Recording - Webinar - Cybersecurity for Battery-Powered Ships

This webinar explored why cybersecurity has become a fundamental safety and operational requirement for battery-powered and hybrid vessels. As ships become increasingly electrified, connected, and software-driven, cybersecurity is no longer solely an IT concern—it is an operational, safety, and lifecycle management issue that requires collaboration across the entire maritime ecosystem. The discussion brought together perspectives from maritime education, classification societies, equipment manufacturers, and cybersecurity testing organizations.

Meet the Speakers

Sandro Stefani — Lecturer at the Italian Maritime Academy, specializing in electrification, automation, digitalization, and cybersecurity in maritime operations. Sandro will address cybersecurity from the operator and crew perspective, including awareness, training, and operational risk management.

Luca Carrà — Cybersecurity and automation specialist at RINA, focusing on regulatory frameworks, vessel classification, and cybersecurity requirements for modern ship systems. Luca will discuss evolving regulations, lifecycle considerations, and compliance challenges for battery-powered vessels.

Ahmed Hassan — Global Cybersecurity Manager at ABB Marine & Ports. Ahmed will share the system integrator and supplier perspective, focusing on secure-by-design principles, integration challenges, operational monitoring, and compliance with international cybersecurity requirements.

Vitaliy Ilkiv — Product safety compliance and cybersecurity expert at TÜV SÜD in North America. Vitaliy will discuss cybersecurity testing, risk assessments, product compliance, and practical approaches to resilience and verification.

Key Highlights

1. Cybersecurity is now an operational safety issue

A central message throughout the webinar was that cyber incidents can directly impact vessel safety and operations. Battery-powered vessels rely on interconnected systems—including battery management systems (BMS), energy management systems, automation platforms, remote monitoring, and software updates—meaning that a cyber event can quickly evolve into a safety incident.

Examples discussed included:

  • Incorrect battery status due to manipulated BMS data

  • Loss of monitoring leading to reduced situational awareness

  • Network disruptions causing loss of control functions

  • Malware resulting in operational downtime

  • Unauthorized access degrading critical systems

Rather than targeting batteries directly, attackers often exploit trusted entry points such as phishing emails, USB devices, service laptops, weak credentials, or remote access connections.

2. People remain the weakest—and strongest—security control

One of the strongest themes was that cybersecurity is primarily about people rather than technology.

Speakers stressed that:

  • Officers do not need to become IT specialists.

  • They do need digital awareness, cyber awareness, and the ability to recognize abnormal system behaviour.

  • Training should focus on understanding operational consequences rather than technical coding skills.

Scenario-based exercises were recommended, including responses to:

  • Unexpected BMS alarms

  • Remote monitoring failures

  • Software update failures

  • Suspicious USB devices

The recurring message was:

Compliance creates rules; culture creates resilience.

Continuous education, drills, reporting culture, and lessons learned are essential to developing cyber resilience.

3. Battery systems have evolved into digital assets

Battery systems are no longer purely electrochemical equipment.

Modern battery installations include:

  • Embedded software

  • Electronics

  • Battery Management Systems (BMS)

  • Energy Management Systems (EMS)

  • Remote diagnostics

  • Integration with vessel automation

This means cybersecurity must protect not only the battery itself but the entire interconnected vessel ecosystem.

The discussion emphasized moving from protecting individual components toward understanding dependencies across the whole ship.

4. Cybersecurity must span the entire system lifecycle

Several speakers stressed that cybersecurity cannot stop once equipment is certified or delivered.

Lifecycle activities include:

  • Secure product design

  • Secure engineering

  • Vulnerability management

  • Software maintenance

  • Patch management

  • Secure updates

  • Continuous monitoring

  • End-of-life planning

Manufacturers, shipyards, and operators all have responsibilities throughout the vessel's operational life. Cybersecurity is therefore a continuous process rather than a one-time certification exercise.

5. Cybersecurity is a shared responsibility

No single stakeholder owns cybersecurity.

Responsibilities are shared across:

  • Equipment manufacturers

  • Battery suppliers

  • System integrators

  • Shipyards

  • Ship owners

  • Vessel operators

  • Classification societies

  • Testing laboratories

Successful cybersecurity depends on collaboration and clear allocation of responsibilities throughout design, integration, operation, maintenance, and upgrades.

Discussion & Q&A Highlights

The panel reinforced several practical messages during the discussion:

  • Cyber incident response plans should define clear responsibilities, fallback operating procedures, and regular scenario-based drills.

  • Operators should prioritize resilience over prevention, recognizing that no system can be completely immune to cyberattacks.

  • Human competence should be continuously updated alongside technological advances.

  • Targeted attacks on Battery Management Systems are possible, although they require specialist knowledge and are considered less likely than opportunistic attacks such as phishing or ransomware.

  • Cybersecurity solutions themselves must be validated to ensure they do not interfere with safety-critical vessel systems.

  • Ship owners should assess suppliers by asking for evidence of secure development processes, cybersecurity certifications, vulnerability management, and long-term product support—not simply marketing claims of being "secure by design."



Next
Next

Recording - Webinar - Advanced Diagnostic Testing for Maritime Batteries Using Real-Time EIS Technology