Buques inteligentes y ciberseguridad. Reglamentación de Bureau Veritas 2023

2 5 D E M AY O D E 2 0 2 3 | B U R E A U V E R I TA S M A R I N E & O F F S H O R E
BUQUES INTELIGENTES Y CIBERSEGURIDAD.

REGLAMENTACIÓN DE BUREAU VERITAS
AGENDA
02 03
HOW TO CREATE SMARTSHIPS
SMARTSHIP VALUABLE INSIGHTS
& DIGITAL SOLUTIONS FROM SHIP’S DATA?
04 05
CYBERSECURITY USV – NR461
2 © 2021 Bureau Veritas M&O

Bureau Veritas Group | C2 - Internal
01
SMARTSHIPS
&
DIGITAL SOLUTIONS

SMARTSHIP
OUR UNDERSTANDING OF SHIP-OWNERS OBJECTIVES
BE MORE SUSTAINABLE SAVE OPERATIONAL COSTS

• Through remote operations
• Improve energy efficiency in $ • Through data driven
operation optimizations
• Control & reduce waste • Reduce machinery down-time and
generation spare parts consumption through
• Benchmark my ship optimized and predictive
performance maintenance
• Improve fleet utilization through
better anticipation and planning
BE MORE EFFICIENT BE SAFE & SECURED

• Improve connectivity • Through robust IT infrastructure
• Reduce reporting time • Through resilient software
• Identify on-time the valuable data • Through Cyber-security
• Improve data quality management and design
• Standardize data exchange formats
• Improve tracking and monitoring
SMARTSHIP
USE CASE : ROUTE PLANNING & WEATHER ROUTING
Data used:
▪ Ship characteritics
▪ Ship’s loading conditions
▪ Weather forecast, waves & currents
▪ Engine & propeller conditions (E. Shaft Power, rpm, pitch)
▪ ECDIS
▪ AIS: ship’s position, heading, speed
▪ Freight rate and bunker prices
Output
▪ Best route ponderated by selected criteria:
– Limited risk on:
• Hull structure,
• Cargo,
• Passenger comfort
– Compliance with chartering contract
– ETA
– Engine power/RPM, Fuel consumption
– TCE Time Charter Equivalent
▪ Real time data sharing

SMARTSHIP
OTHER USE CASES
▪ Hull performance
▪ Optimized mach maintainance
▪ Fleet occupancy
▪ Power Management System
▪ Propeller pitch & shaft generator optimization
for manoeuvring
▪ Cargo consumers optimization
▪ Liquid cargo heating system optimization
(liquid tankers)
▪ BOG vs. sloshing optimization (LNG carriers)
▪ Just-in-time arrival
▪ Anti-collision assistance
▪ …

SMARTSHIP
LANDSCAPE OF SHIP PERFORMANCE DIGITAL SOLUTIONS
MANY ACTORS…
MANY PROFILES…
NOT AT EVEN STAGE OF MATURITY…

02
HOW TO CREATE
VALUABLE INSIGHTS
FROM SHIP’S DATA?

DATA DRIVEN MODEL
OF DIGITAL SOLUTIONS
Data sharing
Data
1 Data collection 2 Data integration 3 Data process 4 contextualization 5 Data actionable
onboard
… from multisources • API & synch. • Data mining ✓ Customized ✓ Alerts

(FROM SHIP, FROM • Data hosting • Data science dashboards ✓ Recommendations
Company, from third • Data exchanges • Data analytics ✓ Valuable insights ✓ On-time actions
parties) formats • AI ✓ Notifications & alerts
• Data quality ✓ Periodical reports
• Data cleaning ✓ Simulations &
predictions
✓ Optimized scenarios
T R A N S F O R M I N G D ATA I N T O A C T I O N S
DATA QUALITY MANAGEMENT
MAIN PRINCIPLES AND STANDARDS
6 dimensions to be considered
PLAN DO Data related support
1. Accuracy: data reflect reality (IS, IT and Cybersecurity)
2. Completeness: all data required is available Data Quality Data Quality
Planning Control
3. Uniqueness: no duplication
4. Consistency: no conflict within a dataset
Data organization
5. Timelineness: data available when expected Data Quality Data Quality management
6. Validity: data as per expected format, type and improvement Assurance
range
ACT CHECK
PDCA implementation
Standards
▪ ISO 8000 series relying on ISO9000 principles:
o Master data quality: rarely change ex. ship’s
characteristics
o Transaction data quality: frequently change ex.
navigation data
o Product data quality: ex. cargo data
▪ ISO 19847 Shipboard data servers
▪ ISO 19848 Shipboard data format
▪ DAMA Data Management Body of Knowledge
(DMBoK) Bureau Veritas Group | C2 - Internal
03
SMARTSHIPS

