Cyber resilience for ship propulsion via certifiable OT security

July 1, 20266 min read
Industrial shipbuilding hall with large propellers and propulsion components at several assembly stations, with workers at work.
SCHOTTEL Logo
WAGO GmbH & Co. KG Logo

Manufacturers of land-based installations are already familiar with EU directives such as the Cyber Resilience Act (CRA) and the NIS2 Directive. At sea, too, protecting electronic systems against network attacks is of central importance. The Unified Requirements (UR) E26 and E27 provide a holistic framework for maritime cybersecurity that covers both organizational and technical aspects and minimizes the risk of cyber incidents in shipping. Implementing these standards first requires a great deal of work on land and close, trust-based collaboration between device manufacturers and integrators. In the long run, this approach enables the shipping industry to steer safely through digital threats — and the cooperation between WAGO and SCHOTTEL is a fitting example of this.

In modern shipbuilding, computer-based systems are crucial to the operation, control and safety of vessels. With increasing digitalization, however, the risks rise as well. Online attacks on ships can endanger the crew, passengers and cargo. The International Association of Classification Societies (IACS), headquartered in London, has therefore developed unified standards for the cyber resilience of ships. IACS works on harmonizing these standards, draws up application rules and advises the International Maritime Organization (IMO). These requirements define the minimum standard for computer-based ship systems, based among other things on IEC 62443. This standard defines the cybersecurity of industrial automation systems and serves as a guideline for suppliers.

Collaboration in the Name of Security

Implementing these requirements, however, is not the task of a single device supplier, operator or integrator, or of an individual shipyard, but instead calls for close collaboration among all parties involved. As one of the world's leading providers of electrical interconnection and automation technology, WAGO is one of these device suppliers and must ensure that its products are developed securely and comply with the requirements of IEC 62443 and, for shipping, with the IACS standards. At the same time, a shipyard that deploys this control technology in marine propulsion systems must ensure that the systems are correctly configured and securely integrated into the vessel's overall system. Finally, the overall systems used on board the ships are certified by international classification societies. For a structured, standards-compliant way to prepare for and support such certifications, specialized security consulting is recommended. WAGO Security Consulting offers comprehensive security solutions for OT networks, supported by assessments, anomaly detection, customized security concepts and technical implementation.

Jens Sparmann, Security Systems Specialist at WAGO, frames the task as follows: "One goal of our work is to support our customers in meeting security standards such as the NIS2 Directive and to protect their OT infrastructures against cyber threats." Sparmann supports the customer SCHOTTEL on this project and explains: "WAGO Security Consulting supports and coordinates close collaboration and communication between SCHOTTEL and other stakeholders to ensure compliance with IACS guidelines and achieve high cyber resilience system-wide."

WAGO Security Consulting: four-phase model with the steps Evaluate, Detect, Design and Implement shown as a temple graphic.
WAGO Security Consulting for integrated protection: cyber-resilient automation solutions for marine applications in four steps.

Stronger Together: Taking Cybersecurity to the Next Level

In Spay am Rhein in Rhineland-Palatinate, Germany, one of the world's most renowned suppliers of maritime propulsion systems is at home: from here, SCHOTTEL GmbH designs, manufactures and sells fully steerable propulsion and maneuvering systems as well as complete propulsion units with up to 30 MW of power for ships of all kinds and sizes. Founded in 1921, SCHOTTEL GmbH is the largest company within the industrial holding company SCHOTTEL Industries GmbH.

Alongside reliability and ease of use, the security of the systems it develops has always been a focus for the company. "The new cybersecurity regulations have sharpened our view of security once again," explains Gerald Püschel, who has worked in hardware and software development at SCHOTTEL GmbH for more than 20 years. "SCHOTTEL has already successfully implemented cybersecurity in other development projects. The new regulations called for an additional security component in the controllers, one intended to round out our expertise as a whole." For the security consulting, those responsible ultimately chose WAGO: "We have been working with WAGO for almost 20 years; we know the people and the updates to the portfolio. When it came to the task of finding cyber-resilient automation solutions, WAGO was an equal partner for us," explains Tim Hommrich, also a hardware and software developer at SCHOTTEL.

From Pilot Project to Success in Four Steps

Tim Hommrich and Gerald Püschel, hardware and software development at SCHOTTEL, and Jens Sparmann
Collaboration for enhanced security (from left): Tim Hommrich and Gerald Püschel, hardware and software development at SCHOTTEL, and Jens Sparmann, Security Systems Specialist at WAGO.

"As our first joint project, we selected our transverse thruster system," explains Püschel. "As a basis for assessing and improving the security of our systems, we were able to draw on IEC 62443, under which suppliers and integrators must jointly carry out a risk assessment." Jens Sparmann adds: "We were able to follow IEC 62443-3-2, which specifies the procedure for the risk analysis of a system. The requirements to be met in the maritime environment, in turn, are described by UR E27 and IEC 62443-3-3." IEC 62443-3-2 first calls for a high-level risk analysis, followed by comprehensive asset management to identify the systems and components that need to be protected. This is followed by zoning, in which the system is divided into areas with differing security requirements, along with the connections between them, in order to enable targeted protective measures. "This includes identifying all relevant components, from the control stations on the bridge and their possible variants, through the local control station at the switch cabinet, the visualization and the power electronics components for driving the electric motors, all the way to the interfaces with other systems," explains Sparmann. "All interfaces and communication paths must be disclosed in order to identify possible attack vectors." After the system definition comes the threat analysis: all potential threats and vulnerabilities that could affect the overall system are identified. "In doing so, WAGO took both external and internal threats into account," Hommrich continues, "while we at SCHOTTEL were able to assess how these components interact within the overall system." The result of this step is a list of potential risks, which are evaluated according to their likelihood and impact. "On the basis of this risk evaluation, we were then able to jointly define the specific countermeasures needed to minimize the identified risks," reports Sparmann, and Püschel adds: "The defined security requirements can be implemented at both the component level and the system level." "Finally, we defined differentiated test procedures with which the effectiveness of the security measures implemented can be verified," adds Hommrich.

Large Schottel manufacturing hall with several ship propulsion systems and propellers; workers assembling the drive units.
SCHOTTEL's propulsion systems meet high security standards. WAGO provides support with automation solutions and consulting services in the field of cybersecurity.

Reliability and Safety in Ship Operation

The results are now available to one of the largest classification societies, Lloyd's Register, and serve as the basis for the certification of SCHOTTEL's transverse thruster system. Already, the employees involved can draw a positive interim conclusion: "Our customers attach great importance to the propulsion systems meeting high cybersecurity standards," explains Tim Hommrich. "Development is a dynamic and continuous process. As with other safety-relevant topics on board, certification by a classification society is required — because their independent assessment confirms once again reliability and safety in ship operation." The collaboration with WAGO is also greatly valued: "Cybersecurity is a highly sensitive topic. Both sides brought a high level of development expertise to bear on a secure overall system. This leaves us ideally prepared to have our other propulsion systems certified," concludes Gerald Püschel. Jens Sparmann of WAGO affirms: "Cybersecurity is a central topic — on land, at sea and in the air — and we follow our customers wherever they need us. With every project, we too learn something new, and this adaptability is an enormous advantage for everyone involved in such a dynamic field."

WAGO's PFC200
For development, SCHOTTEL relies on WAGO's PFC200, which optimally meets the diverse requirements of the maritime standard IACS UR E27.

Text taken over from the original and translated - WAGO

Hast du ein konkretes IoT-Vorhaben?

Wir kennen die Anbieter, die es bereits umgesetzt haben.