The International Association of Classification Societies (IACS) has published nine of its 12 recommendations on cyber safety. The aim is enabling cyber resilient ships to maintain resiliency throughout their working lives.
These recommendations are the result of a long-term initiative from IACS that has benefited considerably from cross industry input and support.
IACS initially addressed the subject of software quality with the publication of UR E22 in 2006.
Huge increase in use of onboard cyber systems
There is a huge increase in the use of onboard cyber-systems since that time. Therefore, IACS has developed this series of Recommendations. It has a view to reflecting the resilience requirements of a ship with many more interdependencies.
As a result, the IACS Recommendations address the need for the following.
- A more complete understanding of the interplay between ship’s systems
- Protection from events beyond software errors
- In the event that protection failed, the need for an appropriate response and ultimately recovery.
- In order that the appropriate response could be put in place, a means of detection is required.
IACS also recognised at an early stage that all parts of the industry must be actively involved. Thus, it convened a Joint Working Group (JWG) on Cyber Systems.
A significant part of the JWG work has been in identifying best practice, appropriate existing standards in risk and cyber security and identifying a practical risk approach.
Consequently, the 12 IACS Recommendations, collectively, not only provide guidance on the most pressing areas of concern but work as building blocks for the broader objective of system resilience.
Importantly, IACS noted the challenge of bringing traditional technical assurance processes to bear against new and unfamiliar technologies. Hence, IACS has launched these Recommendations in the expectation that they will rapidly evolve as a result of the experience gained from their practical implementation.
Furthermore, IACS recognises that these Recommendations are only an ‘interim’ product. They will be subject to amalgamation into a larger document with more consistent language, overlaps removed and common material consolidated.
IACS recognises that the delivery of these important series of Recommendations is only the start in the ongoingstruggle to maintain the cyber integrity of vessels.