OUR SMART GROUPS FRAMEWORK
GROUP 1
COMPUTER BASED SHIPS
Covering the functional safety of computer based systems
and digital solutions capturing data onboard
GROUP 2
CONNECTED SHIPS
Covering ship-to-shore data transfers, means of remote
access to ship's data (data infrastructure) and cyber security
GROUP 3
AUGMENTED SHIPS
Covering the data driven operating models from shore,
including ship monitoring, remote support and ship's efficiency
optimisation for operational and environmental performance.
GROUP 4
AUTONOMOUS SHIPS
Covering the advanced functions needed for ships remotely
operated from shore up to fully autonomous ships
(INCLUDES USV)
OUR SMART() NOTATIONS
FOLLOW A BI-DIMENSIONAL APPROACH
Additional Class notation

{ SMART ( _ _ )
Scope of the smart system Where is the data in the cycle?
The scope of application of the smart

function:
H for Hull
The smart group designation
M for Machinery 1 for Computer Based Ship
MH for Machinery Health Monitoring 2 for Connected Ship
N for Navigation 3 for Augmented Ship
EnE for Energy Efficiency 4 for Remotely operated and Autonomous ship
X for Special

OUR NEW NOTATIONS
CYBER
ASYNC-COM CII-REALTIME RESILIENT
SMART(EnE) DATA INFRA
SMART(MH) SMART(X) ASYNC-COM-R
NR467 R15 NR659 R02
NR675 R02 NR467 R15
NR675 R02 NR675 R02 NR467 R15
Roadmap development for 2023

Augmented ships SMART(_3), digital surveys, data quality, UR E26/27 integration in NR467

SMART() RULES
REMOTELLY
COMPUTER BASED
CONNECTED SHIP AUGMENTED SHIP OPERATED AND
SHIP
AUTONOMOUS
Existing notations
(Hull, Navigation, Manned with remote
Machinery) controls functions
DATA
INFRASTRUCTURE
Machinery Health Remote monitoring &
Maintenance MHM decision support from
INTERNNAL Unmanned
CONNECTIVITY shore { USV
Energy Efficiency
(Remote controls excluded)
EnE CYBER
SECURITY
Special function Autonomous vessel
X
Eg. Sloshing monitoring
CYBER RESILIENCE

04
CYBERSECURITY
UR E26
CYBER RESILIENCE
FOR NEW
CONSTRUCTIONS

« Digitalización » en Nuestra Vidas
Este proceso ofrece nuevas oportunidades, pero

también nuevas amenazas…..
Cyber security Cyber safety
Prevent intentional malicious Prevent involuntary accidents
actions (cyber attack) and mistakes (system failure)
Ahora hay que definir el problema……

IT y OT
IT = Information Technologies.
Daño : Principalmente aspectos financieros y comerciales
(reputación)
Ejemplos: e-mails, e-Certificates (Certif. Digital), etc.
OT = Operation Technology
Daño: No sólo económico y commercial, sino también vida
humana, buque y polución.
Ejemplos: SCADA, Dynapos Systems, ECDIS, etc

UR E26 aims to ensure the secure integration
of both Operational Technology (OT) and Information
Technology (IT) equipment into the vessel’s network
during the design, construction, commissioning,
and operational life of the ship.
This UR targets the ship as a collective entity

for cyber resilience and covers 5 key aspects :
‫ ׀‬Equipment identification ‫ ׀‬Attack detection

UR E26
‫ ׀‬Protection ‫ ׀‬Response
CYBER ‫ ׀‬Recovery
RESILIENCE
OF VESSELS
UR E26
NEW TECHNICAL
REQUIREMENTS
UR E26 – REQUIREMENTS FOR VESSELS
New stringent requirements on:

‫ ׀‬Network segmentation
‫ ׀‬Network traffic protection
‫ ׀‬Logical and physical access management
‫ ׀‬Remote access to onboard equipment
‫ ׀‬Cyber incident detection ability
‫ ׀‬Restoration & resilience

HOW DOES BV HELP STAKEHOLDERS?
CHART BY BUREAU VERITAS
“ C YBER H EALTH A N ALY S I S R EPORT TOOL”
‫ ׀‬Network listening
‫ ׀‬Network scanning
DELIVERABLES
‫׀‬ Network visualization and traffic analysis

