By: Peter Bouwhuis
Ahoy, fellow maritime enthusiasts! As we dive deeper into the digital age, our beloved ships are becoming smarter and more connected. But with all this tech comes a darker side: cyber threats. The International Association of Classification Societies (IACS) has rolled out new guidelines, UR E26 and UR E27, to help us navigate these treacherous waters. But let’s be real—are these guidelines enough to keep us afloat?
The Digital Revolution at Sea
Picture this: ships equipped with the latest tech, sailing smoothly with digital systems humming in the background. Sounds amazing, right? Well, it is, until you realize that all this connectivity makes our vessels prime targets for cyber-attacks. As data usage on ships skyrockets, so does the risk of someone hijacking our systems.
Enter UR E26 and UR E27, the IACS’s attempt to set some ground rules for cyber resilience. These guidelines are a good start, focusing on everything from ship design to onboard systems. But here’s the thing: compliance alone won’t cut it. We need to go above and beyond if we want to stay ahead of the bad guys.
Breaking Down the Guidelines
UR E26 is all about making sure our ships are built with security in mind. It’s like having a sturdy hull to weather the storm—essential, but not the whole picture. The guidelines follow the NIST Cybersecurity Framework, which is great for identifying threats and planning our defenses. But let’s not forget, the real test comes when we’re out at sea, facing the unpredictable.
Then there’s UR E27, which zeroes in on the tech we have onboard. It’s based on the IEC 62443 standard and lays out the security features we need to keep our systems safe. But here’s where it gets tricky: these standards are the bare minimum. In a world where cyber threats evolve faster than we can update our software, we need to do more than just check the boxes.
People: The Weakest (and Strongest) Link
You know what they say—a ship is only as good as its crew. The same goes for cybersecurity. Inmarsat, a big player in maritime connectivity, points out that phishing attacks are still a huge problem. Why? Because people are involved. We click on things we shouldn’t, and suddenly, our fancy systems are compromised.
That’s why investing in training and awareness is so important. We need to create a culture where everyone on board knows how to spot a threat and what to do about it. Standards like ISO/IEC 27001 can help, but it’s the day-to-day habits that make the real difference.
Beyond the Checklist
Here’s the harsh truth: following the rules isn’t enough. We need to take a risk-based approach, constantly assessing our vulnerabilities and adapting our defenses. Inmarsat’s Fleet Secure portfolio offers some great tools for this, from endpoint security to unified threat management. But even with the best tech, we need to stay vigilant.
Compliance is just the starting point. We need to think holistically, combining technology, training, and a healthy dose of common sense. It’s not just about ticking off requirements—it’s about building a resilient defense that can weather any storm.
Charting a Course for the Future
The maritime industry is at a crossroads. We can either stick to the basics and hope for the best, or we can step up and take control of our cybersecurity destiny. The choice is clear: we need to invest in people, processes, and technology to build a strong defense against cyber threats.
So, let’s not just settle for compliance. Let’s aim for excellence. Let’s make sure our ships are not just connected, but also secure. Because out there on the open sea, we need more than just a good compass—we need a crew that’s ready for anything.
