GTMaritime aids in readiness for IACS E26 and E27 cyber requirements

April 22, 2024
1 min read


TLDR:

  • GTMaritime is helping maritime organizations prepare for IACS unified requirements E26 and E27 on cyber resilience.
  • The URs aim to minimize the frequency and impact of cyber incidents at sea and will enter into force on 1 July 2024.

In a rapidly advancing maritime industry, cyber threats are becoming increasingly prevalent. The International Association of Classification Societies’ (IACS) unified requirements (URs) E26 and E27 aim to address this issue by minimizing the frequency and impact of cyber incidents at sea. These requirements, set to enter into force on 1 July 2024, provide guidelines for cyber resilience of entire ships and onboard systems and equipment.

UR E26 focuses on cyber resilience of ships, requiring maritime organizations to establish and maintain effective cyber-risk management systems. Compliance involves submitting various documents related to different stages of the vessel lifecycle, including design and construction, commissioning, and operation.

UR E27 focuses on cyber resilience of onboard systems and equipment, outlining security capabilities required by computer-based systems and those sharing interfaces with untrusted networks. Compliance includes submitting documents such as CBS asset inventories, topology diagrams, and security configuration guidelines.

By ensuring visibility of onboard systems and networks and possessing basic cyber resilience capabilities, URs E26 and E27 help organizations strengthen their cyber defenses. However, the evolving nature of cyber threats also necessitates specialized network security solutions. GTMaritime offers a comprehensive cyber-security solution that combines anti-virus technology with end-point detection and response capabilities, enabling a holistic approach to vessel security.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and