David Packard- First Vessel with a Cyber Security Certification in Spain

/ Cybersecurity, Cybersecurity Regulation / By

Astilleros Freire delivers the first vessel with the DNV Essential+ cyber security certification in Spain.

Aeromarine and S2 Grupo were contracted by Astilleros Freire to lead the implementation of  OT/IT cybersecurity in all phases of the building, as part of its Cybersecurity by Design service.

The vessel and the owner

David Packard is a 50m oceanographic research vessel built for the shipowner MBARI (Monterey Bay Aquarium Research Institute).

MBARI has christened the vessel in honour of the co-founder of Hewlett Packard (HP), who founded the institute in 1984, and whose family has continued to fund the institution to the present day. 

The vessel is the flagship of the MBARI fleet, a non-profit oceanographic research centre that promotes marine science and engineering to understand the ocean.  David Packard will enter operation in mid-2024

The objective

The ultimate goal is the delivery of a cyber-resilient vessel. To achieve this, the following milestones had to be met:

  • Achieve DNV Essential+ certification for sensitive equipment included in the certifier’s specification.
  • Protect equipment not included in the certification so that it is not exposed to cyber-attacks.

The project

Introducing cybersecurity in a new construction is a complex process, involving all the actors participating, representing a significant workload for the shipyard and affecting all phases of the construction.

Astilleros Freire contracted the team formed by Aeromarine and S2 Grupo to manage all cybersecurity aspects of the ship, including:

  • The request for documentation to the manufacturers.
  • Its analysis to ensure compliance with certification requirements.
  • Consulting services with each manufacturer to help them generate additional documentation.
  • Conducting on-board testing to ensure compliance and security.
  • Creation of the ship’s cyber security certification documentation.
  • Advising the shipyard and the certifier (DNV) throughout the process and specifically during certification testing.

Key Factors

The Team

  • 1 electronic engineer with experience in on-board equipment.
  • 2 cybersecurity consultants with expertise in standards and resolutions such as IEC 62443, IEC 61162, ISO 27001, MSC.428(98)…
  • 2 IT engineers, experts in visibility, penetration and cyber-attack testing

Duration

+2 Years

Results

  • Classification of equipment according to their risk level.
  • Implementation of cybersecurity barriers on equipment that may have a security incident.
  • Essential+ certification of the ship
  • Ready for the development of a CSMS (Cyber Security Management System) for the ship.

‘At C.N.P.Freire, we are proud to work with expert consultants and partners to meet the latest challenges in the market. In cybersecurity, with Aeromarine and S2 Grupo, we have succeeded in fulfilling our client’s needs, achieving certification tests and helping our suppliers to make a leap in quality’- Oscar Iglesias, Purchasing Director Freire Shipyard

Implementation & results

Cybersecurity is a new concept in the sector. This means that the different parties were not aware of the implications in the design, implementation, and integration of the systems to be installed in the new building.

Aeromarine and S2 Grupo explained the certification requirements to all parties , and how to generate the necessary documentation to justify compliance.

In addition, we have been involved in the development of barriers to non-compliance and the detection of vulnerabilities once the systems have been implemented and integrated.

With the help of Astilleros Freire, the manufacturers and DNV, we have been able to develop the certification documentation, which has enabled DNV to issue the Essential+ certificate for the David Packard vessel.

David Packard is the first vessel with a Cyber Security certification in Spain. There are only 2 other vessels in the world with the Essential+ certification from DNV, which makes:

  • Freire Shipyard a pioneer in building cyber-resilient oceanographic vessels.
  • The team formed by S2 Grupo and Aeromarine is the only one in Spain with the capacity and experience to lead an OT / IT cybersecurity implementation project in new buildings.

Need more information? – Contact us