Maritime 4.0: Innovation Driven by AI, Data, and Cyber Security

  Its Alignment with IACS UR E26/E27 and the Impact on the Maritime Industry In April 2025, the International Maritime Organization (IMO) released a critical revision to its maritime cybersecurity framework — MSC-FAL.1/Circ.3/Rev.3 .  This revision replaces its 2021 predecessor, Rev.2, and marks a significant paradigm shift from basic cyber risk awareness to structured cyber resilience implementation across all digital assets involved in maritime operations. Why does this matter? Because this new guidance is not just another update — it’s a direct policy foundation for the upcoming IACS Unified Requirements UR E26 (Cyber Resilience of Ships) and UR E27 (Cyber Resilience of Onboard Equipment) , both becoming mandatory for all new vessels contracted from 1 July 2024 . 📌 1. What Has Changed? Comparing Rev.2 vs. Rev.3 The previous Rev.2 served primarily as an awareness-raising document — encouraging companies to consider cyber risk within Safety Management Systems (SMS)....

🚨 Incident Overview In early April 2025, a serious maritime collision occurred off the coast of Yorkshire, UK, between the U.S.-flagged oil tanker Stena Immaculate and the Panama-flagged chemical cargo vessel Solong . The two vessels were carrying high-risk materials—jet fuel and sodium cyanide, respectively—when a collision and subsequent fire broke out, resulting in one crew member missing. <source :   https://www.lbc.co.uk/news/uk/vessel-involved-north-sea-crash-hacked-us-claims-toxic-chemical-cargo-burn/  ) More alarmingly, U.S. authorities have suggested the  Solong  may have been compromised by a  cyberattack originating from hostile actors . This transforms what seemed to be a navigational accident into a clear warning of the growing cyber risks in the maritime industry.

The Relationship Between CBS Definition and Category Classification for Compliance with IACS UR E26 & E27 If CBS is not clearly defined, critical vessel systems—such as propulsion, steering, and power management—become vulnerable to cyberattacks and operational failures, posing serious risks to safety and certification. IACS UR E26 and E27 mandate CBS protection to mitigate these risks, and non-compliance can result in certification delays and operational disruptions. Beyond regulatory compliance, defining CBS is essential for ensuring the cybersecurity and blackout resilience of IT and OT systems onboard. Shipowners, shipyards, equipment manufacturers, and classification societies must collaborate to establish clear CBS standards to achieve strong security and seamless system integration. Rather than facing costly consequences after an incident, now is the time to define and safeguard CBS to enhance vessel safety and competitiveness. Before engaging in discussions with stakeholde...

Strengthened Cybersecurity Requirements of IMO and IACS: Key Checklist for Classification Society Cybersecurity Certification As IMO and IACS reinforce cybersecurity requirements, specific criteria must be met to obtain cybersecurity certification from classification societies. In this post, we will summarize the key checklist for acquiring classification society cybersecurity certification. ✅ Key Requirements and Checklist for Classification Society Cybersecurity Certification Category Checklist Items Description Applicable to 1. Cybersecurity Policy & Management Cybersecurity and Resilience Program Establishing a protection and response framework for ship IT/OT systems Owner Management of Change (MoC) Security assessment and approval procedures when modifying ship IT/OT systems Owner Cyber Risk Assessment Conducting risk assessments in compliance with IACS UR E26/E27 Shipyard 2. Network Security Design Zones and Conduit Diagram Defining network segmentation and data flow Shipyard...

U.S. Sanctions on Chinese Ships & Cybersecurity Compliance The U.S. Trade Representative (USTR)’s sanctions on Chinese shipping and shipbuilding are expected to heighten the importance of cybersecurity regulations in vessel operations. In particular, as the U.S. increasingly frames Chinese-built ships and shipping companies as cybersecurity risks, compliance with maritime cybersecurity standards will become a critical issue for global shipping stakeholders. The United States is increasingly likely to classify Chinese-built vessels as national security and cybersecurity threats, using this as a basis for additional regulations and sanctions. In particular, drawing from past sanctions on Huawei and ZTE, the U.S. may argue that ships built in Chinese shipyards and equipped with Chinese IT systems (navigation, communication, and monitoring equipment) pose risks to the digital maritime infrastructure of the U.S. and its allies. As a result, the U.S. Coast Guard (USCG) is expected to s...