Safeguarding Yachts

05 Jul 2024

Understanding the Significance of IACS E26 and E27 Cyber Security Requirements

Since technology is present in every aspect of our lives, the maritime industry is not exempt from the omnipresent threat of cyber-attacks.

The introduction of the E26 and E27 requirements by the International Association of Classification Societies (IACS) marks a significant milestone in safeguarding against cyber threats within the maritime industry and represents the initial stride towards bolstering the Maritime Cybersecurity community. So how do we ensure we are compliant going forward?

These regulations will be mandatory from 1 July 2024 for new units. The requirements not only highlight that all stakeholders must become very familiar with cybersecurity protocols but also, they emphasize the paramount importance of implementing these measures on board ships, floating units, and charter yachts (above 500GT, and with more than 12 passengers). But cyber threats pose a substantial risk to maritime operations, (without discrimination of operational profile and/or size), ranging from data breaches and system manipulations to jeopardizing vessel safety and crew well-being.

With the increasing digitisation of vessel systems and networks, yachts are particularly vulnerable targets for cyber-attacks due to their high-value assets and often limited cybersecurity measures.

The state-of-the-art technology aboard yachts, featuring intelligent capabilities and extensive connectivity, inadvertently nurtures a misguided perception of enhanced security and safety, especially regarding cybersecurity.

Compliance with the E26 and E27 standards ensures that maritime stakeholders adopt comprehensive cybersecurity frameworks that encompass risk assessment, threat mitigation, incident response, and ongoing monitoring.

It is time to realise that complicated and ever-evolving cybersecurity threats mean maritime professionals will be forced to effectively safeguard their assets.

Is there one, all-encompassing solution to handling cyber threats on board?

The answer is no.

Cybersecurity vulnerabilities on yachts are directly dependent on the complexity of onboard technology, its operability, its configuration, its software dependence, interconnections, and connectivity factors such as Wi-Fi networks and remote connections.

Today, the interconnected nature between Operational Technology (OT) and Information Technology (IT) Systems on board yachts is a puzzle where only the collaboration between yacht designers, system integrators, vendors, operators, classification societies, and cybersecurity experts can achieve an adequate level of proactive strategies and response procedures to be applicable and sustainable during the entire lifecycle of the assets.

In a market where luxury and comfort make all the difference, being compliant with cybersecurity standards today, significantly enhances the trustworthiness and the value of the asset throughout its entire lifecycle.

Yachts are intricate ecosystems comprising of various interconnected systems, ranging from navigation, propulsion, communication, business, to let us not forget, entertainment.

Compliance with cybersecurity standards enhances the reputation and credibility of builders, operators, and owners of their commitment to ensuring the security and privacy of onboard systems and sensitive information.

Training and awareness programs are essential tools in this endeavour, equipping personnel with the knowledge and skills to identify, mitigate, and report cybersecurity threats promptly.

In conclusion, the introduction of IACS E26 and E27 requirements represents a significant milestone in maritime cybersecurity on board new yacht designs, mitigating the risks posed by cyber threats, but it is crucial that on-board existing units, yacht owners and operators also become quickly familiar with this "cyber hygiene" due to the unique vulnerabilities associated with luxury vessels.

Cybersecurity is a journey; investing in cybersecurity is not just a regulatory obligation, but a strategic approach for safeguarding and value enhancement during the entire lifecycle of future yachts; in an increasingly digital world - let us help you navigate this cybersecurity step-by-step approach.