Marine Cyber security: Enhancing Maritime Vessel Cyber Resilience through Security Operation Centers and Unified Requirement of E27

The rise of cyber-attacks on ships has led to a focus on improving the industry's ability to bounce back from them (cyber resilience). New regulations require ship owners to spot these attacks quickly, and Maritime Security Operation Centers are being set up to do this. At the same time, there's talk of Remote Operation Centers that would allow for more self-driving ships, which could make them even more vulnerable to cyber-attacks.

Today we will compare two standards which generally refer to Marine cyber-security IEC 61162-460 to Unified requirement E26/27

The International Association of Classification Societies (IACS) UR E26/27 and the IEC 61162-460 are both standards related to the cyber security of ships. However, they have different scopes and targets.

UR E26/27 was published by IACS in 2022. It provides a set of Unified Requirements (URs) for the cyber resilience of on-board systems and equipment. UR E26/27 applies to computer-based systems (CBS) as defined in UR E26. Navigation and radio communication systems may follow IEC 61162-460 instead of UR E27, on the condition that requirements in IACS UR E26 are complied with. UR E26/27 is to be uniformly implemented by IACS Societies on ships contracted for construction on or after 1 January 2024.

IEC 61162-460 is an international standard published by the International Electrotechnical Commission (IEC) in 2018. It specifies the requirements for the security of navigation and radio communication systems on ships. IEC 61162-460 applies to ships of all types, sizes, and operating sectors.

The relationship between UR E26/27 and IEC 61162-460 is as follows:

UR E26/27 is a more general standard that applies to all computer-based systems on ships. IEC 61162-460 is a more specific standard that applies to navigation and radio communication systems.
UR E26/27 is based on the IEC 62443 series of standards, which are the international standards for industrial automation and control system (IACS) security. IEC 61162-460 is based on the IACS UR E26.
UR E26/27 is a mandatory standard that must be complied with by all ships contracted for construction on or after 1 July 2024. IEC 61162-460 is a recommended standard that may be followed voluntarily.
In summary, UR E26/27 and IEC 61162-460 are two complementary standards that are designed to help protect ships from cyber attacks. UR E26/27 provides a more general framework for cyber security, while IEC 61162-460 provides more specific requirements for navigation and radio communication systems. Both standards are important for ensuring the safety and security of ships.