Maritime 4.0: Innovation Driven by AI, Data, and Cyber Security

IMO - Cybersecurity Regulations and Guidelines The International Maritime Organization (IMO) recognizes the increasing cybersecurity threats in the maritime industry and has implemented regulations to enhance cyber risk management and protection of ship operations . 1. IMO Cybersecurity Regulations and Key Guidelines 1.1 IMO Resolution MSC.428(98) – Mandatory Cyber Risk Management In June 2017 , IMO adopted Resolution MSC.428(98) , which mandates that from January 1, 2021, all ships must integrate cyber risk management into their ISM Code (International Safety Management Code) compliance . 📌 Key Points: Cyber risk management must be incorporated into the vessel's Safety Management System (SMS). Cybersecurity measures must protect vessel safety and security, including IT and OT systems. Compliance is subject to audits by classification societies and flag states. 1.2 IMO Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3) IMO also published guidelines (MSC-F...

With the reinforcement of IMO and IACS UR E26/E27 regulations, the establishment of a real-time security monitoring system to protect IT/OT systems on ships is expected to become essential. To stay ahead of these regulatory requirements, it is crucial to prepare in advance. In this post, we will outline how to build a real-time security monitoring system based on SIEM (Security Information and Event Management) and IDS (Intrusion Detection System) that complies with classification societies' cybersecurity guidelines. ✅ What are SIEM and IDS? 🔍 SIEM (Security Information & Event Management) A system that collects, analyzes, and responds to security events in real time Centrally manages logs and events to detect and respond to abnormal activities 🔍 IDS (Intrusion Detection System) A system that monitors network traffic and detects intrusion attempts Uses signature-based (pattern recognition) and anomaly-based (behavioral analysis) techniques to identify attacks 🔍 Objectives of...

  IACS UR (Unified Requirements) are mandatory technical standards IACS UR (Unified Requirements) are mandatory technical standards established by the International Association of Classification Societies (IACS) to ensure uniformity in classification rules among member societies. These requirements supplement IMO regulations and industry standards by defining the minimum technical criteria that classification societies must apply when inspecting, certifying, and approving the design, construction, and maintenance of ships and offshore structures. Key Features of IACS UR Mandatory Compliance : All IACS member classification societies must incorporate URs into their own rules. IMO Alignment : URs complement IMO conventions such as SOLAS, MARPOL, and the IGC Code by providing detailed technical requirements. Regular Updates : IACS URs are continuously revised to reflect technological advancements, accident analyses, and industry needs. Diverse Coverage : URs cover various aspec...

  "A Study on Cyber Security Requirements of Ship Using Threat Modeling" Did you know that ships can be hacked? 🤯 As the shipbuilding and maritime industry integrates IT, smart ships (Smart Ship) and autonomous vessels (MASS) are becoming a reality. However, this also makes them prime targets for cyberattacks , making cybersecurity an essential component of maritime operations. Today, we’ll review the research paper "A Study on Cyber Security Requirements of Ship Using Threat Modeling" from Korea University’s Graduate School of Information Security. This study identifies cybersecurity threats in ships and provides essential security measures for shipbuilders, shipowners, port operators, and classification societies. 📌 1. Key Takeaways from the Paper This study utilizes the STRIDE threat modeling framework to analyze cybersecurity threats in ships and propose necessary security requirements. The research highlights how various maritime stakeholders (shipbuilders...

Aligning Shipbuilding Schedules with Cybersecurity Deliverables With the recent strengthening of cybersecurity regulations by the International Maritime Organization (IMO) and the International Association of Classification Societies (IACS) , cybersecurity management has become an essential aspect of newbuild vessels.  As a result, classification societies now require cybersecurity certification, and shipyards must consider security measures from the design stage. In this post, we will match key shipbuilding milestones with the cybersecurity deliverables outlined in classification society guidelines, particularly those of Classification.  By doing so, we will identify the essential documents and verification procedures that need to be prepared at each stage of the shipbuilding process. 🚢🔐

  IACS UR E27 (Unified Requirement E27) establishes cybersecurity requirements for IT and OT systems on ships to ensure cyber resilience and protection against cyber threats. Suppliers, including OEMs, software vendors, and network solution providers , must comply with these standards to secure type approvals, classification society certifications, and customer trust . Below are the key actions suppliers must take to ensure compliance with IACS UR E27 . 🔹 1. Develop and Deliver Secure Products 📌 Why is this important? IACS UR E27 mandates that hardware and software used on ships must be securely designed, developed, and tested to prevent cyber vulnerabilities. ✅ What Suppliers Must Do: Follow Secure Software Development Lifecycle (SDLC) principles (IEC 62443, ISO/IEC 27001). Conduct threat modeling and risk assessments before product release. Apply secure coding practices (e.g., input validation, memory protection). Implement data encryption and integrity prote...

The order in which subjects are approached may vary depending on the student's major, interests, and learning goals. However, generally, taking courses in the following sequence allows for efficient learning. (Source: Sungkyunkwan University GSIC ) 1. Basic Courses First, it is essential to understand fundamental theories and basic concepts. The following courses help build foundational knowledge: Introduction to Digital Forensics (FSI5056) : Establishes the basics of digital forensics and teaches various methods for collecting and analyzing digital evidence. Korea University Graduate School of Information Security Introduction to Cryptography (GSIS001) : Covers the fundamental principles and applications of encryption technologies for data protection. Life Coding Database (GSID003) : Introduces key concepts and practical skills for data storage and management. Operating Systems (GSID021) : Helps understand the structure and functions of operating systems, which are the core of com...

Hello, maritime and cybersecurity enthusiasts!  Today, we’ll dive into the global organizations that ensure ship and port cybersecurity . With the rapid digitalization of the shipping industry, cyber threats targeting vessels and ports have become a serious issue. So, which organizations are working to strengthen cybersecurity in the maritime sector? Let’s explore together!  We often hear about  IMO (International Maritime Organization) , but many other global institutions are also shaping  maritime cybersecurity regulations and strategies . Here’s a comparative table outlining the  roles and cybersecurity initiatives  of key organizations. 🔍 Global Maritime Leadership & Ship Cybersecurity Comparison Organization Country Overview Key Cybersecurity Initiatives NIST (National Institute of Standards and Technology) 🇺🇸 USA Develops technical and security standards - NIST Cybersecurity Framework (CSF) -  NIST SP 800-171 : Security requirements -...