August 4, 2021

Cybersecurity – and Resilience – in Shipbuilding

Written by David Bacque, VP of Operations and Director of OT Security


“Cybersecurity” is a broad term, and the implications are more far-reaching than we typically consider – it isn’t just important for keeping our onshore systems safe. While cybersecurity and cyber resilience are certainly important to the health of all land-based IT/OT infrastructure, they are imperative for keeping ships and vessels secure, as well. Maritime cybersecurity is unique in the fact that the vessel itself is isolated from onshore systems but needs to integrate internally as well as be able to back up to prevent data loss while at sea.

The Challenge

Shipbuilders build ships – they have expertise around the process of engineering and constructing a ship – but often lack expertise in securing and integrating the modern electronic systems being delivered with various equipment packages. Vessels are comprised of many subsystems containing various degrees of complexity, automation, and integration which are required to work together for the safe and efficient operation of the vessels. While the package suppliers have expertise in building the subsystems, no one vendor, nor the shipbuilder, has the expertise to deliver a cohesive system and meet the cybersecurity expectations of modern ship owners. To equip a vessel with the tools and processes needed to secure its systems, an external cybersecurity specialist is often commissioned to evaluate and prescribe the measures necessary to meet the asset owner’s expectations.

The Solution

A clearly defined cybersecurity program needs to be created to communicate the asset owner’s security expectations while collaborating with suppliers to deliver secure systems. The cybersecurity program should align with the project phases and be tracked along with other project deliverables. Using our project security assurance process, RED Group has aligned cybersecurity into all aspects of the shipbuilding lifecycle:

  • Standards and requirements definition – align customer requirements with industry standards to create project-specific cybersecurity specifications.
  • Purchasing Specifications – build cybersecurity into the procurement process and include cybersecurity expectations into supplier contracts.
  • System Assessments – review and assess supplier and engineering documentation to validate alignment with standards and requirements.
  • Remediation Tracking – Identify gaps and coordinate with vendors to remediate
  • Acceptance Testing – witness and verify compliance with specifications during factory or site acceptance testing.

RED Group can Help

When your business is building ships, cybersecurity is not always at the forefront of considerations. Floating, propulsion, steering and navigation – these are the things that make a ship a ship. Not always considered, but no less important, is securing the systems onboard. RED Group has the expertise needed to ensure your vessel meets your client’s needs and expectations regarding the protection and recovery of the systems onboard. Contact us to find out how partnering with RED Group can help you deliver a ship that exceeds your clients’ expectations.

David Bacque, an experienced cybersecurity and operational technology (OT) professional, has led, advised on and delivered OT projects and ICS security initiatives with industrial clients around the world.