Digital Ship Vulnerabilities: The Emerging Peril to Cybernetic Vessels
Despite the advantages brought by ship digitalization, the integration of novel technologies also heightens the vulnerability of maritime networks to cyberthreats. On January 16, 2023, the DNV Classification Society disclosed a cyber assault on its fleet management and operation hub, known as “ShipManager.” This incident impacted approximately 1,000 vessels, leading to a temporary cessation of IT servers. This specific ransomware attack directed at the maritime sector serves as a clarion call, underscoring the pressing necessity to fortify the cybersecurity of onboard systems.
2024: A Decisive Moment for Cybersecurity with UR E26 & UR E27
Commencing July 2024, adherence to the UR E26 and UR E27 mandates—concentrating on the cyber robustness of ships and onboard apparatus—will be obligatory. To navigate through these alterations, a comprehensive grasp of four essential facets is imperative.
1. Whom Are UR E26 and UR E27 Mandatory For?
The central emphasis here revolves around identifying the maritime entities impacted by the novel cyber standards. UR E26, “Cyber Resilience of Ships,” places ship design companies, shipyards, and system architects at the forefront of cybersecurity responsibility.
Source: Text excerpted from IACS E26 1.3
The introduction of UR E27, “Cyber Resilience of On-Board Systems and Equipment,” extends these regulations to all onboard operational technology systems, thereby involving all associated staff. Shipowners must define their classification societies and security levels. Suppliers are now tasked with fabricating resilient products compliant with stringent security criteria like IEC 62443-4-1 and IEC 62443-4-2. Meanwhile, classification societies will conduct audits based on these benchmarks.
2. What Advantages Does Early UR E27 Adoption Offer?
Pioneers engaging in a UR E27-compliant gap analysis and validation early on may secure a competitive edge in 2024.
3. Which Classification Societies Will Publish Verification Guidelines?
It is anticipated that each classification society will release their individual guidance documents and associated supplementary materials this year, aligned with the UR E26 and UR E27 requisites.
For instance:
- DNV has already integrated the “DNV-RU-SHIP-Pt6Ch.5 Section 21 Cyber Security” standards and has aligned its compliance with UR E26 and UR E27.
- CCS’s ‘Guidelines on Cybersecurity Onboard Ships’ officially commenced on May 1, 2023.
Divergences among societies should be marginal, and opting for one for both planning and verification purposes may prove advantageous.
4. The Core of UR E26 and UR E27
UR E26 lays down fundamental principles for crafting cyber-resilient ships and establishes guiding precepts for maritime professionals constructing CBS (Computer Base Systems). It underscores five pivotal dimensions of information security: identification, safeguarding, detection, response, and restoration. UR E27 operationalizes these principles with a specific reference to the IEC 62443-3-3 standard. Grasping IEC 62443 is imperative to meet UR E27’s security standards. IACS UR E27 4.1 “Required security capabilities” delineates 31 stipulations corresponding to distinct objectives and aligns them with IEC-62443-3-3 SR system requisites.
Source: IACS UR E27 4.1
Expediting Implementation: The Role of IEC 62443
IEC 62443 sets forth security benchmarks and criteria for systems and components and is pivotal in assessing shipborne systems’ compliance with UR E27. To achieve a specific security level, robust security capabilities are imperative, along with measures to counter system vulnerabilities. Esteemed manufacturers and diverse industries have embraced this cybersecurity standard for Industrial Automation and Control Systems (IACS).
To swiftly adhere to UR E27 standards, consider utilizing IEC 62443-compliant components and service providers such as Moxa, a frontrunner certified by IEC 62443-4-1 and IEC 62443-4-2. Moxa offers solutions ensuring compliance with maritime security standards and is poised to safeguard maritime network security.
For further details, visit Moxa’s Maritime Microsite.
- Not Only for Automobiles: Discovering CANbus Technology in Various Industrial Settings - October 29, 2024
- Boost Your Network Performance: An Exciting Manual to PoE Switches! - September 10, 2024
- Understanding Gigabit Switches: Industrial vs Regular Gigabit - September 4, 2024