What is ShipRight?
The Lloyd’s Register Cybersecurity ShipRight Procedures are a comprehensive set of requirements aimed at ensuring high standards of safety, quality, and reliability at the design and production stages of ship construction. The Procedures are made up of the controls that need to be evidenced in order to meet Class Descriptive Note (DN) requirements and when followed, will help shipping organisations achieve and retain their license to operate.
What Are The Benefits Of The Lloyd’s Register ShipRight Procedures ?
Nettitude and Lloyd’s Register have recently created a V2.0 of the Cybersecurity ShipRight Procedures, which replaces the previous ShipRight Procedures V1.0 that was released in September 2019. The following Improvement have been made to ShipRight Procedures V2.0 –
- Splitting out of controls needed for new builds vs operational requirements.
- Creation of new domains to better reflect the responsibilities shipyards and integrators have over new builds needs.
- Updating of the scope to include, by default, the areas highlighted by the IMO Resolution MSC 428(98)1.
- Basing of the procedures on outcomes rather than highly specific controls.
- Issuing of descriptive notes per vessel, not per system.
- Application of capability levels to the design of a vessel as well as maturity levels to the way in which these systems are then operated.
- Updates to include the latest IACS Recommendation on Cyber Resilience2.
In addition to the above updates, the Lloyd’s Register Cybersecurity ShipRight Procedures also bring the following benefits to Marine and Offshore organisations –
- We take a holistic approach – The Cybersecurity ShipRight procedures focus on ship-based assets and cover technology, process and people aspects of cybersecurity.
- We consider all factors of both IT and OT on-board a vessel
- We don’t just consider On-board systems but also include cloud-based technologies.
- Each domain sets out a set of outcomes that can be used to measure what good practice looks like against the following frameworks;
- NIST Cybersecurity Framework (CSF)
- NIST 800-53 control set (including NIST 800-82 ICS overlays)
- IEC 62443 (mostly related to part 3)
- ISO 27001 Annex A and ISO 27002
- IACS Recommendation on Cyber Resilience
About The Service
The Lloyd’s Register Cybersecurity ShipRight Procedures aim to deliver the following –
- To ensure that technical designs and architecture proposals for new builds and refits consider maritime cyber security requirements at an early stage;
- To address the real risks relating to cyber and increasing connectivity;
- To allow assessments to be evidence based demonstrating outcomes that are reached;
- To be as pragmatic as possible for end clients working on upgrades or refits where legacy environments with equipment that is built to last decades within remote environments;
- Include an audit process aligned to ISO 19011 that is based around passive audit techniques.
How Will We Deliver The Service?
Nettitude and Lloyd’s Register offer a complete service to evaluate the current status of one or more components on board of a vessel (already built or under construction) against the LR Cyber ShipRight standard, in order to understand the current cybersecurity maturity level associated with those selected components and identify areas of improvement, development or concerns.
The process below will be followed for both Design & Build and Operational assessments. The Design & Build assessment will most likely occur during ship building or during an upgrade or installation of a new system. The Operational assessment will only occur when systems are in operational use.
Why Are Nettitude And Lloyd’s Register A Winning Partnership To Choose?
Combining Nettitude’s award-winning cybersecurity intelligence and Lloyd’s Register’s 260 years of Marine and Offshore expertise, Nettitude is perfectly placed to act as a trusted partner for Marine and Offshore organisations as they build a robust cybersecurity strategy. Nettitude provides a complete suite of maritime cybersecurity services to help clients identify, protect, detect, respond and recover from cyber threats in the Marine and Offshore industries.
Find out more about Lloyd’s Registers comprehensive history with the Marine and Offshore sector here https://www.lr.org/en-gb/marine-shipping/
The Stages Of a Red Team Exercise
A red team exercise will be delivered in the following stages:
- STAGE 1 – Planning and Risk Workshop
- STAGE 2 – Covert Testing Period
- STAGE 3 – Detection and Response Assessment
- STAGE 4 – Strategic and Tactical Recommendations
Get a free quote