Intercargo
Home » Topics » Cyber Risks       » IACS Development on Cyber System Requirements

IACS Development on Cyber System Requirements

Contents:

  1. Development of IACS Recommendation on incorporating cyber risk into ISM, and action requested
  2. Translation of the Rec. 166 into a Unified Requirements
  3. Development of Unified Requirements for cyber resilience of on-board systems and equipment
  4. UR E22 Evolution

On 15 Dec 2021 at the 21st meeting of the IACS/industry Joint Working Group on Cyber Systems (JWG/CS), IACS colleagues provided updates on the development on IACS cyber system requirements. Here is the summary of updates for your reference.

1.Development of IACS Recommendation on incorporating cyber risk into ISM

A project team PTPC05/2021 was established within IACS to:

  • Develop a guideline on incorporating cyber risk into ISM, in order to help shipowners on how to do risk assessment for cyber system and what should be done for mitigation of the risks.
  • Provide a common framework to carry out risk assessment based on which risk mitigation measures are implemented.

IACS highlighted that the recommendation does not intend to advocate a parallel cyber risk management outside the SMS.

Action requested

On 21 Dec, IACS circulated draft v.3, as attached, for comments of industry partners. INTERCARGO members are encouraged to provide comments on it by 20 Jan 2022.

2.Translation of the Rec. 166 into a Unified Requirements

Members recall that a few updates were circulated on this matter by us in 2020 and 2021. The concerned IACS Project Team PT PC04/2020 was tasked to produce a Unified Requirements (UR) with minimum goal-based requirements for cyber resilience of new ships, starting from the experience and knowledge acquired in the development of Rec.166. The focus will be set on OT systems. Requirements will be mandatory for OT systems that, if compromised, could lead to dangerous situations for human safety, safety of the vessel and/or threat to the environment.

At the meeting, the Project Team advised that the implementation date for incorporation in Class Rules will depend on validation from IACS GPG and the standard schedule for incorporation of new Rules. IACS aims to:

  • publish this new UR early 2022 after validation by GPG.
  • incorporate the new UR in Class Rules of all lACS members for implementation from January 2023.

3.Development of Unified Requirements for cyber resilience of on-board systems and equipment

The Project Team leader indicated at the meeting that the implementation date for incorporation in Class Rules will depend on validation from GPG and the standard schedule for incorporation of new Rules. It was planned that:

  • This new UR will be published early 2022 after validation by GPG.
  • This new UR will be incorporated in Class Rules of all lACS members for implementation from January 2023.

This future UR aims to guarantee a satisfying amount of cyber resilience. At present, according to the requirements of UR E22, tests for such equipment are conducted according to UR E10 for Category II and Category III systems. However, as UR E10 is only an environmental test requirement, the cyber security performance is not addressed. The UR will define type approval requirements for cyber system equipment taking into account cyber security expectations.

4. UR E22 Evolution

Recently, IACS established a Project Team PT PC02/2020. Its work is focused on the activities required for development, installation and updates of cyber-physical systems. The revised E22 is expected to

  • Clarify the holistic scope of the requirements:
    • Design and development activities for individual systems (supplier responsibility)
    • Design and integration activities for the total ship-system (system integrator responsibility)
  • Clarify the difference between development of a base-system(that can be type approved) and the configuration and tailoring of such a system for a specific ship. (both for new-build or updates/retrofitting)

The timeline of the development is expected for the draft to be:

  • Ready for IACS CS Panel review February 2022
  • Ready for JWG/CS review March 2022
  • Ready for IACS GPG review April 2022
  • Finalization in May 2022

 

More updates on the above items would be circulated to members for reference shortly after the 22nd meeting of JWG/CS as planned on 14 Jan 2022.