Recording - Webinar - Cybersecurity for Battery-Powered Ships
This webinar explored why cybersecurity has become a fundamental safety and operational requirement for battery-powered and hybrid vessels. As ships become increasingly electrified, connected, and software-driven, cybersecurity is no longer solely an IT concern—it is an operational, safety, and lifecycle management issue that requires collaboration across the entire maritime ecosystem. The discussion brought together perspectives from maritime education, classification societies, equipment manufacturers, and cybersecurity testing organizations.
Meet the Speakers
Sandro Stefani — Lecturer at the Italian Maritime Academy, specializing in electrification, automation, digitalization, and cybersecurity in maritime operations. Sandro will address cybersecurity from the operator and crew perspective, including awareness, training, and operational risk management.
Luca Carrà — Cybersecurity and automation specialist at RINA, focusing on regulatory frameworks, vessel classification, and cybersecurity requirements for modern ship systems. Luca will discuss evolving regulations, lifecycle considerations, and compliance challenges for battery-powered vessels.
Ahmed Hassan — Global Cybersecurity Manager at ABB Marine & Ports. Ahmed will share the system integrator and supplier perspective, focusing on secure-by-design principles, integration challenges, operational monitoring, and compliance with international cybersecurity requirements.
Vitaliy Ilkiv — Product safety compliance and cybersecurity expert at TÜV SÜD in North America. Vitaliy will discuss cybersecurity testing, risk assessments, product compliance, and practical approaches to resilience and verification.
Key Highlights
1. Cybersecurity is now an operational safety issue
A central message throughout the webinar was that cyber incidents can directly impact vessel safety and operations. Battery-powered vessels rely on interconnected systems—including battery management systems (BMS), energy management systems, automation platforms, remote monitoring, and software updates—meaning that a cyber event can quickly evolve into a safety incident.
Examples discussed included:
Incorrect battery status due to manipulated BMS data
Loss of monitoring leading to reduced situational awareness
Network disruptions causing loss of control functions
Malware resulting in operational downtime
Unauthorized access degrading critical systems
Rather than targeting batteries directly, attackers often exploit trusted entry points such as phishing emails, USB devices, service laptops, weak credentials, or remote access connections.
2. People remain the weakest—and strongest—security control
One of the strongest themes was that cybersecurity is primarily about people rather than technology.
Speakers stressed that:
Officers do not need to become IT specialists.
They do need digital awareness, cyber awareness, and the ability to recognize abnormal system behaviour.
Training should focus on understanding operational consequences rather than technical coding skills.
Scenario-based exercises were recommended, including responses to:
Unexpected BMS alarms
Remote monitoring failures
Software update failures
Suspicious USB devices
The recurring message was:
Compliance creates rules; culture creates resilience.
Continuous education, drills, reporting culture, and lessons learned are essential to developing cyber resilience.
3. Battery systems have evolved into digital assets
Battery systems are no longer purely electrochemical equipment.
Modern battery installations include:
Embedded software
Electronics
Battery Management Systems (BMS)
Energy Management Systems (EMS)
Remote diagnostics
Integration with vessel automation
This means cybersecurity must protect not only the battery itself but the entire interconnected vessel ecosystem.
The discussion emphasized moving from protecting individual components toward understanding dependencies across the whole ship.
4. Cybersecurity must span the entire system lifecycle
Several speakers stressed that cybersecurity cannot stop once equipment is certified or delivered.
Lifecycle activities include:
Secure product design
Secure engineering
Vulnerability management
Software maintenance
Patch management
Secure updates
Continuous monitoring
End-of-life planning
Manufacturers, shipyards, and operators all have responsibilities throughout the vessel's operational life. Cybersecurity is therefore a continuous process rather than a one-time certification exercise.
5. Cybersecurity is a shared responsibility
No single stakeholder owns cybersecurity.
Responsibilities are shared across:
Equipment manufacturers
Battery suppliers
System integrators
Shipyards
Ship owners
Vessel operators
Classification societies
Testing laboratories
Successful cybersecurity depends on collaboration and clear allocation of responsibilities throughout design, integration, operation, maintenance, and upgrades.
Discussion & Q&A Highlights
The panel reinforced several practical messages during the discussion:
Cyber incident response plans should define clear responsibilities, fallback operating procedures, and regular scenario-based drills.
Operators should prioritize resilience over prevention, recognizing that no system can be completely immune to cyberattacks.
Human competence should be continuously updated alongside technological advances.
Targeted attacks on Battery Management Systems are possible, although they require specialist knowledge and are considered less likely than opportunistic attacks such as phishing or ransomware.
Cybersecurity solutions themselves must be validated to ensure they do not interfere with safety-critical vessel systems.
Ship owners should assess suppliers by asking for evidence of secure development processes, cybersecurity certifications, vulnerability management, and long-term product support—not simply marketing claims of being "secure by design."