‫׀‬ Evidence of cyber vulnerabilities or non-compliances
‫׀‬ Gap analysis with any standard
‫׀‬ Wi-fi audit is performed on the same occasion
‫׀‬ Mitigation measures suggestions
‫׀‬ Penetration testing can then be requested by owner

HOW DOES BV M&O HELP SHIPYARDS
JOINT DEVELOPMENT PROJECTS (CHINA, KOREA)
✓ Developing together UR E26 compliant OT/IT architectures
CYBER RESILIENT CLASS NOTATION
✓ Basic compliance with UR E26
CYBER SECURE CLASS NOTATION
✓ Compliance with UR E26, but complemented by more stringent requirements

✓ Recommended for:
o Autonomous vessels
o Military vessels
o Demanding shipowners of highly connected vessels 26 © 2021 Bureau Veritas M&O
CYBERSECURITY
AN INTEGRATED FAMILY OF NOTATIONS AND SERVICES
ISM CYBER CYBER CYBER { CYBER FLEET

READY MANAGED MANAGED SECURE SECURE ASSESSMENT
READY READY
Cyber Managed = Ships in Service

Cyber Secure = New Constructions
Cyber Resilient = compliance with UR E26 (until 1st January 2024)

NR 659
CYBERSECURITY NR659
• Cyber security
Ship-owner
Scope of
policies
• Cyber management
procedures Ch 3
• Change management
Cyber Managed procedures
• Crew training
Cyber Secure
Ch 4
Scope of Shipyard
• Plan approval
• Intermediate Cyber Repository
• Criticality assessment
• Design assessment
(Surface of attack
assessment & CRPI) Ch 2
• Cyber risk assessment
• Cyber handbook
Manufacturer(s)
• Basic Cyber Repository

Scope of
Ch 6
1 2 3 … n CYBER CYBER CYBER CYBER

TACs CYBER MANAGED SECURE MANAGED SECURE
• Detailed Cyber Repository PREPARED PREPARED

Cyber ISM since
CYBERSECURITY NR659 01/01/2021 NR 659

VS. ISM CYBER • Cyber security
Ship-owner
Scope of
policies
procedures Ch 3
• Crew training
Cyber Secure
Ch 4
Scope of Shipyard
• Plan approval
• Intermediate Cyber Repository
(Surface of attack
• Cyber risk assessment
• Cyber handbook
Manufacturer(s)

Scope of
Ch 6


Cyber ISM since
CYBERSECURITY NR659 01/01/2021 NR 659

VS. ISM CYBER VS. IACS CYBER-RESILIENCE • Cyber security
Ship-owner
Scope of
policies
procedures Ch 3
• Crew training
Cyber Secure
IACS UR E26
Ch 4
Scope of Shipyard
• Plan approval
IACS UR E26 • Intermediate Cyber Repository
(Surface of attack
IACS UR E27 • Cyber risk assessment
• Cyber handbook
Manufacturer(s)

Scope of
Ch 6


05
NR681 USV
-
JULY 2022

NEW RULE NOTE NR681 USV
NEW SERVICE NOTATION UNMANNED SURFACE VESSEL (USV) FOR CIVIL & NAVAL UNITS

SCOPE
➢ The scope of the service notation USV is limited to units with the following characteristics:
• unmanned surface vessel (no human aboard)
• less than 500 GT
• built in steel, aluminium, or composite materials
• with the following degrees of automation, direct control and remote control as defined in NI641 Sec1 Table 1 & 2:
A1 - DC0 - RC3 (human directed, no direct control, full remote control)
or
A2 - DC0 - RC2 (human delegated, no direct control, discontinuous remote control)
or
A3 - DC0 - RC1 (human supervised, no direct control, available remote control)
➢ Underwater vehicles & non-manoeuvring units, such as drifting buoys used for scientific research are out of scope

SCOPE
NI 641 Sec 1 Table 1 NI 641 Sec 1 Table 2
Characterisation according to NI641 Sec1 Table 1 & 2

A1 - DC0 - RC3 = human directed, no direct control (nobody on board), full remote control
A2 - DC0 - RC2 = human delegated, no direct control (nobody on board), discontinuous remote control
A3 - DC0 - RC1 = human supervised, no direct control (nobody on board), available remote control

GENERAL REQUIREMENTS FOR CIVIL UNITS
Civil units

GENERAL REQUIREMENTS FOR NAVAL UNITS
Naval units

REMOTELLY OPERATED AND AUTONOMOUS SHIPS
EU Development Projects
• Regulatory Scoping Exercise approved at MSC 103
• Next step: MASS Code to be completed by 2025
ISO-TC8/DTS 23860 Vocabulary

related to autonomous ship projects
(under development)
TACs & AiP for units in operation
• Expert group in MASS

