Insight | Maritime Cyber Security Beyond Compliance: IACS unified requirements E26 and E27 | Inmarsat Maritime
The IACS Unified Requirements E26 and E27: cyber security beyond compliance whitepaper, highlights that implementing these standards will provide a comprehensive view of a vessel's computer assets and network infrastructure. However, the whitepaper also points out some limitations of the URs, such as a simplistic risk assessment process and insufficient attention to cyber-security policies and associated procedures.
The primary objective of UR E26 is to assist maritime organisations in establishing and maintaining a secure onboard environment based on an effective cyber-risk management system.
UR E27 aims to support manufacturers and OEMs in enhancing their cyber resilience by assessing and improving onboard operational systems and equipment.
As per the International Association of Classification Societies (IACS) member, ClassNK, the implementation of URs E26 and E27 will enable complete transparency of a newly built ship's computer assets and network structure throughout its lifespan. This will also ensure that all ships classified by IACS meet the necessary level of cyber-resilience capabilities, irrespective of the vessel's type or technical specifications.
Inmarsat maritime believes that while IACS URs E26 and E27 will play an important role in helping maritime organisations to strengthen their cyber-defences, companies should take a more holistic approach to onboard cyber security. We recommend that organisations concentrate their efforts and investments in three critical areas: people and culture, network-connected systems and services, and an incident-response plan.