What is ShipRight?
The Lloyd’s Register Cybersecurity ShipRight Procedures are a comprehensive set of requirements aimed at ensuring high standards of safety, quality, and reliability at the design and production stages of ship construction. The Procedures are made up of the controls that need to be evidenced in order to meet Class Descriptive Note (DN) requirements and when followed, will help shipping organisations achieve and retain their license to operate.
What Are The Benefits Of The Lloyd’s Register ShipRight Procedures ?
Nettitude and Lloyd’s Register have recently created a V2.0 of the Cybersecurity ShipRight Procedures, which replaces the previous ShipRight Procedures V1.0 that was released in September 2019. The following Improvement have been made to ShipRight Procedures V2.0 –
- Splitting out of controls needed for new builds vs operational requirements.
- Creation of new domains to better reflect the responsibilities shipyards and integrators have over new builds needs.
- Updating of the scope to include, by default, the areas highlighted by the IMO Resolution MSC 428(98)1.
- Basing of the procedures on outcomes rather than highly specific controls.
- Issuing of descriptive notes per vessel, not per system.
- Application of capability levels to the design of a vessel as well as maturity levels to the way in which these systems are then operated.
- Updates to include the latest IACS Recommendation on Cyber Resilience2.
In addition to the above updates, the Lloyd’s Register Cybersecurity ShipRight Procedures also bring the following benefits to Marine and Offshore organisations –
- We take a holistic approach – The Cybersecurity ShipRight procedures focus on ship-based assets and cover technology, process and people aspects of cybersecurity.
- We consider all factors of both IT and OT on-board a vessel
- We don’t just consider On-board systems but also include cloud-based technologies.
- Each domain sets out a set of outcomes that can be used to measure what good practice looks like against the following frameworks;
- NIST Cybersecurity Framework (CSF)
- NIST 800-53 control set (including NIST 800-82 ICS overlays)
- IEC 62443 (mostly related to part 3)
- ISO 27001 Annex A and ISO 27002
- IACS Recommendation on Cyber Resilience
About The Service
The Lloyd’s Register Cybersecurity ShipRight Procedures aim to deliver the following –
- To ensure that technical designs and architecture proposals for new builds and refits consider maritime cyber security requirements at an early stage;
- To address the real risks relating to cyber and increasing connectivity;
- To allow assessments to be evidence based demonstrating outcomes that are reached;
- To be as pragmatic as possible for end clients working on upgrades or refits where legacy environments with equipment that is built to last decades within remote environments;
- Include an audit process aligned to ISO 19011 that is based around passive audit techniques.
How Will We Deliver The Service?
Nettitude and Lloyd’s Register offer a complete service to evaluate the current status of one or more components on board of a vessel (already built or under construction) against the LR Cyber ShipRight standard, in order to understand the current cybersecurity maturity level associated with those selected components and identify areas of improvement, development or concerns.
The process below will be followed for both Design & Build and Operational assessments. The Design & Build assessment will most likely occur during ship building or during an upgrade or installation of a new system. The Operational assessment will only occur when systems are in operational use.
Why Are Nettitude And Lloyd’s Register A Winning Partnership To Choose?
Combining Nettitude’s award-winning cybersecurity intelligence and Lloyd’s Register’s 260 years of Marine and Offshore expertise, Nettitude is perfectly placed to act as a trusted partner for Marine and Offshore organisations as they build a robust cybersecurity strategy. Nettitude provides a complete suite of maritime cybersecurity services to help clients identify, protect, detect, respond and recover from cyber threats in the Marine and Offshore industries.
Find out more about Lloyd’s Registers comprehensive history with the Marine and Offshore sector here https://www.lr.org/en-gb/marine-shipping/
Frequently Asked Questions about Data Privacy Security
What is an incident response policy?
An Incident response plan or policy is a process you create before you experience a cyberattack. This is so that your team has a procedure to follow when you do experience a data breach. Nettitude follows the CREST Cybersecurity Incident Response process which is broken down into 3 phases: preparation, response, and follow up. Having a breach plan gives you the confidence to quickly nullify any threat to your data privacy security.
Why is data privacy security important?
Although it has always been important, the implications and need for higher security are coming into play now that technology is indispensable to everyday life. Using apps, browsing websites, and shopping online are all examples of how your data will be stored and managed online. For organisations today, the threat of cyber theft is a pertinent one. Having comprehensive data privacy plans in place can reduce and mitigate the risks of such events.
Does Nettitude practice sustainability?
As a company with a global footprint, sustainability is an area of importance to us. We are a registered ‘Investor in People’ organisation. Taking a cue from ISO 14001, we have strong sustainability practices put in place. Our organisation also hires fairly and equally, across gender and race. By working with us, you can rest assured that we implement data privacy security measures with ethics at the core of our mission.
Get in touch via the form below and get a free quote from us for our Red Team Security Testing services.
Get a free quote