The latest cyber security regulations transforming the maritime industry
The era of maritime digitalisation is accompanied by the growing threat of cyber-attacks and the resulting risk of economic and reputational damage to companies across the supply chain. The speed and trajectory of change makes the need for effective cyber security in the maritime industry ever-more urgent.
– An effective cyber security strategy is imperative to protect IT and OT systems, networks and data within maritime organisations. The infrastructure at risk encompasses vessels, office sites, and data centres, all of which host sensitive data.
Protecting these assets calls for a combination of cyber awareness, customised security procedures and regulatory compliance. Of these three principles, compliance is becoming more important. Rules are growing at international and regional levels, designed both to protect organisations and hold them accountable in the case of lapses.
The most recent addition to the rules is the first of two IACS Unified Requirements (URs), E27, ‘Cyber Resilience of On-Board Systems and Equipment’ which came into force on July 1, 2024. UR E27 is mandatory for all classed vessels contracted for construction on or after 1 July and applies to on-board systems and equipment. A second UR, E26 ‘Cyber Resilience of Ships’ applying to complete ships, is being finalised based on industry feedback and will be published before the end of the year.
While the URs are an important addition to the measures owners can apply to combat cyber threats, they apply only to newbuildings, meaning that the existing shipping fleet must take additional measures. These include the ‘IMO 2021’ regulation which requires organisations to demonstrate that they have taken steps to harden their assets and have plans in place to respond to an attack.
The next piece of regulation on the radar for maritime is the upcoming NIS2 Directive, an EU-wide legislation which is set to come into force from October 2024, designed to enhance cyber security measures in the European Union. The critical element of NIS2 is that it has consequences for non-compliance; companies are not only required to ensure they are cyber secure for the health of the business, but they can also be hit with a fine for non-compliance.
To help our clients understand, prepare, and respond, to cyber threats, Marlink is constantly refining the cyber security protection we offer to our clients. We provide advanced tools to manage and monitor network traffic, secure individual devices and search for known risks to prevent exploitation of the ship’s network and devices.
To find out how we can help fortify your vessels against cyber threats, take a look at our cyber security solutions. Discover how partnering with Marlink can lead to safer, more secure maritime operations in an increasingly digital world.
Cyber Security Solutions