Recommendation on Cyber Resilience (eBook)


Also available in other formats:

Recommendation on Cyber Resilience (eBook)

£75.00
(Excludes any applicable taxes)

This single, standalone Recommendation consolidates IACS’ previous 12 Recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems which provide control, alarm, monitoring, safety or internal communication functions which are subject to the requirements of a Classification society.

 

This new recommendation is applicable to a vessel’s network systems using digital communication to interconnect systems within the ship and ship systems which can be accessed by equipment or networks off the ship.

Be the first to review this product

This Recommendation has benefited from the valuable input of a wide range of industry partners contributing via the Joint Industry Working Group on Cyber Systems and covers the constructional aspects of the 12 previously published Recommendations. It provides information on matters such as reference guidelines and standards, terms and definitions, goals for design and construction, functional requirements, technical requirements and verification testing.

The purpose of this recommendation is to provide technical requirements to stakeholders that would lead to delivery of cyber resilient ships, whose resilience can be maintained throughout their service life.

 

Resilience, in this context, is meant as a characteristic that provides crew and ships with the capabilities to effectively cope with cyber incidents occurring on computer based systems onboard, which contribute to the operation and maintenance of the ship in a safe condition. The most effective method of dealing with an incident is to prevent it ever happening so, in this context ‘prevention’ is even more important than ‘cure’.

 

It is intended that requirements herein provide guidance for mitigating the risk related to events affecting onboard computer based systems, recognising that, if no measures are implemented, such events could potentially affect human safety, the safety of the vessel and/or the threat to the marine environment.

 

The recommendation intends to ensure that design, integration and/or maintenance of computer based systems support secure operation and provide a means to protect against unauthorized access, misuse, modification, destruction or improper disclosure of the information generated, archived or used in onboard computer based systems or transported in the networks connecting such systems.

 

This recommendation seeks to support IMO Resolution MSC.428(98) (June 2017): ‘Maritime Cyber Risk Management in Safety Management Systems’, which requires cyber risks to be addressed

CHAPTER 1 Introduction
1.1 Purpose of the Recommendation
1.2 Overview of the Recommendation Structure
1.3 How to Use This Recommendation

CHAPTER 2 Scope

CHAPTER 3 Reference Guidelines and Standards

CHAPTER 4 Terms and Definitions

CHAPTER 5 Goals for Design and Construction

CHAPTER 6 Functional Requirements
6.1 Introduction
6.2 Identify (I)
6.3 Protect (P)
6.4 Detect (D)
6.5 Respond (R)
6.6 Recover (RC)

CHAPTER 7 Technical Requirements
7.1 Asset Identification
7.2 Communication and Interfaces
7.3 Network
7.4 Computer Based System Physical Access Control
7.5 Software Assurance
7.6 Remote Access (from locations not on board the ship)
7.7 Data Quality
7.8 System Recovery

CHAPTER 8 Verification Testing
8.1 Asset Identification
8.2 Communication and Interfaces
8.3 Network
8.4 Computer Based Systems Physical Access Control
8.5 Software Assurance
8.6 Remote Access (from locations not on board the ship)
8.7 Data Quality
8.8 System Recovery

Appendix
Appendix A Detailed List of Standards
Appendix B Documents Referred to in Recommendation
Appendix C Mapping of Sub Goals to Technical & Verification Requirements

Annexure
Annex A Guidance on Operational Aspects Addressed in Recommendations

Reference List

1.1 Purpose of the Recommendation
1.1.1 The purpose of this Recommendation is to provide technical requirements for stakeholders that lead
to the delivery of cyber resilient ships, whose resilience can be maintained throughout service life.
1.1.2 Resilience, in this context, is meant as a characteristic that provides crew and ships with the
capability to effectively cope with cyber incidents occurring on computer based systems on board,
which contribute to the operation and maintenance of the ship in a safe condition. The most
effective method of dealing with an incident is to prevent it ever happening. Therefore, in this context
‘prevention’ is more important than ‘cure’.
1.1.3 It is intended that recommendations herein provide guidance for mitigating the risk related to events
affecting onboard computer based systems, recognising that, if no measures are implemented, such
events could potentially affect human safety, the safety of the ship and/or present a threat to the
marine environment.
1.1.4 The intent of this Recommendation is to ensure that design, integration and/or maintenance of
computer based systems supports secure operations and provide a means to protect against
unauthorised access, misuse, modification, destruction or improper disclosure of the information
generated, archived or used in onboard computer based systems or transported in the networks
connecting such systems.
1.1.5 This Recommendation seeks to support IMO Resolution MSC.428(98) (June 2017): ‘Maritime Cyber
Risk Management in Safety Management Systems’, which requires cyber risks to be addressed
in safety management systems by 1 January 2021, based on MSC-FAL.1/Circ.3 (June 2017):
‘Guidelines on Maritime Cyber Risk Management.

Dedicated to safe ships and clean seas, IACS makes a unique contribution to maritime safety and regulation through technical support, compliance verification and research and development. More than 90% of the world's cargo carrying tonnage is covered by the classification design, construction and through-life compliance rules and standards set by the twelve Member Societies of IACS.

IACS is a not for profit membership organisation of classification societies that establish minimum technical standards and requirements that address maritime safety and environmental protection and ensures their consistent application.  It carries out this responsibility through its panels, expert groups and project teams and provides a Quality System Certification Scheme (QSCS) that its Members comply with, as an assurance of professional integrity and maintenance of high professional standards.  IACS is recognized as the principal technical advisor of IMO.

Title: Recommendation on Cyber Resilience (eBook)
Series Details: Rec No. 166
Number of Pages: 86
Product Code: IT103248
ISBN: ISBN 13: 978-1-85609-943-1
Published Date:
Author: IACS

Bought this product? Why not review it?

If you have a question about this product, please contact us directly.
No
No
No