Blog article

Understanding Maritime Cyber Regulations

Maritime cyber regulations are currently comprised of guidelines within the ISM Code (as well as tougher tanker-focussed industry standards such as SIRE, TMSA).

The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management.

Industry standards can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO.

In August 2024, IMO launched a new toolkit that will help the global maritime industry respond better to ever-evolving ‘insider threats’. Insider threat refers to the risk that arises from a maritime employee carrying out or enabling a security incident, either through a lack of awareness, complacency or maliciousness. 

In addition, the US Coast Guard will implement requirements for US-flagged vessels and related facilities to implement minimum cybersecurity measures.

The latest addition to the landscape developed by the International Association of Classification Societies (IACS) are the UR E26 and UR E27, which create a new global baseline for maritime cyber security requirements, demanding much more transparent exchange of information between shipowners and inspecting authorities.

They require the shipowner to demonstrate and document a much higher level of preparedness including design of onboard networks and corporate responsibilities.

IACS UR E26 applies to newbuildings but is likely to become a more widely used framework, under which other stakeholders such as Flag States, classification societies, insurers and charterers will demand more cyber security information.

UR E26 and E27 are designed to provide full visibility of a newbuild vessel’s digital assets and network infrastructure throughout its life. They will also ensure that IACS-classed ships have been delivered with a required minimum level of cyber resilience capabilities regardless of its type or technical specifications.

Cyber resilience refers to the capability to reduce the occurrence of and mitigate the effects of operational technology (OT) disruptions on ships caused by cyber attacks or other threats, thereby safeguarding human and ship safety as well as the environment.

Additionally, they include the ability to recover from such disruptions when they occur. The aim of Chapter 5, Part X (UR E26) is to equip ships with these capabilities, making them resistant to cyber attacks or other threats.

How can we help you?
Get in touch

Your data is necessary for processing your inquiry and will be used only for this purpose.
Please tick this box to confirm you'd like to receive occasional marketing updates from Marlink. We respect your privacy — your information will never be shared with third parties, and you can unsubscribe at any time. Read our Privacy Policy here.

Contact us to find out how we can help you create new possibilities for your operations. 

Insights

Read about our latest insights and explore the forefront of digital protection through our curated selection of news, articles, and expert blogs.

Find more news for you