCU), gives approval-in-principle (AiP) for the entire Wärtsilä integrated system network, rather than for any individual component.
LR defines ‘cyber-enabled’ systems as those systems installed on board ships that have traditionally been controlled by the ship’s crew, but which nowadays include the capability to be monitored, or monitored and controlled, either remotely or autonomously with or without a crew on board. The level of cyber risk varies from system to system, and mitigation actions need to be made appropriately.
The LR certification is, therefore, highly relevant for Wärtsilä’s Data Collection Unit, which as part of Wärtsilä’s Data Bridge solution, is used to gather and transfer operational data to the cloud for remote monitoring.
Data Bridge is a data platform developed by Wärtsilä to enable advanced analytics that provide insight into a vessel’s performance. This in turn unlocks the potential for enhancing even further the vessel’s operational and technical efficiency.
“This certification validates Wärtsilä’s work in mitigating cybersecurity risks with the appropriate controls in the integrated system, when collecting and sharing operational data,” said Jonas Blomqvist, general manager, cybersecurity, Marine Business, Wärtsilä.
“This takes Wärtsilä lifecycle offering to the next level and knowing that these systems are cyber secure provides customers with the assurance that they are safe to use.”
At a time when information and operational technologies on board ships are being networked together, building resilience against unauthorized access, software failures or attacks on ships’ systems has become a top priority.
The ShipRight procedure defines an Accessibility Level (AL) for autonomous or remote access to the system, in this case meaning cyber access for remote or autonomous monitoring. It particularly takes into account digitally enabled systems having remote access to onboard data. Mandatory within the AiP is a cybersecurity risk assessment of the complete onboard integrated operational system.
Understanding and effectively dealing with potential cybersecurity risks introduces a level of safety that adds value to the implementation of these new technologies and ways of working. The certification awarded to Wärtsilä by LR represents a clear message that Wärtsilä is already today integrating cyber-secure capabilities within systems in the marine ecosystem.