Hackers have taken good notice that it is becoming easier to attack ships. Firstly, there is more to attack – in addition to the increasing amounts of IT on board, there is also the OT (Operational Technology) controlling everything from Steering, Anchoring and mooring, Fire detection, Cargo handling systems, ballast systems to Boilers, and more. It is often supplied by third-party vendors who may have different cybersecurity standards from yours. And the whole lot is interconnected to your networks.
Classification Societies also identified this risk – particularly their umbrella body, the International Association of Classification Societies (IACS). They have been at the forefront of the push towards better ship protection, most recently adopting new requirements. Unified Requirement (UR) E26 deals with OT and IT, and UR E27 deals with ensuring system integrity is secured and hardened by third-party equipment suppliers.
These requirements will be mandatory for ships built after January 2024 and serving as guidance until then.
The responsibility to fulfill said requirements apply to all stakeholders involved in the ship’s design, building, and operation. Among them: Shipowner/Company, Ship Designer/Shipyard, System Integrator, Supplier, and Classification Society
UR E26 covers the OT and IT equipment and comprises five elements:
Identify: Understand and manage cybersecurity risk as an organization. Identity all your onboard systems. The inventory of Computer Based Systems onboard and relevant software used in OT systems is essential for the effective management of the cyber resilience of the ship, the main reason being that every Computer Based System becomes a potential point of vulnerability.
Protect: Put in place safeguards to protect the ship against cyber incidents.
While networks may be protected by a firewall perimeter, breaching that perimeter is always possible. Network segmentation makes it more difficult for an attacker to perpetrate an attack throughout the entire network. The main benefits of security zones and network segmentation are reducing the attack surface’s extent, preventing attackers from achieving lateral movement through systems, and improving network performance.
Attackers may attempt to access the ship’s systems and data from either onboard the ship, within the company, or remotely through connectivity with the internet. Physical and logical access controls to cyber assets, networks, etc. shall then be implemented to ensure the ship’s and its cargo’s safety.
Detect: Develop and implement ways of detecting and identifying cyber incidents onboard.
Technology capable of detecting unusual events is required to enable an early response to attacks targeting unknown vulnerabilities. A monitoring system that detects network anomalies and uses post-incident analysis provides the ability to respond and further recover from a cyber event appropriately.
Respond: Develop ways of taking action in response to a detected cyber incident onboard.
An incident response plan is an instrument aimed at helping responsible persons respond to cyber incidents. As such, the Incident response plan is as effective as it is simple and carefully designed. When developing the Incident response plan, it is important to understand the significance of any cyber incident and prioritize response actions accordingly.
Recover: Restore anything that was damaged by a cyber incident.
Incident response procedures are an essential part of system recovery. Responsible personnel shall carefully consider the implications of recovery actions (such as wiping of drives) and execute them carefully.
Cydome’s unified view of cyber security supports these requirements, all under the ship-wide approach to security for the fleet. Our Cydome Everlight and Cydome Evershield solution ensures fleets’ coverage for these five elements of the UR E26 under a single dashboard to monitor and assess.
Cydome Evertrust provides coverage against third-party threats (including equipment suppliers) according to the UR E27 requirement.