This single, standalone Recommendation consolidates IACS’ previous 12 Recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems which provide control, alarm, monitoring, safety or internal communication functions which are subject to the requirements of a Classification society.
This new recommendation is applicable to a vessel’s network systems using digital communication to interconnect systems within the ship and ship systems which can be accessed by equipment or networks off the ship.
This Recommendation has benefited from the valuable input of a wide range of industry partners contributing via the Joint Industry Working Group on Cyber Systems and covers the constructional aspects of the 12 previously published Recommendations. It provides information on matters such as reference guidelines and standards, terms and definitions, goals for design and construction, functional requirements, technical requirements and verification testing.
The purpose of this recommendation is to provide technical requirements to stakeholders that would lead to delivery of cyber resilient ships, whose resilience can be maintained throughout their service life.
Resilience, in this context, is meant as a characteristic that provides crew and ships with the capabilities to effectively cope with cyber incidents occurring on computer based systems onboard, which contribute to the operation and maintenance of the ship in a safe condition. The most effective method of dealing with an incident is to prevent it ever happening so, in this context ‘prevention’ is even more important than ‘cure’.
It is intended that requirements herein provide guidance for mitigating the risk related to events affecting onboard computer based systems, recognising that, if no measures are implemented, such events could potentially affect human safety, the safety of the vessel and/or the threat to the marine environment.
The recommendation intends to ensure that design, integration and/or maintenance of computer based systems support secure operation and provide a means to protect against unauthorized access, misuse, modification, destruction or improper disclosure of the information generated, archived or used in onboard computer based systems or transported in the networks connecting such systems.
This recommendation seeks to support IMO Resolution MSC.428(98) (June 2017): ‘Maritime Cyber Risk Management in Safety Management Systems’, which requires cyber risks to be addressed.