Blog article

Understanding Maritime Cyber Regulations

Maritime cyber regulations are currently comprised of guidelines within the ISM Code (as well as tougher tanker-focussed industry standards such as SIRE, TMSA).

The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management.

Industry standards can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO.

In August 2024, IMO launched a new toolkit that will help the global maritime industry respond better to ever-evolving ‘insider threats’. Insider threat refers to the risk that arises from a maritime employee carrying out or enabling a security incident, either through a lack of awareness, complacency or maliciousness. 

In addition, the US Coast Guard will implement requirements for US-flagged vessels and related facilities to implement minimum cybersecurity measures.

The latest addition to the landscape developed by the International Association of Classification Societies (IACS) are the UR E26 and UR E27, which create a new global baseline for maritime cyber security requirements, demanding much more transparent exchange of information between shipowners and inspecting authorities.

They require the shipowner to demonstrate and document a much higher level of preparedness including design of onboard networks and corporate responsibilities.

IACS UR E26 applies to newbuildings but is likely to become a more widely used framework, under which other stakeholders such as Flag States, classification societies, insurers and charterers will demand more cyber security information.

UR E26 and E27 are designed to provide full visibility of a newbuild vessel’s digital assets and network infrastructure throughout its life. They will also ensure that IACS-classed ships have been delivered with a required minimum level of cyber resilience capabilities regardless of its type or technical specifications.

Cyber resilience refers to the capability to reduce the occurrence of and mitigate the effects of operational technology (OT) disruptions on ships caused by cyber attacks or other threats, thereby safeguarding human and ship safety as well as the environment.

Additionally, they include the ability to recover from such disruptions when they occur. The aim of Chapter 5, Part X (UR E26) is to equip ships with these capabilities, making them resistant to cyber attacks or other threats.

GET IN TOUCH

Talk to a Marlink specialist.

Whether you're evaluating solutions, planning a fleet upgrade or dealing with an urgent connectivity challenge, our team is ready to help.

Specialists covering maritime, cruise, yachting, energy, enterprise, telco, humanitarian,  government and defence sectors

Your data is handled in line with our GDPR-compliant privacy policy


PREFER TO REACH US DIRECTLY

Tell us about your operation

Fill in the details below and the right specialist will be in touch.

Your data is necessary for processing your inquiry and will be used only for this purpose.
Please tick this box to confirm you'd like to receive occasional marketing updates from Marlink. We respect your privacy — your information will never be shared with third parties, and you can unsubscribe at any time. Read our Privacy Policy here.

Insights

Read about our latest insights and explore the forefront of digital protection through our curated selection of news, articles, and expert blogs.

Find more news for you