• Position paper revised in Oct. 2020
• Unmanned Systems WG
• Memorundum June 2021 { USV service notation
• < 500 GT And many others (but confidential)…
• No crew, no direct control onboard
• Including underwater vehicles, non-
manoeuvring units like drifing buoys
OUR INVOLVEMENT IN REGULATORY SOME EXAMPLES OF OUR

WORKING GROUPS NR681 DELIVERABLES
KEY TAKE AWAYS
• It refers to digitalization
• It means a transformation
• It is not related to specific technologies but to operational improvements
• BV is offering SMART () notations suite to cover industry developments
• Cybersecurity is key to produce a digitalization transition with safety

SHAPING
A WORLD
OF TRUST
W W W. B U R E AU V E R I TA S . C O M

Buques inteligentes y ciberseguridad. Reglamentación de Bureau Veritas 2023

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Buques inteligentes y ciberseguridad. Reglamentación de Bureau Veritas 2023

Uploaded by

Copyright:

Available Formats

2 5 D E M AY O D E 2 0 2 3 | B U R E A U V E R I TA S M A R I N E & O F F S H O R E

BUQUES INTELIGENTES Y CIBERSEGURIDAD.

2 © 2021 Bureau Veritas M&O

3 © 2021 Bureau Veritas M&O

BE MORE SUSTAINABLE SAVE OPERATIONAL COSTS

BE MORE EFFICIENT BE SAFE & SECURED

5 © 2021 Bureau Veritas M&O

OTHER USE CASES

6 © 2021 Bureau Veritas M&O

7 © 2021 Bureau Veritas M&O

8 © 2021 Bureau Veritas M&O

… from multisources • API & synch. • Data mining ✓ Customized ✓ Alerts

11 © 2021 Bureau Veritas M&O

Additional Class notation

Scope of the smart system Where is the data in the cycle?

The scope of application of the smart

13 © 2021 Bureau Veritas M&O

Roadmap development for 2023

14 © 2021 Bureau Veritas M&O

15 © 2021 Bureau Veritas M&O

16 © 2021 Bureau Veritas M&O

Este proceso ofrece nuevas oportunidades, pero

Ahora hay que definir el problema……

18 © 2021 Bureau Veritas M&O

19 © 2021 Bureau Veritas M&O

This UR targets the ship as a collective entity

‫ ׀‬Equipment identification ‫ ׀‬Attack detection

New stringent requirements on:

23 © 2021 Bureau Veritas M&O

“ C YBER H EALTH A N ALY S I S R EPORT TOOL”

‫׀‬ Network visualization and traffic analysis

25 © 2021 Bureau Veritas M&O

JOINT DEVELOPMENT PROJECTS (CHINA, KOREA)

✓ Developing together UR E26 compliant OT/IT architectures

CYBER RESILIENT CLASS NOTATION

✓ Basic compliance with UR E26

CYBER SECURE CLASS NOTATION

✓ Compliance with UR E26, but complemented by more stringent requirements

ISM CYBER CYBER CYBER { CYBER FLEET

Cyber Managed = Ships in Service

27 © 2021 Bureau Veritas M&O

• Basic Cyber Repository

1 2 3 … n CYBER CYBER CYBER CYBER

28 © 2021 Bureau Veritas M&O

CYBERSECURITY NR659 01/01/2021 NR 659

• Basic Cyber Repository

1 2 3 … n CYBER CYBER CYBER CYBER

29 © 2021 Bureau Veritas M&O

CYBERSECURITY NR659 01/01/2021 NR 659

• Basic Cyber Repository

1 2 3 … n CYBER CYBER CYBER CYBER

30 © 2021 Bureau Veritas M&O

31 © 2021 Bureau Veritas M&O

32 © 2021 Bureau Veritas M&O

33 © 2021 Bureau Veritas M&O

NI 641 Sec 1 Table 1 NI 641 Sec 1 Table 2

Characterisation according to NI641 Sec1 Table 1 & 2

34 © 2021 Bureau Veritas M&O

35 © 2021 Bureau Veritas M&O

36 © 2021 Bureau Veritas M&O

ISO-TC8/DTS 23860 Vocabulary

TACs & AiP for units in operation

• Expert group in MASS

OUR INVOLVEMENT IN REGULATORY SOME EXAMPLES OF OUR