Recognising that cyber incidents on vessels can have a direct and detrimental impact on life, property, and the environment, IACS has steadily increased its focus on the reliability and functional effectiveness of onboard, safety-critical, computer-based systems.
IACS identified at an early stage that, for ships to be resilient against cyber incidents, all parts of the industry needed to be actively involved, and so convened a Joint Working Group (JWG) on Cyber Systems which helped identify best practices, appropriate existing standards in risk and cyber security, and a practical risk-based approach.
Building on this extensive collaboration, and utilising the experience gained from its existing Recommendations, as well as developments at IMO including, in particular, IMO Resolution MSC.428(98) applicable to in-service vessels since the 1st of Jan 2021, IACS has adopted two new IACS Unified Requirements (URs) on the cyber resilience of Ships:
UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning, and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response, and recovery.
UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of onboard systems and equipment and provides additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development requirements for new devices before their implementation onboard ships.
These URs will be applied to new ships contracted for construction on and after 1 January 2024 although the information contained therein may be applied in the interim as non-mandatory guidance.
IACS Secretary-General, Mr. Robert Ashdown stated “These two URs on cyber safety provide minimum goal-based requirements for the cyber resilience of new ships and for the cyber security of onboard systems and equipment. In an increasingly connected and digitised maritime world, these URs represent a significant milestone in IACS’ work to deliver safer shipping in the face of continuously evolving technological developments.”
Ends/
Contact: Robert Ashdown, IACS Secretary General
E: robertashdown@iacs.org.uk T: +44 (0) 20 7976 0660
International Association of Classification Societies
Permanent Secretariat 4 Matthew Parker Street, London, England SW1H 9NP
T: +44 (0)20 7976 0660
Notes to Editors:
- Dedicated to safe ships and clean seas, the International Association of Classification Societies (IACS) makes a unique contribution to maritime safety and regulation through technical support, compliance verification and research and development. More than 90% of the world’s cargo carrying tonnage is covered by the classification design, construction and through-life compliance Rules and standards set by the twelve Member Societies of IACS.
- More information on the work IACS has undertaken in response to the COVID19 pandemic can be found on our dedicated webpage http://iacs.org.uk/covid-19/
- More information about IACS can be found by visiting iacs.org.uk and in our Annual Review available online at http://www.iacs.org.uk/about/iacs-annual-review/
