false false

ABS Cyber Resilience Program

Safeguarding Your Assets Against Cyber Threats 

In today’s maritime environment, the interconnection of computer systems on vessels combined with the increased use of commercial off-the-shelf products can lead to increased possibilities of cyberattacks. Cyberattacks can affect personnel, compromise data integrity, jeopardize human and vessel safety, and even impact the environment. Within its Unified Requirements (UR) E26 and E27, the International Association of Classification Societies (IACS) has recognized the urgent need for robust cyber requirements, establishing a common set of minimum functional and performance criteria to deliver a ship that can be described as cyber resilient.

The URs went into effect on July 1, 2024, for most new construction ships contracted for construction after that date. Both UR E26 and E27 requirements have been incorporated into the ABS Marine Vessel Rules.

UR E26 Cyber Resilience of Ships

Overview

UR E26 on Cyber Resilience of Ships provides a framework of minimum requirements throughout the vessel’s lifecycle. It starts with embedding cybersecurity in the design phase, followed by ensuring secure construction practices. During commissioning, systems are verified for operational security. Finally, throughout operational life, ongoing assessment and updates are mandated to address evolving cyber threats. This comprehensive approach safeguards the vessel and maintains the integrity of maritime operations.

The primary goal is to support safe and secure shipping, which is operationally resilient to cyber risks. The following sub-goals for the management of cyber risk are defined in the five functional elements, in line with the National Institute of Standards and Technology (NIST) cybersecurity framework 1.0.  

 

Cyber Resilience(Five Functional Elements)

 

  • Shipowners and operators are central to the maritime industry, transporting goods and enabling international commerce. As reliance on digital technologies grows, enhancing cyber resilience becomes critical. 

  • Key Reasons for Cyber Resilience
    • Vessel Security: Protect against cyber threats targeting navigation and control systems

    • Operational Continuity: Ensure smooth sailing by minimizing disruptions from cyber incidents

    • Regulatory Compliance: Meet industry best practices and regulations regarding cybersecurity

    • Protection of Sensitive Data: Safeguard sensitive operational and cargo information

    • Reputation Management: Maintain customer trust by demonstrating strong cybersecurity measures

    • Incident Response Preparedness: Quickly address and recover from cyber incidents

    • Cost Efficiency: Mitigate financial losses associated with downtime and breaches

 

  • Shipyards are vital to the maritime industry, involved in the construction, maintenance, and repair of vessels. As digital systems become integral to shipbuilding, enhancing cyber resilience is essential. 

  • Key Reasons for Cyber Resilience
    • Project Security: Protect against cyber threats affecting construction and repair processes

    • Operational Continuity: Minimize disruptions in shipbuilding and maintenance activities

    • Regulatory Compliance: Adhere to cybersecurity regulations for the maritime sector

    • Intellectual Property Protection: Safeguard proprietary designs and technologies

    • Reputation Management: Build trust with clients by demonstrating robust cybersecurity practices

    • Incident Response Efficiency: Quickly address and recover from cyber incidents

    • Cost Savings: Reduce financial losses due to breaches and downtime

 

UR E27 Cyber Resilience of Onboard Computer-Based Systems and Equipment

Overview

UR E27 introduces minimum security capabilities requirements for onboard systems and equipment to be considered cyber resilient. These requirements are intended for third party equipment and system suppliers. 

 

  • In the maritime and offshore sectors, suppliers play a crucial role in the overall cybersecurity landscape. Enhancing cyber resilience among suppliers is crucial for mitigating risks, ensuring operational continuity, and maintaining trust in the supply chain.

  • Key Reasons for Supplier Cyber Resilience
    • Interconnected Systems: Supplier vulnerabilities can compromise entire networks

    • Risk Mitigation: Strong defenses reduce operational disruptions and financial losses

    • Regulatory Compliance: Meeting cybersecurity regulations involves assessing supplier security

    • Trust and Reputation: Breaches can damage reputation and customer trust

    • Efficient Incident Response: Prepared suppliers enable faster recovery from cyber incidents

    • Protection of Intellectual Property: Robust measures safeguard sensitive data

    • Adaptation to Emerging Threats: Resilient suppliers can better respond to evolving cyber threats

 

 

  • Given the increasing reliance on digital systems and connectivity, it’s essential for these equipment manufacturers to prioritize cyber resilience.

  • Equipment Manufacturer Cyber Resilience
    • Product Security: Safeguard equipment from cyber threats

    • Supply Chain Integrity: Prevent disruptions in production

    • Compliance: Adhere to industry regulations and standards

    • Protect Intellectual Property: Secure valuable designs and technologies

    • Customer Trust: Maintain confidence in product security

    • Adaptability: Evolve cybersecurity measures with market demands

    • Operational Efficiency: Minimize costly downtime from incidents

 

Benefits of ABS Approval and Certification

Achieving ABS approval and certification signifies your commitment to cybersecurity and demonstrates to your customers that your equipment and systems are fully compliant with established IACS and ABS resilience requirements.

Our Solution

ABS has developed a comprehensive Cyber Resilience Program that identifies and implements the necessary cyber resilience capabilities to enhance onboard safety. By aligning with IACS UR E26 and E27, our program offers a pathway to compliance that can ultimately benefit your competitive edge.

Expertise: Leverage our extensive knowledge in maritime cyber resilience and standards compliance. 

Support: Receive tailored advice and guidance through every step of the certification process.

Reputation: Enhance your brand’s credibility by adhering to globally recognized standards. 

Vessel Cyber Class Notation

Vessel Cyber Class Notation

Equipment and Systems Certification Process Overview 

Equipment and Systems Certification Process Overview

ABS Consulting

To further support compliance with IACS requirements, ABS’ affiliate company, ABS Consulting, offers consulting, implementation support and risk managements services. ABS Consulting recognizes the unique challenges shipyards, designers, and suppliers face in meeting IACS cyber regulations during vessel development and construction.

Whether you’re in the initial concept and design stages or integrating cybersecurity into ongoing projects, the ABS Consulting team supports you in embedding effective controls and best practices throughout the shipbuilding process. ABS Consulting works with you to identify the compliance requirements and security metrics that matter most to your operations, establishing a clear framework to track progress and demonstrate results from a shipbuilding and supply chain perspective.

Learn more by clicking here

Are You Ready To Get Started?

ABS can assist system and equipment manufacturers understand and identify needed cyber resilience capabilities to meet IACS UR E26 and E27 requirements.

Questions about UR E26 and E27?

Contact our advisors for assistance.

Cyber Resilience of Ships Webinar

In the era of digitalization and interconnectivity, cyber risk management is paramount to safe and secure shipping. Establishing a minimum set of requirements for cyber resilience of new ships is an important first step toward mitigating some of the identified risks.

Cyber Resilience of Onboard Systems and Equipment Webinar

In April 2022, the International Association of Classification Societies (IACS) released two Unified Requirements related to cyber resilience.