Tsakos Group of Companies has selected DNV GL to assist in preparing a cybersecurity management plan for its fleet and on shore facilities – the first such plan developed by a shipping company. Developed in cooperation with DNV GL’s Maritime R&D and Advisory unit in Germany, the Greek shipping organization will implement a comprehensive system of safeguards and procedures to protect their assets from cyber risks.
“We wanted to assure our charterers and customers that our information and communication systems would be adequately safeguarded from cyber risks by implementing the highest standards of cybersecurity on board our vessels and on shore. DNV GL’s proactive stance in effectively addressing such new arising industry challenges, along with its clear vision and commitment to the highest standards, support us in achieving this,” says Sokratis Dimakopoulos, Deputy Managing Director of Tsakos Columbia Shipmanagement, the ship management arm of the Tsakos Group.
Recently published guidelines on marine cybersecurity by the Round Table of international shipping associations had called upon shipping companies to further enhance the security of their IT systems. One of their key recommendations was for shipping companies to develop a cybersecurity management plan to ensure that they not only have a broad overview of the cyber and information security risks which may occur during their assets’ lifecycles, but also formulate and maintain sustainable and resilient procedures to protect vessels and their systems against cyber threats.
Tsakos has been working with DNV GL to create an information security management system which will provide a comprehensive framework in assessing cyber vulnerabilities and implementing the necessary measures for mitigating risks and responding to potential system breaches. “We follow a pragmatic approach based on a thorough risk and gap analysis. The resilience of the resulting procedures and management system will then be verified through penetration testing carried out by the DNV GL Group company Marine Cybernetics,” explains Nikolaos Kakalis, Manager of DNV GL’s Maritime R&D and Advisory in Greece.
On board vessels, the navigational equipment and systems like the Electronic Chart Display and Information System(ECDIS), control and automation systems, as well as communication networks are considered of high vulnerability to potential cyber threats, making them, along with user awareness, key focus areas in the development of cybersecurity management plans.
“Within the context of further reinforcing our Company’s preparedness and capability to effectively keep secure our information assets we are planning to take the next step and apply for the Information Security Management Systems certification (ISO 27001)” adds Sokratis Dimakopoulos. ISO 27001 constitutes the only auditable international standard which defines the requirements for an Information Security Management Systems (ISMS) to ensure that sufficient security controls are instituted by the certified organizations. To achieve compliance with the ISO 27001 standard, companies need to demonstrate a process-driven approach for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving their information security management system TCM will be one of the first shipmanagement companies worldwide to apply for certification to ISO 27001.
Furthermore, Tsakos Group of Companies, having identified the importance and need for a secondary site for business continuity and disaster recovery purposes, have also designed and implemented, via their ICT departments, a high-end solution that enables the Group Companies and Shore Offices to endure and outlive almost all of the events that can threaten their ICT infrastructure. Together with its partners, Tsakos ICT has utilized advanced solutions for the replication of the data generated and the services offered at their primary sites to a Secondary Site, installed at one of the most secure (physically) locations and operated by one of the top providers in Greece.