PRS issues a publication about the ship's cyber security

Polish Register of Shipping (PRS) has issued a publication about the ship's cyber security.

This document was published on January 16th, 2023, and became effective on the same date.

The requirements presented in this document are based on the unique requirements of IACS no. E26 and no. E27 and will become mandatory from January 1st, 2024. Until that date, they are considered recommendations. PRS can, if requested by the client, implement them on a voluntary basis.

This publication applies to:

a) operational technology (OT) systems on ships, i.e. those computer systems that use data to control or monitor physical processes that may be vulnerable to cyber-attacks and, if compromised, may endanger people, and the safety of the ship and/or pose a threat to the environment.

Special attention should be paid to the computer systems used for the operation of the following ship functions and systems if they are present on board:

  • propulsion,
  • steering,
  • anchoring and mooring,
  • electrical power generation and distribution,
  • fire detection and extinguishing systems,
  • cargo handling system (limited to safety-related elements),
  • bilge and ballast systems, loading/unloading control systems, loading computer,
  • a boiler control system,
  • scrubber control system and other systems needed for compliance with class or international regulations to prevent pollution to the environment,
  • watertight integrity and flooding detection,
  • lighting (e.g. emergency lighting, low locations, navigation lights, etc.),
  • any other OT system whose disruption or functional impairing may pose risks to ship operations (e.g. LNG monitoring and control system, relevant gas detection system, etc.).

Also, the applicability of this publication includes the following systems:

  • navigational systems required by statutory regulations,
  • internal and external communication systems required by class rules and statutory regulations.

For navigation and radio communication systems, standards such as IEC 61162-460 or IEC 63154 may be used as an alternative to this publication, as long as the application of such standards provides equal or greater cyber resistance to that obtained by applying the requirements contained in this document. In any case, the requirements of section 3 must be met.

b) any Internet Protocol (IP) based communication interface from the computer system within this publication to other systems.

Examples of such systems are, but are not limited to, the following:

  • passenger or visitor servicing and management systems,
  • passenger-facing networks,
  • administrative networks,
  • crew welfare systems,
  • any other systems connected to OT systems, either permanently or temporarily (e.g. during maintenance).

For more information, please see the document below (available only to subscribers):



RELEVANT DOCUMENTS:

Ship’s Cyber Security