David Packard- First Vessel with a Cyber Security Certification in Spain

David Packard is a 50m oceanographic research vessel built for the shipowner MBARI (Monterey Bay Aquarium Research Institute).

MBARI has christened the vessel in honour of the co-founder of Hewlett Packard (HP), who founded the institute in 1984, and whose family has continued to fund the institution to the present day. 

The vessel is the flagship of the MBARI fleet, a non-profit oceanographic research centre that promotes marine science and engineering to understand the ocean.  David Packard will enter operation in mid-2024

The objective

The ultimate goal is the delivery of a cyber-resilient vessel. To achieve this, the following milestones had to be met:

  • Achieve DNV Essential+ certification for sensitive equipment included in the certifier’s specification.
  • Protect equipment not included in the certification so that it is not exposed to cyber-attacks.

The project

Introducing cybersecurity in a new construction is a complex process, involving all the actors participating, representing a significant workload for the shipyard and affecting all phases of the construction.

Astilleros Freire contracted the team formed by Aeromarine and S2 Grupo to manage all cybersecurity aspects of the ship, including:

  • The request for documentation to the manufacturers.
  • Its analysis to ensure compliance with certification requirements.
  • Consulting services with each manufacturer to help them generate additional documentation.
  • Conducting on-board testing to ensure compliance and security.
  • Creation of the ship’s cyber security certification documentation.
  • Advising the shipyard and the certifier (DNV) throughout the process and specifically during certification testing.

The Team

  • 1 electronic engineer with experience in on-board equipment.
  • 2 cybersecurity consultants with expertise in standards and resolutions such as IEC 62443, IEC 61162, ISO 27001, MSC.428(98)…
  • 2 IT engineers, experts in visibility, penetration and cyber-attack testing

Duration

+2 Years

Results

  • Classification of equipment according to their risk level.
  • Implementation of cybersecurity barriers on equipment that may have a security incident.
  • Essential+ certification of the ship
  • Ready for the development of a CSMS (Cyber Security Management System) for the ship.

Cybersecurity is a new concept in the sector. This means that the different parties were not aware of the implications in the design, implementation, and integration of the systems to be installed in the new building.

Aeromarine and S2 Grupo explained the certification requirements to all parties , and how to generate the necessary documentation to justify compliance.

In addition, we have been involved in the development of barriers to non-compliance and the detection of vulnerabilities once the systems have been implemented and integrated.

With the help of Astilleros Freire, the manufacturers and DNV, we have been able to develop the certification documentation, which has enabled DNV to issue the Essential+ certificate for the David Packard vessel.