Maritime 4.0: Innovation Driven by AI, Data, and Cyber Security

The Relationship Between CBS Definition and Category Classification for Compliance with IACS UR E26 & E27 If CBS is not clearly defined, critical vessel systems—such as propulsion, steering, and power management—become vulnerable to cyberattacks and operational failures, posing serious risks to safety and certification. IACS UR E26 and E27 mandate CBS protection to mitigate these risks, and non-compliance can result in certification delays and operational disruptions. Beyond regulatory compliance, defining CBS is essential for ensuring the cybersecurity and blackout resilience of IT and OT systems onboard. Shipowners, shipyards, equipment manufacturers, and classification societies must collaborate to establish clear CBS standards to achieve strong security and seamless system integration. Rather than facing costly consequences after an incident, now is the time to define and safeguard CBS to enhance vessel safety and competitiveness. Before engaging in discussions with stakeholde...

Strengthened Cybersecurity Requirements of IMO and IACS: Key Checklist for Classification Society Cybersecurity Certification As IMO and IACS reinforce cybersecurity requirements, specific criteria must be met to obtain cybersecurity certification from classification societies. In this post, we will summarize the key checklist for acquiring classification society cybersecurity certification. ✅ Key Requirements and Checklist for Classification Society Cybersecurity Certification Category Checklist Items Description Applicable to 1. Cybersecurity Policy & Management Cybersecurity and Resilience Program Establishing a protection and response framework for ship IT/OT systems Owner Management of Change (MoC) Security assessment and approval procedures when modifying ship IT/OT systems Owner Cyber Risk Assessment Conducting risk assessments in compliance with IACS UR E26/E27 Shipyard 2. Network Security Design Zones and Conduit Diagram Defining network segmentation and data flow Shipyard...

Following the announcement of IACS UR E26/E27, uncertainty among stakeholders remains in the maritime cybersecurity market. The maritime industry is currently experiencing significant uncertainty due to the implementation of IACS UR E26 and E27 . In response, various classification societies have introduced their own guidelines to address these new cybersecurity requirements. However, despite these guidelines outlining the deliverables expected from owners, shipyards, and suppliers , the industry continues to face challenges in interpreting and implementing these requirements in real-world shipbuilding . The key issues contributing to this confusion include: 1️⃣ Lack of clarity on the practical application of cybersecurity deliverables beyond regulatory frameworks 2️⃣ Varying interpretations across classification societies , leading to inconsistent requirements. 3️⃣ Uncertainty regarding the essential deliverables that must be prepared by different stakeholders in the shipbuilding...

 Required Documents for IACS UR E27 Compliance (ClassNK) – Essential Elements 📌 This guide outlines the 10 essential documents suppliers must submit under ClassNK guidelines for IACS UR E27 compliance. 📌 Each document includes the key elements that must be included for approval. 📌 1️⃣ Computer-Based System Asset Inventory 📍 Purpose: Provides a list of all computer-based systems (CBS) supplied, detailing security functions and asset classification. ✅ Essential Elements: Hardware asset list: Servers, network devices, controllers, sensors, etc. Software asset list: Operating systems, firmware, applications. IP and network configuration details: Network interfaces, MAC addresses, subnets. System role and location mapping: Onboard system placement and function. Security classification: Asset importance and required security level. 📌 2️⃣ Topology Diagram 📍 Purpose: Visually represents IT/OT network connections and security zones. ✅ Essential Elements: IT/O...

IMO - Cybersecurity Regulations and Guidelines The International Maritime Organization (IMO) recognizes the increasing cybersecurity threats in the maritime industry and has implemented regulations to enhance cyber risk management and protection of ship operations . 1. IMO Cybersecurity Regulations and Key Guidelines 1.1 IMO Resolution MSC.428(98) – Mandatory Cyber Risk Management In June 2017 , IMO adopted Resolution MSC.428(98) , which mandates that from January 1, 2021, all ships must integrate cyber risk management into their ISM Code (International Safety Management Code) compliance . 📌 Key Points: Cyber risk management must be incorporated into the vessel's Safety Management System (SMS). Cybersecurity measures must protect vessel safety and security, including IT and OT systems. Compliance is subject to audits by classification societies and flag states. 1.2 IMO Guidelines on Maritime Cyber Risk Management (MSC-FAL.1/Circ.3) IMO also published guidelines (MSC-F...

With the reinforcement of IMO and IACS UR E26/E27 regulations, the establishment of a real-time security monitoring system to protect IT/OT systems on ships is expected to become essential. To stay ahead of these regulatory requirements, it is crucial to prepare in advance. In this post, we will outline how to build a real-time security monitoring system based on SIEM (Security Information and Event Management) and IDS (Intrusion Detection System) that complies with classification societies' cybersecurity guidelines. ✅ What are SIEM and IDS? 🔍 SIEM (Security Information & Event Management) A system that collects, analyzes, and responds to security events in real time Centrally manages logs and events to detect and respond to abnormal activities 🔍 IDS (Intrusion Detection System) A system that monitors network traffic and detects intrusion attempts Uses signature-based (pattern recognition) and anomaly-based (behavioral analysis) techniques to identify attacks 🔍 Objectives of...