[OT Sec] UR E27 Rev.1 (2023): Cyber Resilience of Shipboard Systems and Equipment – Security Requirements and Implementation Guidelines

1. Overview

With technological advancement, the dependency on Operational Technology (OT) and Information Technology (IT) in ships, ports, and container terminals has significantly increased, raising the risk of cyberattacks. Such attacks can impact business operations, personnel safety, vessel safety, and environmental protection. Therefore, it is essential to integrate security features into the design and manufacturing stages of equipment and systems.

This document defines the minimum requirements to ensure cyber resilience of systems and equipment onboard ships.

---

2. Scope of Application

This Unified Requirement (UR) applies to Computer-Based Systems (CBS) onboard ships and is designated as mandatory or recommended depending on the ship type.

Mandatory Application:

• Passenger ships and high-speed passenger craft on international voyages
• Cargo ships of 500 GT and above on international voyages
• High-speed craft of 500 GT and above on international voyages
• Offshore drilling units and mobile offshore units of 500 GT and above

Recommended Application:

• Naval ships and military transport vessels
• Cargo ships below 500 GT
• Non-mechanically propelled ships
• Primitive wooden ships
• Yachts carrying 12 or fewer passengers
• Recreational yachts not intended for commercial use
• Fishing vessels and specific offshore structures (FPSO, FSU, etc.)

---

3. Key Definitions

• Cyber Resilience: The ability of OT systems to maintain continuous operation despite cyber threats.
• Attack Surface: All potential entry points (both digital and physical) that hackers can exploit.
• Firewall: A logical or physical device that monitors and controls network traffic.
• Operational Technology (OT): Equipment, sensors, software, and networks used to monitor and control physical processes.
• Integrated System: A system composed of multiple subsystems and equipment working for a specific purpose.
• Defense in Depth: A layered security strategy applying multiple protective measures across different levels.

---

4. Security Philosophy

1) Systems and Equipment

Systems consist of hardware and software performing critical functions such as engine control or Dynamic Positioning (DP). Equipment includes networking devices (routers, switches), security devices (firewalls, IDS/IPS), computers (workstations, servers), and automation devices (PLC).

2) Cyber Resilience

The security measures defined in this requirement build upon UR E26. Additional requirements apply when systems interface with untrusted networks.

3) Availability of Critical Systems

Security controls must not negatively impact system availability. Safety, control, and monitoring functions must remain operational at all times, ensuring confidentiality, integrity, and availability of data.

---

5. Security Requirements

These requirements are based on IEC 62443-3-3 and include the following key security capabilities:

1) Authentication and Access Control

• User identification and authentication
• Account management functionality
• Enforcement of strong password policies
• Wireless access control and authentication
• Session lock and prevention of unauthorized access

2) Integrity and Attack Prevention

• Protection of communication integrity (encryption)
• Malware detection and prevention
• Verification of security functions and vulnerability testing
• Input data validation to mitigate security threats

3) Information Protection

• Protection of confidential information (encryption)
• Compliance with industry standards for encryption and key management

4) Audit and Logging

• Logging of security events and storing of audit logs
• Access control for logs and definition of retention policies
• Mitigation of Denial-of-Service (DoS) attacks

5) System Recovery and Backup

• Backup and restore functions for system recovery
• Safe fallback behavior upon failure (deterministic output)
• Defined system reboot and recovery procedures

---

6. Secure Product Design and Development Requirements

Manufacturers must follow a Secure Development Lifecycle (SDLC), considering cybersecurity in all stages:

• Requirement Analysis
• Design
• Implementation
• Verification
• Release
• Maintenance
• End of Life

Procedures for security patching and updates must be documented and regularly communicated to users.

---

7. Security Compliance Verification

1) Design Approval

• Evaluate system design documentation to confirm security requirement compliance

2) Factory Acceptance Test (FAT)

• Suppliers must test and report security functionalities
• Verify proper operation of security features

3) SDLC Verification

• Confirm procedures for code signing, patch management, and security updates
• Validate implementation of security hardening guidelines

---

8. Conclusion

UR E27 defines minimum cybersecurity requirements for shipboard systems and equipment to defend against cyber threats. Based on IEC 62443 standards, it applies layered security controls to ensure critical systems remain operational and secure. The goal is to enhance cybersecurity across the maritime industry and support safe and resilient ship operations.