The importance of type approval Part I (From Identify to Protect).

 The importance of type approval Part I (From Identify to Protect).

Shipyards require a significant number of man-hours depending on commissioning times and days, which directly leads to increased the ship building costs. Accordingly, reducing the time required for ship cybersecurity testing is an essential factor. Therefore, it is expected that shipyards will prefer suppliers holding UR E27-related type approval.

The following sentence provides a summary and definition of the Identify, Protect, Detect, Respond, and Recover sections of UR E26, as well as details regarding tests (demonstration) that may be exempt if you have a UR E27 Type, especially commissiong phase(please refer blue color text). I hope this serves as a helpful reference.

Identify: Develop an organizational understanding to manage cybersecurity risk to 
onboard systems, people, assets, data, and capabilities.

Requirement - Identify

Vessel asset inventory

- An inventory of hardware and software of CBSs.
- The inventory is essential for management of cyber resilience of the ship.
- The inventory shall be kept updated during the entire of life of the ship.
- The vessel inventory shall include at least information in UR E27 Sec. 3.1.1

DEMONSTRATION
- Design Phase: The vessel asset inventory that incorporate the inventories of all CBSs 
shall be submitted to the Society.
- Construction Phase: The vessel asset inventory shall be kept updated.
- Commissioning Phase: The ship cyber resilience test procedure to be submitted for following DEMONSTRATION:
1. Vessel asset inventory is updated and completed at delivery.
2. CBSs are correctly represented by vessel asset inventory.
3. Software of the CBS has been kept updated.


Protect: Develop and implement appropriate safeguards to protect the ship against cyber incidents and maximize continuity of shipping operations.

Requirement – Protect 1

Security Zones and Network Segmentation

- All CBSs shall be grouped into security zones with well-defined security policies and capabilities.
- The benefit of security zone s and network segmentation are to reduce the attack surface.
- The inventory shall be kept updated during the entire of life of the ship.
- A security zone shall be logically or physically segmented form other zones.
- Safety systems shall be grouped into separate security zones with physical segmentations.
- Nav. and communication system shall not be in the same security zone as machinery or Cargo systems.
- Wireless devices shall be in dedicated security zones.
- Considered as untrusted networks shall be physically segmented from security zones .

DEMONSTRATION
- Design Phase: 
• Zone and conduit diagram and Cyber security design description to be submitted to the Society.
• Zone and conduit diagram shall illustrate how they grouped into security zones with following information:
-> Indication of Security zone/Each CBS simple Illustration with physical location/Illustration of network communications.
• Cyber security design description shall include following information:
-> A short description of the CBSs/Network communication in the same, different and untrusted networks with purpose and characteristics.
-> Zone boundary devices and specify the traffic such as firewall rules are to be included.
- Construction Phase: The zone and conduit diagram shall be kept updated.
- Commissioning Phase: The ship cyber resilience test procedure shall be be submitted for following DEMONSTRATION:
1. The security zone on board are implemented in accordance with the approved documents, which can be done by physical inspection, network scanning.
2. Security zone boundaries allow only that is documented in the approved document, which can be done by evaluation of firewall rules or port scanning.

Requirement – Protect 2

Network protection safeguards

- Security zones shall be protected by firewalls or equivalent means.
- The network shall be protected against events that impart the quality of service of network resources.
- The CBS shall be configured to provide only essential capabilities and restrict the use of non-essential functions.
- The network shall include means that minimize the risk of denial of service(Dos) and network storm.

Demonstration
- Nothing during Design and Construction phase.
- Commissioning phase: The ship cyber resilience test procedure shall be submitted for following DEMONSTRATION:
1. Test DoS attacks targeting zone boundary device.
2. Test Dos originating from inside each network segment.
3. Test unnecessary functions, ports, protocols and services are removed or prohibited.
The 2nd and 3rd tests may be omitted if performed during the certification of CBSs.
- Considered as untrusted networks shall be physically segmented from security zones .

Requirement – Protect 3

Antivirus, antimalware. Antispam and other protections from malicious code.

- CBS shall be protected against malicious code.
- Any unwanted program perform unwanted and malicious actions.
- Malware protection shall be implemented on CBSs.
- When protection software cannot be installed, malware protection shall be implemented in the operational procedures, physical safeguard of according to  
suppliers’ recommendations.

Demonstration
- Design phase: The Cyber security design description shall include following information:
• Summary of approved protection mechanisms of each CBS
• How to keep the anti-malware software updated.
• Any operational conditions or necessary physical safeguards to be implemented in the shipowner’s management system.
- Construction phase: The malware protection is kept updated.
- Commissioning phase: The ship cyber resilience test procedure shall be submitted for following DEMONSTRATION:
1. Approved anti-malware software or other compensating countermeasures is effective.
The test may be omitted if performed during the certification of CBSs.

Requirement – Protect 4

Access control.

