ABS Cyber Resilience Program

cyber-safety-for-equipment

ABS Cyber Resilience for On-board Systems and Equipment

Interconnection of computer systems on vessels, together with the widespread use onboard of commercial-off-the-shelf (COTS) products, open the possibility for attacks to affect personnel data, impact human and vessel safety and threaten the environment.  The International Association of Classification Societies (IACS) has recognized the need for a common set of minimum functional and performance requirements to support more cyber-resilient vessels, establishing UR E26 and UR E27.  In September of 2023, IACS delayed the implementation date such that the URs will come into effect July 1, 2024, due to continuing IACS work and the development of Rev. 1 versions of the two URs. ABS supports these IACS efforts for UR E26 and UR E27 and has incorporated two new sections in the ABS Marine Vessel Rules to enhance onboard cyber safety.  Section 4-9-13 “Cyber Resilience for Vessels” and Section 4-9-14 “Cyber Resilience for On-board Systems and Equipment” are the two new sections and are in alignment with IACS UR E26 and UR E27 respectively.

The ABS Cyber Resilience Program helps system and equipment vendors understand and identify the needed cyber resilience capabilities.

Ultimately, the value of ABS approval supports your competitive edge by helping you demonstrate to your customers that your equipment and systems are compliant with IACS and ABS Cyber Resilience requirements. 


Certification Process

The ABS certification process applies to a range of digitally-enabled equipment and systems covering individual components all the way through the system and network levels. ABS offers Product Design Assessment (PDA) providing a comprehensive certification solution.

ABS CYBER RESILIENCE PDA 

  • Assessment of 30 security capabilities required for Cyber Resilience in accordance with ABS 4-9-14 and IACS UR E27, such as:          

                - Authenticator management

                - Authorization enforcement

                - Auditable events

                - Communication integrity

                - Malicious code protection

                - Security functionality verification

                - Denial of service protection

                - System backup

                - System recovery and reconstitution

                - Network and security configuration settings

 

  • Assessment of 11 additional security capabilities required for Cyber Resilience when there is network communication with untrusted networks (communication interface with any networks outside the scope of ABS 4-9-13 and UR E26), such as:

             - Multifactor authentication

             - Explicit access request approval

             - Remote session termination

Benefits

  • Improves competitive position by demonstrating compliance with IACS and ABS Cyber Resilience requirements 
  • Recognition on the external ABS Type Approval database   
  • Helps control cybersecurity vulnerabilities in the supply chain

 

For more information on cyber resilience for on-board systems and equipment, feel free to reach out to us at abstaprograms@eagle.org

 

Questions about UR E26 and E27? Contact our advisors for assistance with your projects.