ClassNK Issues Guide on Cyber Resilience of Ships
ClassNK has released ‘Guidelines for Cyber resilience of ships’, which expound new IACS Unified Requirements (UR) to support the consideration of measures to ensure the cybersecurity of ships.
IACS has established UR E26 for ships and UR E27 for on-board systems and equipment as URs setting minimum requirements for cyber resilience, which is the capability to reduce the occurrence and mitigate the effects of cyber incidents due to cyber-attacks or other threats. The URs have been applied to new ships contracted for construction on or after July 1, 2024.
UR E26 aims to ensure the secure integration of both Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network during the design, construction, commissioning, and operational life of the ship. This UR targets the ship as a collective entity for cyber resilience and covers five key aspects: equipment identification, protection, attack detection, response, and recovery
On the other hand, the UR E27 aims to ensure system integrity is secured and hardened by third-party equipment suppliers.
This UR provides requirements for cyber resilience of on-board systems and equipment and provides additional requirements relating to the interface between users and computer-based systems on-board, as well as product design and development requirements for new devices before their implementation on-board ships.
While incorporating these requirements in Part X of its ‘Rules for the Survey and Construction of Steel Ships’, which is about computer-based systems, and ‘Guidance for the Approval and Type Approval of Materials and Equipment for Marine Use’, ClassNK has set up a portal site aggregating related information to support clients in smoothly responding to requirements relating to cyber resilience and has been providing information through it.
In the guidelines issued this time, guidance mainly for shipbuilders, shipowners, and ship management companies is described. It covers the application scope of the rules, approval process, required documents, and surveys.
The guidelines are available to download on the portal site.