Targeted and competent hacking attempts on Rolls-Royce’s latest system, the Monitoring, Reporting, and Verification (MRV) module, have failed to break into the system, according to the company.
The MRV Module, which monitors vessel emissions and provides a verifiable report to authorities has been developed by the UK-based marine engine and services provider Rolls-Royce as an add-on to its Energy Management System (EMS), which it launched earlier this year.
Eivind Vinje, Rolls-Royce, technical product manager – energy management, told IHS Markit that the system passed its security test, which was carried out by two IT companies hired by Rolls-Royce with the specific purpose of attempting to hack into the system. He added, “System security and integrity has been increased four-fold, with state-of-the-art encryption technologies, a two-step verification process and a 24/7 security centre.”
According to Vinje, the system collects what shipowners consider to be “business critical data” that reveal how ships are operated and for this reason the key focus for the system was security.
However, he points out that, “System security is not just about whether someone can hack into your system, because most systems can be hacked, but it’s about how you react to the break-in that is crucial. Penetration testing looks at the procedures for monitoring [so a company is aware of the break-in] and the procedures to protect data.”
The new module will allow owners to comply with new EU MRV regulations that are set to be enforced from 1 January next year. EU rules are considered to be more stringent than the IMO rules on emissions that will also be introduced soon, but Bjørn Kåre Myskja, UX/development engineer for digital systems at Rolls-Royce, said the module will allow owners to meet EU and IMO regulations.
“The module will measure the amount of CO2 emitted from the vessel either using sensors such as flowmeters, or through calculations made following the bunkering process,” said Myskja.
Details of the vessel’s emissions will then be posted to the company and after independent verification the owner will be able to use the data to submit to the EU on an annual basis.