Scribd
Upload
5 views4 pages

Maritime Cyber Security Regulations

Uploaded by

ashokan sankaran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views4 pages

Maritime Cyber Security Regulations

Uploaded by

ashokan sankaran
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

 MARITIME CYBER SECURITY - SAFEGUARDING SHIPS & OPERATIONS

SHARE:  

Maritime cyber security

Regulations Why cyber security Regulations Owners & managers Yards

Suppliers Other stakeholders Self Assessment FAQ

Regulations
One of the most important drivers behind the rapid  
Sign in to Veracity
evolution of cyber-security
Global 
standards in
the maritime industry is a fast-developing regulatory environment. This relates to cyber
security regulations specific to the maritime industry as well as broader regulations, which
many maritime stakeholders need to comply with.

GDPR

The EU’s General Data Protection Regulation (GDPR), implemented in 2018, mandates strict
controls over the collection, storage, processing, and sharing of personal data. This has
increased cyber security requirements in the maritime industry by requiring organizations to
implement appropriate measures which will ensure the safe and secure processing of data.

IMO Resolution MSC.428(98)

Implemented in 2021, this requires owners, operators, and managers to consider overall
cyber risks, and to implement cyber security across all levels of their management system, in
line with International Safety Management (ISM) Code.

In combination with this resolution, the IMO also released Guidelines on Maritime Cyber Risk
Management (MSC-FAL.1/Circ.3). This provides high-level recommendations for maritime
cyber risk management that can be incorporated into existing risk management processes.

International Association of Classification Societies’ (IACS) new unified


requirements (URs) for cyber security
Taking effect from 1 July 2024, this obliges owners, yards and suppliers to build cyber
security barriers into their systems and vessels, requiring compliance across the full
spectrum of critical on-board control and navigation systems.

The IACS URs for cyber security consist of two sets of rules: E26 governs system integration,
while UR E27 applies to essential onboard systems. Both must be met by vendors and yards
and will be mandatory for all newbuilds with contracts signed after 1 July 2024.

The URs (maritime cyber security regulations) will apply to everything computer-based on
board such as main-engine control systems, steering, cooling systems, fire detection,
communications systems including public address systems, and navigation systems –
anything that is integral to making the ship move, navigate and operate safely.

The URs are minimum prescriptive requirements agreed by all IACS members. Based on the
IEC 62443 standards that address OT cyber security in a holistic way, they aim to ensure the
secure integration of both OT and IT equipment into the vessel’s network during the design,
construction, commissioning and operational life of the ship, covering equipment
identification, protection, attack detection, response and recovery. These regulations also
aim to ensure system integrity is secured and hardened by third-party equipment suppliers.

EU Directive on Network and Information Systems (NIS2)

Set to be implemented in October 2024, this obliges EU member states to adopt cyber
security strategies and establish competent cyber security structures across their
jurisdictions. The directive will ensure that operators of essential services, including major
ports, shipping companies and even single vessels like FSRUs, take appropriate security
measures and report serious cyber incidents.

Similar legislation is expected to take effect in other key regions over the coming years.


Maritime cyber security – what you need to know
Regulations Why cyber security Regulations Owners and managers Yards

Suppliers Other stakeholders Self Assessment FAQ

FOLLOW US ON SOCIAL MEDIA

 

ABOUT US

 About us
 News and events
 Careers
 Annual reports

CONTACT

 Contact DNV
 Office Locator
 Media contacts
 Veracity.com

Privacy Statement
Terms of Use
Copyright © DNV AS 2025
Cookie information

TO THE TOP

The trademarks DNV GL®, DNV®, the Horizon Graphic and Det Norske Veritas® are the properties of companies in the
Det Norske Veritas group. All rights reserved.
WHEN TRUST MATTERS

You might also like