(www.MaritimeCyprus.com) The International Association of Classification Societies (IACS) has recently published new Unified Requirements for cyber security: E26 and E27. These will be be mandatory for classed ships and offshore installations contracted for construction on or after 1 January 2024.
The new IACS Unified Requirements (URs) are based on recognized international standards for the cyber security of industrial automation and control systems, such as IEC 62443. In brief, the new IACS URs cover the following main topics:
- Scope of applicability, including OT systems for important vessel functions
- Identification and protection against cyber threats
- Detection of incidents
- Means to respond and recover
- Hardening and security capabilities of systems and components
The URs will be mandatory for classed ships and offshore installations contracted for construction on or after 1 January 2024.
Until the new URs are in force, product suppliers, shipyards, and ship owners are encouraged to implement cyber security into control systems, ship design and relevant management systems on board. Special attention is recommended for product suppliers of systems within the scope of the URs, as these systems may need further development and design changes to comply with the URs.
These URs will be applied to new ships contracted for construction on and after 1 January 2024 although the information contained therein may be applied in the interim as non-mandatory guidance.
IACS Secretary-General, Mr. Robert Ashdown stated “These two URs on cyber safety provide minimum goal-based requirements for the cyber resilience of new ships and for the cyber security of onboard systems and equipment. In an increasingly connected and digitised maritime world, these URs represent a significant milestone in IACS’ work to deliver safer shipping in the face of continuously evolving technological developments.”
You can download both new Unified Requirements below: