Skip to main content

 

 

IACS ISSUES SHIP CYBER PROTECTION GUIDANCE

Tuesday, October 2, 2018 

The International Association of Classification Societies (IACS) has published recommendations and guidance on how to safeguard ships from cyber-attack.

The 12 recommendations aim to provide shipowners with cyber resilient ships throughout the course of their operational life. The guidance is the result of a long-term IACS initiative that initially addressed the subject of software quality with the publication of UR E22 in 2006.

Recognising the huge increase in the use of onboard cyber-systems since that time, IACS has developed a new series of Recommendations with a view to reflecting the resilience requirements of a ship with many more interdependencies. 

The Recommendations address the need for a more complete understanding of the interplay between ship's systems; protection from events beyond software errors; and, in the event that protection fails, the need for an appropriate response and ultimately recovery.

IACS established a Joint Working Group (JWG) on Cyber Systems to identify best practice solutions appropriate to existing standards in risk and cyber security and identify a practical risk approach.  Consequently, says IACS, the 12 Recommendations, collectively, not only provide guidance on the most pressing areas of concern but work as building blocks for the broader objective of system resilience.

IACS Chairman, Jeong-kie Lee of the Korean Register, said: “These 12 Recommendations represent a significant milestone in addressing safety concerns related to cyber issues.  IACS’ focus on Cyber Safety reflects our recognition that cyber systems are now as integral a part of a ships safety envelope as its structure and machinery and IACS is committed to providing industry with the necessary tools as part of our wider mission to deliver safer, cleaner, shipping.”

IACS Secretary General, Robert Ashdown, said: “The decision to publish these new materials as stand-alone documents as Recommendations was made explicitly to give industry stakeholders access to the developing material.  IACS continues to make significant efforts to work ever more closely with industry and believes this approach provides the right balance between delivering the detailed guidance that is urgently required while remaining receptive to input from the industry stakeholders via JWG/CS on how they would like to see IACS proceed.”

The 12 Recommendations, some of which are still in progress, cover

Recommendation 153:  Procedures for software maintenance of shipboard equipment and systems

Recommendation 154:  Manual / local control capabilities for software dependent machinery systems

Recommendation 155: Contingency planning for onboard computer-based systems

Recommendation 156: Network Architecture

Recommendation 157:  Data Assurance

Recommendation 158:  Physical Security of onboard computer-based systems

Recommendation 159: Network Security of onboard computer-based systems

Recommendation 160: Vessel System Design

Recommendation 161:  Inventory List of computer-based systems

Recommendation 162: Integration

Recommendation 163: Remote Update / Access

Recommendation 164: Communication and Interfaces

IACS recognises that the delivery of these Recommendations is only the start, but  is confident that the flexible and structured approach being adopted enables further evolution in cyber protection in a manner that is practical and supportive of the needs of industry stakeholders.

 

Reader Comments (0)

There are currently no comments on this article. Why not be the first and leave your thoughts below.

Leave Your Comment

Please keep your comment on topic, any inappropriate comments may be removed.

Return to index

Web Analytics