Inmarsat Maritime has launched a white paper urging maritime organizations to strengthen their cyber defenses – as the industry continues to adopt connected technologies.
Cyber Security Requirements
The whitepaper explores the International Association of Classification Societies (IACS)’ new unified requirements (URs) for cyber security. Compiled in collaboration with leading classification society and IACS member ClassNK, IACS Unified Requirements E26 And E27 – Beyond Compliance outlines the process of demonstrating compliance with the forthcoming URs.
In force on 1 July 2024, E26 and E27 will establish minimum requirements for the cyber-resilience capabilities of newly built vessels and their connected systems, respectively. While the paper reports that their implementation will provide “full visibility of a vessel’s computer assets and network infrastructure”, it also acknowledges the URs’ limitations, which include the opportunity for a more in-depth risk-assessment process and for organizations to apply additional attention to cyber-security policy and associated procedures.
Improved Cyber Resilience
UR E27 aims to support manufacturers and OEMs of onboard operational systems and equipment in evaluating and improving their cyber resilience. It offers comprehensive instructions on security philosophy, documentation, system requirements, secure development lifecycle requirements, and plan approval.
Based on and incorporating elements of the International Electrotechnical Commission standard IEC 62443, E27’s system requirements cover 30 security capabilities required by all CBSs and 11 additional security capabilities required by CBSs that share an interface with untrusted networks.
Demonstrating compliance with UR E27 requires the submission of the following documents (the classification society may request the submission of other documentation):
- CBS asset inventory including a list of hardware components detailing the manufacturer and model and providing a short description of their functionality; physical interfaces; the name/type of system software and its version and patch level; and supported communication protocols.
- CBS topology diagrams comprising a physical topology diagram illustrating the physical architecture of the system and a logical topology diagram illustrating the data flow between system components.
- Description of security capabilities demonstrating how the CBS meets required security capabilities with its hardware and software components.
- Test procedure of security capabilities describing how to demonstrate, through testing, that the system complies with requirements.
- Security configuration guidelines describing recommended configuration settings of the security capabilities and specifying default values.
Did you subscribe to our daily Newsletter?
It’s Free! Click here to Subscribe
Source: Inmarsat
