New cybersecurity requirements in shipbuilding: implications in the engineering process and designs of new vessels

The logistics sector has evolved in recent years to more complex deployments where there is a greater flow of communication between its elements. This evolution is noticeable in critical sectors such as maritime, for example, in port environments there are a large number of interconnections for the exchange of information between a wide range of systems.

Real examples show how there are more and more cyber-attacks targeting companies in the maritime sector. It is therefore essential to develop cybersecurity strategies based on system protection, attack detection and incident response capabilities. Cybersecurity must be considered from the design stage, thinking beyond functionality and considering it as a process that must be incorporated into the day-to-day operations of all companies.

Given the variety of industry best practice standards or mandatory regulations that have emerged on cybersecurity in the maritime sector, IACS, a non-governmental, technical-based organization of eleven major marine classification societies, has established new unified requirements (UR E26 and E27) on the cyber resilience of ships that will apply to ships contracted for construction on or after January 1, 2024. Cybersecurity will move from being an added value to a market requirement.

Humanity is facing new challenges that require, more than ever, a new comprehensive vision. As a result, all organizations, and society in general, are to a greater or lesser extent immersed in a process of digital transformation. This transformation is based on the incorporation of technology in all the organization’s business processes and hyperconnectivity. There has been a convergence between Information Systems (IT), Operation Systems (OT) and Consumer Technologies (CT), giving rise to an interconnected ecosystem in which the impact of one node can have direct implications for the entire chain.

From a cybersecurity standpoint, this systemic world leads to a high-risk scenario. As our business processes become more dependent on technology, the impact of a potential cyber-attack increases.

read more