ClassNK releases ‘Guidelines for Cyber resilience of ships’- Explaining IACS UR E26 requirements and necessary actions
TOKYO : ClassNK has released ‘Guidelines for Cyber resilience of ships’. The guidelines expound new IACS Unified Requirements (UR) to support the consideration of measures to ensure the cybersecurity of ships.
IACS has established UR E26*1 for ships and UR E27*2 for on-board systems and equipment as URs setting minimum requirements for cyber resilience, which is the capability to reduce the occurrence and mitigate the effects of cyber incidents due to cyber-attacks or other threats. The URs have been applied to new ships contracted for construction on or after 1 July 2024.
While incorporating these requirements in Part X of its ‘Rules for the Survey and Construction of Steel Ships’, which is about computer-based systems, and ‘Guidance for the Approval and Type Approval of Materials and Equipment for Marine Use’*3, ClassNK has set up a portal site aggregating related information to support clients in smoothly responding to requirements relating to cyber resilience and has been providing information through it.
https://www.classnk.or.jp/hp/en/activities/cybersecurity/ur-e26e27.html
In the guidelines issued this time, guidance mainly for shipbuilders, shipowners, and ship management companies is described. It covers the application scope of the rules, approval process, required documents, and surveys. The guidelines are available to download on the portal site.
*1 UR E26: Cyber resilience of ships
UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning, and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response, and recovery.
*2 UR E27: Cyber resilience of on-board systems and equipment
UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers. This UR provides requirements for cyber resilience of on-board systems and equipment and provides additional requirements relating to the interface between users and computer-based systems on-board, as well as product design and development requirements for new devices before their implementation on-board ships.
*3 The guidance applies to tests and inspections of materials and equipment for marine use for which advance approval or type approval by ClassNK is required by the relevant requirements in its rules.