Posts

>>Featured Posts

Redefining System Suppliers’ IACS UR E26/27 Interpretation Trends in Alignment with Cyber Resilience Principles

Image
Recently, during the application of IACS UR E26 and E27, ongoing cases are being observed in which certain system suppliers are refusing to submit required information, despite their systems clearly falling under CBS (Computer-Based Systems) and the existence of explicit classification society guidelines. The information in question includes key inputs required for E26 compliance, such as asset inventory , system configuration diagrams , communication interface information , as well as information required in the foundational cybersecurity domains of Identify and Detect . We considers this situation to be a temporary transitional phenomenon . In the mid- to long-term, the submission of relevant information and compliance with IACS standards will inevitably become a common direction across the entire market . The background to this trend includes the following structural changes: Continuous clarification of IACS UR E26 / E27 requirements Strengthening of Cyber Resilience responsib...
Post a Comment
Read more

The Next Competitive Edge in Shipbuilding Is Cybersecurity, Data, and AI

Image
The Next Competitive Edge in Shipbuilding Is  Cybersecurity, Data, and AI For decades, the shipbuilding industry has grown on the strength of human experience and on-site craftsmanship . Skill, intuition, and field knowledge have always been the core assets of shipyards. However, over the past few years—especially through my hands-on experience with Smart Yard and Smart Ship projects —one realization has become very clear. Reference “Everyone Talks About AI… Korean Shipbuilders Accelerate Organizational Restructuring and Investment” MoneyToday https://www.mt.co.kr/industry/2026/01/25/2026012313464346731 The next competitive edge in shipbuilding will ultimately be operational efficiency, built on data and AI secured by strong cybersecurity. What I Learned from Experiencing a Smart Yard Smart yards are often described in terms of robots and automation equipment. But from an on-site perspective, a smart yard is fundamentally a data-driven system . What stood out to me was not just ...
Post a Comment
Read more

Cyber Regulatory Landscape and Industry Responses in the Shipbuilding and Maritime Sector – Part 4: Why Shipowners Must Establish an Owner Cybersecurity Policy

Image
Why Shipowners Must Establish an Owner Cybersecurity Policy The Single Standard That Determines the Future of the Entire Fleet 1. The biggest issue in the shipbuilding and maritime industry has been the absence of a unified standard Shipyards work based on their own standards. Suppliers produce documents based on their own interpretations. Classification societies enforce their own requirements. System integrators act according to their own methodologies. And in the middle of this fragmented ecosystem, the party that suffers the most is the shipowner . Because cybersecurity is not a “single-vessel problem.” It is a fleet-wide operational model that affects decades of operation. Despite this reality, many shipowners still rely on: Shipyard-provided documents Supplier-provided documentation Class-driven interpretations without having their own Owner Policy. This approach is no longer sustainable. In the era of UR E26 and UR E27, the shipowner must define the standard. 2...
Post a Comment
Read more

성공이 만든 리더의 위기와 성장의 심리학 - Part 6. 지난 직장생활을 회고하며 조직 생활의 금기를 돌아본다.

Image
현대 조직생활의 금기 최근 들어 조직을 운영하면서 많은 생각을 하게 된다. 조직원들의 성장과 발전, 그리고 무엇보다도 안정적으로 일할 수 있는 환경 을 어떻게 만들어야 할지에 대한 고민이다. 그런데 이런 고민을 하다 보니 한 가지 놓치고 있었던 부분이 눈에 들어왔다. 나는 리더십에 대해서는 계속 고민해 왔지만, 정작 팔로워십에 대해서는 깊이 생각해 본 적이 거의 없었다 는 사실이다. 그래서 삼국지를 다시 떠올리게 됐다. 리더로서의 나, 팔로워로서의 나, 그리고 내가 팀원들에게 무엇을 기대하고 있는지를 삼국지 속 인물들의 이야기를 통해 다시 돌아보고 싶어졌다. 우리는 리더십에 대해서는 자주 이야기한다. 어떤 리더가 좋은 리더인지, 어떻게 이끌어야 하는지에 대해서는 끝없이 말한다. 하지만 팔로워십에 대해서는 거의 말하지 않는다. 곰곰이 생각해 보면 꽤 이상한 일이다. 대부분의 사람은 리더로 있는 시간보다 팔로워로 지내는 시간이 훨씬 길기 때문이다. 좋은 리더가 되기 전에, 우리는 사실 좋은 팔로워로 살아가는 시간을 더 오래 보낸다 . 훌륭한 팔로워가 되는 방법을 몇 가지 공식처럼 정리하는 건 쉽지 않다. 현실은 늘 상황마다 다르고, 조직마다 조건도 다르다. 다만 조직생활을 하면서 이것만은 하지 말아야 한다 는 기준만큼은 의외로 분명하다. 그리고 그 기준은 삼국지에 등장하는 인물들의 말로를 보면 꽤 선명하게 드러난다.
1 comment
Read more

Cyber Regulatory Landscape and Industry Responses in the Shipbuilding and Maritime Sector – Part 8: R E26 is ship-level, while SCARP is fleet-level.

Image
Why SCARP Is an Owner’s Responsibility, Not a Newbuilding Document Whenever UR E26 comes up on site, there’s a reaction I hear all the time: “Isn’t that just something the yard prepares during newbuilding to satisfy Class?” That’s not entirely wrong. But it’s only half the story . If you look at International Association of Classification Societies (IACS) UR E26 purely as a documentation requirement , you miss the most important question for owners: “Who is responsible for this ship — and this fleet — for the next 20 years, and how?” This post reframes UR E26 from a shipowner responsibility perspective . 1️⃣ What question does UR E26 really ask? UR E26 is actually very straightforward. It asks only one thing: “Does this ship have cyber resilience?” That’s why UR E26 requires the following six Deliverables : No UR E26 Deliverable Nature 01 Ship Asset Inventory Technical document 02 Zones & Conduit Diagram Network architecture 03 CSDD Design description 04 Ris...
Post a Comment
Read more

[Ship OT Security] Where and How OT Security Is Applied on a Ship?

Image
Where and How OT Security Is Applied on a Ship ? One of the most common misconceptions when discussing shipboard OT security is the belief that “security is something applied to a specific piece of equipment or system.” In reality, OT security is not about installing something inside a device. It is far closer to deciding where connections should exist, and where they must be restricted , within the overall structure of a ship. To understand OT security properly, we must first revisit a fundamental question: Where is OT security actually applied? 1. OT Security Is Applied at the “Boundaries,” Not Inside the Equipment Most shipboard OT systems function exactly as intended. Engines run, generators supply power, and control systems operate based on control logic that has been validated over decades. The problem rarely lies within the system itself. It emerges at the points where systems are connected to one another . This is why OT security is primarily applied at: The bou...
Post a Comment
Read more

[Ship OT Security] Why is ship OT security so different from IT security?

Image
— Why E26/E27 Had to Emerge “Isn’t security just about installing a firewall?” This is often the first question that arises when people encounter shipboard OT security for the first time. Organizations with strong IT security experience tend to ask this question even more frequently. Install a firewall Deploy antivirus software Apply patches on a regular basis At first glance, this feels like sufficient security. However, in the context of shipboard OT security, this approach almost always fails. The reason is simple. A ship is not an IT system. It is a physically operating system . The Top Priority of Shipboard OT Security Is Not Confidentiality In IT security, the fundamental triad is CIA: Confidentiality Integrity Availability In typical IT environments, this order makes sense. In shipboard OT environments, however, the order is completely reversed. The highest priority in shipboard OT security is Availability — the ability to continue safe operation at this ...
Post a Comment
Read more