IACS has today published 9 (nine) of its 12 (twelve) recommendations[i] on cyber safety with the aim of enabling the delivery of cyber resilient ships whose resilience can be maintained throughout their working lives. These eagerly anticipated recommendations are the result of a long-term initiative from IACS that has benefited considerably from cross industry input and support.
IACS recommendations result from extensive collaboration across industry and provide much needed guidance on how to develop and maintain the cyber integrity of vessels.
IACS initially addressed the subject of software quality with the publication of UR E22 in 2006. Recognising the huge increase in the use of onboard cyber-systems since that time, IACS has developed this series of Recommendations with a view to reflecting the resilience requirements of a ship with many more interdependencies. As a result, the IACS Recommendations address the need for:
A more complete understanding of the interplay between ship's systems
Protection from events beyond software errors
In the event that protection failed, the need for an appropriate response and ultimately recovery.
In order that the appropriate response could be put in place, a means of detection is required.
IACS also recognised at an early stage that, in order for ships to be resilient against cyber incidents, all parts of the industry needed to be actively involved, and so convened a Joint Working Group (JWG) on Cyber Systems. A significant part of the JWG work has been in identifying, best practice, appropriate existing standards in risk and cyber security and identifying a practical risk approach. Consequently, the 12 IACS Recommendations, collectively, not only provide guidance on the most pressing areas of concern but work as building blocks for the broader objective of system resilience.
The 12 Recommendations are:
Recommended procedures for software maintenance of shipboard equipment and systems (published)
Recommendation concerning manual / local control capabilities for software dependent machinery systems (published)
Contingency plan for onboard computer based systems (published)
Network Architecture (published)
Data Assurance (published)
Physical Security of onboard computer based systems (to be published Q4, 2018)
Network Security of onboard computer based systems (published)
Inventory List of computer based systems (published)
Remote Update / Access (published)
Communication and Interfaces (to be published Q4, 2018)
Please go to IACS Website to read more