In the digital age, cybersecurity is a critical pillar of safety in the maritime sector. To address evolving cyber threats, the International Association of Classification Societies (IACS) has introduced Unified Requirements (UR) E26 and E27 to ensure that vessels and their onboard systems are protected against cyber threats. This article explores the significance of these requirements and how Marpoint’s Asset Inventory Management can assist maritime organizations in achieving compliance.
What Are Unified Requirements?
Unified Requirements (URs) are internationally recognized standards issued by IACS to harmonize the construction, design, and ongoing compliance of vessels to enhance safety and environmental protection. These standards ensure that vessels and their equipment meet consistent quality and safety benchmarks, regardless of where they are built or operated. The URs are periodically updated to address emerging risks and technological advancements.
What Are UR E26 and E27?
UR E26: Cyber Resilience of Ships
UR E26 focuses on the overall cyber resilience of ships, integrating both Operational Technology (OT) and Information Technology (IT) equipment throughout the vessel’s lifecycle—from design and construction to commissioning and operation. It outlines requirements for identification, protection, attack detection, response, and recovery, aligning with the National Institute of Standards and Technology’s Cybersecurity Framework..
UR E27: Cyber Resilience of Onboard Systems and Equipment
UR E27 aims to enhance the cyber resilience of third-party equipment and systems onboard vessels. This requirement covers 30 security capabilities for all computer-based systems (CBSs) and an additional 11 for CBSs interfacing with untrusted networks.
It sets out requirements for the cyber resilience of systems and equipment on board, particularly emphasizing:
- Security capabilities for all computer-based systems.
- Additional requirements for systems interfacing with untrusted networks.
Both URs aim to establish a minimum set of cyber resilience requirements to deliver cyber-resilient vessels and systems.
Demonstrating Compliance
Compliance with E26 and E27 necessitates meticulous documentation and adherence to specified guidelines throughout the vessel lifecycle:
Design and Construction: For E26, the systems integrator must submit a zones and conduit diagram, vessel asset inventory, and cyber-security design description. Meanwhile, E27 requires the submission of CBS asset inventory, topology diagrams, and descriptions of security capabilities.
Commissioning: Both E26 and E27 mandate the submission of comprehensive test procedures to validate cyber resilience measures during the commissioning phase.
Operation: Shipowners must establish and maintain a ship cyber-security and resilience program for E26 compliance, while E27 requires plans for maintenance and verification of CBS, incident response and recovery, management of change, and test reports.
UR E26 and E27 serve as blueprints for achieving cyber resilience, outlining minimum requirements and security capabilities essential for maritime operations in an increasingly digitized world. By aligning with these standards, stakeholders can mitigate the risks posed by cyber threats and ensure the safety and security of maritime operations.
Are IACS Unified Requirements for Cyber Security Mandatory from January 1, 2024?
Originally scheduled for implementation on January 1, 2024, the URs were temporarily withdrawn and later revised. The updated versions of UR E26 and E27, adopted in late 2023, are now scheduled to take effect on July 1, 2024. This adjustment provides maritime organizations additional time to prepare for compliance.
What Is Asset Inventory Management?
Asset Inventory Management involves tracking and documenting all the assets within an organization’s network. For maritime organizations, this includes monitoring hardware and software components such as PCs, servers, routers, switches, and other connected devices. Effective asset management ensures that all equipment is accounted for, maintained, and protected against cyber threats.
How Marpoint's Asset Inventory Management Can Help You Comply
Marpoint’s Asset Inventory Management system offers robust tools to help maritime companies comply with the IACS UR E26 and E27 by enabling efficient, comprehensive monitoring and documentation of all network assets. Key features include:
Automated Asset Discovery and Documentation
Marpoint’s system uses advanced SNMP capabilities to automatically discover and document all network-connected devices, including their IP addresses, hardware specifications, and operational status. This automation saves IT managers significant time and effort by eliminating manual recording.
Seamless Integration with EVO2 Router and EVO Probe
The EVO2 Router and EVO Probe hardware or VM appliances ensure comprehensive asset management across your vessel’s network. The EVO2 Router automatically discovers and documents all network assets, while the EVO Probe extends these capabilities even if the EVO2 Router is not installed.
Detailed Monitoring and Reporting
Marpoint’s system allows for detailed monitoring of assets, including changes in usage, state, and logs. This ensures that IT managers can keep track of all devices, monitor their performance, and quickly identify any issues that need addressing.
Documentation and Compliance
The system enables the detailed documentation of all assets, including brand, model, purchase and installation dates, status, and notes. It also allows for the attachment of relevant documents such as manuals and invoices. This thorough documentation is crucial for demonstrating compliance with UR E26 and E27.
Network Visualization and Management
Marpoint’s platform allows for the creation of detailed network diagrams, providing a clear visual representation of the network infrastructure. These diagrams help IT managers understand the relationships and interconnections between network components, plan upgrades, and troubleshoot issues effectively.
Conclusion
As the enforcement date for the revised IACS URs E26 and E27 approaches, maritime organizations must prioritize cyber resilience. Marpoint’s Asset Inventory Management system offers a comprehensive solution to help organizations achieve compliance, protect their assets, and ensure the safety and security of their operations. By leveraging advanced automation and detailed documentation capabilities, Marpoint supports maritime organizations in meeting the stringent requirements set forth by IACS and maintaining robust cyber defenses.