Insight | Maritime Cyber Security Beyond Compliance: IACS unified requirements E26 and E27 | Inmarsat Maritime


Maritime Cyber Security Beyond Compliance: IACS unified requirements E26 and E27 | Inmarsat Maritime

  • The maritime industry is becoming more digitised and interconnected, which creates opportunities to improve maritime safety, efficiency, and sustainability. However, this also makes vessel networks vulnerable to cyber threats, so ship owners and managers must prioritize integrating security measures into their connectivity strategy.
  • This white paper explores the International Association of Classification Societies (IACS)’ new unified requirements (URs) for cyber security. Compiled in collaboration with leading classification society and IACS member ClassNK, IACS Unified Requirements E26 And E27 – Beyond Compliance outlines the process of demonstrating compliance with the forthcoming URs.

Starting from 1 July 2024, URs E26 and E27 will require new build vessels and their connected systems to meet certain minimum cyber-resilience standards.

The IACS Unified Requirements E26 and E27: cyber security beyond compliance whitepaper, highlights that implementing these standards will provide a comprehensive view of a vessel's computer assets and network infrastructure. However, the whitepaper also points out some limitations of the URs, such as a simplistic risk assessment process and insufficient attention to cyber-security policies and associated procedures.



At a glance

Cyber Resilience of Ships

The primary objective of UR E26 is to assist maritime organisations in establishing and maintaining a secure onboard environment based on an effective cyber-risk management system.

Cyber Resilience of Onboard Vessel Systems and Equipment

UR E27 aims to support manufacturers and OEMs in enhancing their cyber resilience by assessing and improving onboard operational systems and equipment.

Click on the link below to download the report

The class perspective

As per the International Association of Classification Societies (IACS) member, ClassNK, the implementation of URs E26 and E27 will enable complete transparency of a newly built ship's computer assets and network structure throughout its lifespan. This will also ensure that all ships classified by IACS meet the necessary level of cyber-resilience capabilities, irrespective of the vessel's type or technical specifications.


Inmarsat maritime key recommendations

Inmarsat maritime believes that while IACS URs E26 and E27 will play an important role in helping maritime organisations to strengthen their cyber-defences, companies should take a more holistic approach to onboard cyber security. We recommend that organisations concentrate their efforts and investments in three critical areas: people and culture, network-connected systems and services, and an incident-response plan.