The URs will be mandatory for classed ships and offshore installations contracted for construction on or after 1 January 2024. Consequently, the DNV class notation Cyber secure(Essential) will be mandatory from this date.
The technical security requirements of the IACS URs E26 and E27 are fully aligned with DNV’s class notations for cyber security and are covered by the current edition of the DNV class notation Cyber secure(Essential).
For customers who would like, on a voluntary basis, to implement the new IACS cyber security requirements before 1 January 2024, the following items outline how to achieve this in line with the current DNV rules:
• Systems type approval (TA) in accordance with the current edition of DNV rules for the class notation Cyber secure(Essential) / security profile 1 will meet the IACS URs E26 and E27. The TA process will be amended with the audit of the relevant additional development activities in accordance with IACS UR E27 section 5.
• Ships and offshore installations assigned the class notation Cyber secure(Essential, +) as per the current edition of DNV rules, will meet the IACS URs E26 and E27. The additional qualifier (+) is needed to extend the scope of systems in accordance with the scope of applicability in IACS UR E26.
DNV will arrange a webinar on the upcoming IACS URs for cyber security on 23 August 2022. The invitation will follow in mid-August.
Recommendations
Until the new URs are in force, DNV encourages product suppliers, shipyards, and ship owners to implement cyber security into control systems, ship design and relevant management systems on board. Special attention is recommended for product suppliers of systems within the scope of the URs, as these systems may need further development and design changes to comply with the URs.