- CBSs shall provide physical and/or logical measures to selectively limit the ability and means to communication with the system itself.
- Physical and logical access controls to cyber asset, networks etc. should be implemented.
- Access to CBSs and networks shall only be allowed to authorized personnel.
- Physical access control: CBSs of CAT 2 and 3 shall be located in normally be locked spaces. However, it is easy to access to the crew and stakeholders who need to access CBSs so as not to hamper effective and efficient operation of the ship.
- Physical access control for visitors: Visitors shall be restricted regarding access to CBSs by such as under supervision.
- Physical access control of network access points: Access points to onboard networks connecting Cat 2 and Cat 3 CBSsshall be physically and/or logically blocked except when connection occurs under supervision or according to documented procedures, e.g. for maintenance.
- Removal media controls: A policy for the use of removable media devices shall be established with procedures.
- Management of credentials: Accounts for onboard and onshore personnel shall be left active only for a limited period according to the role and responsibility of the account holder and shall be removed when no longer needed.
- Least privilege principle: Any human user allowed to access CBSs and networks shall have only the minimum privileges necessary to perform its function.

DEMONSTRATION
- Design phase: The Cyber security design description shall include following information:
• Location and physical access controls for the CBS.
• Devices needing immediate access such as HMI for operators that need not enforce user identification and authentication if they are located in an area with physical access control shall be specified.
- Construction phase: Unauthorized access to the CBSs shall be prevented during the construction phase.
- Commissioning phase: The ship cyber resilience test procedure shall be submitted for following DEMONSTRATION:
1. Components of the CBSs are located in areas or enclosures where physical access can be controlled to authorized personnel.
2. User accounts are configured according to the principles of segregation of duties and least privilege and that temporary accounts have been removed .
The 2nd test may be omitted based on certification of CBSs.

Requirement – Protect 5

Wireless communication

- Cryptographic mechanisms such as encryption algorithms and key lengths in accordance with industry standards and best practices shall be applied to ensure integrity and confidentiality of the information transmitted on the wireless network.
- Devices on the wireless network shall only communicate on the wireless network (i.e. they shall not be “dual-homed”)
- Wireless networks shall be designed as separate segments in accordance with 4.2.1 and protected as per 4.2.2
- Wireless access points and other devices in the network shall be installed and configured such that access to the network can be controlled.
- The network device or system utilizing wireless communication shall provide the capability to identify and authenticate all users (humans, software processes or devices) engaged in that communication.

DEMONSTRATION
- Design phase: The Cyber security design description shall include following information:
• Description of wireless networks in the scope of applicability and how these are implemented as separate security zones. The description shall include zone boundary devices and specify the traffic that is permitted to traverse the zone boundary (e.g. firewall rules)
• A summary of mechanisms to prevent unauthorised access of human users and devices, and mechanisms to protect integrity and confidentiality of information transmitted on the wireless network. The CSDD Should also include references to applicable information in the product supplier’s documentation for each CBS (see UR E27 section 6.2.5)
- Construction phase: The shipyard shall prevent unauthorised access to the wireless networks during the construction phase.
- Commissioning phase: The ship cyber resilience test procedure shall be submitted for following DEMONSTRATION:
1. The Shipyard shall demonstrate e.g. by use of a network protocol analyser tool, that the wireless communication protocol corresponds with approved documentation by the respective product supplier.

Requirement – Protect 6

Remote access control and communication with untrusted networks.

- CBSs shall be protected against unauthorized access and other cyber threats from untrusted networks.
- Onboard CBSs become digitalized and connected to the internet to perform a wide variety of legitimate function, which makes the CBSs vulnerable to cyber incidents.
- Not all cyber incidents are a result of a deliberate attack.
- User’s manual shall be delivered for control of remote access to onboard IT and OT systems with clear guidelines that identify roles and permissions with functions.
- IP address shall not be exposed to untrusted networks.
- Communication with or via untrusted networks requires secure connection.
- To have capability to terminate a connection and any remote access shall not be possible until permitted by a responsible on board.
- To be capable of managing interruptions during remote sessions.
- To provide logging function to recode all remote access events for offline review of a cyber incident.

DEMONSTRATION
• The Product supplier shall demonstrate security capabilities supporting the requirements of this section by following the process specified in UR E27 section 6.
- Design phase: The Cyber security design description shall include following information:
• Identification of each CBS that can be remotely accessed or that otherwise communicates through the security zone boundary with untrusted networks.
• A description of compliance with remote access control requirements for each CBS.
- Construction phase: Any communication with untrusted networks is only temporarily enabled and used in accordance with the requirements.
- Commissioning phase: The ship cyber resilience test procedure shall be submitted for following DEMONSTRATION:
1. It is secured in accordance with UR E27 sec. 4.2 and that communication protocols cannot be negotiated to a less secure version; demonstrate e.g by use of a network protocol analyzer tool.
2. It is required multifactor authentication of the remote user.
3. A limit of unsuccessful login attempts is implements and a notification message is provided for the remote user before session is established.
4. Remote connection must be granted by responsible personal on board.
5. Remote sessions can be manually terminated by personnel on board or the session will be terminated after a period of inactivity automatically.
6. Remote sessions are logged.
Instructions or procedures are provided by the respective suppliers.

Requirement – Protect 7

Use of Mobile ad portable Devices.

- Use of mobile and portable devises shall be limited to only necessary activities and controlled in accordance with UR E27 Sec 4.1 item 10. For any CBS that cannot fully meet these requirements, the interface ports shall be physically blocked
- The CBSs can be impaired due to malware infection via a mobile or a portable device.
- Mobile equipment that is required to be used for the operation and maintenance of the ship should be under the control of the ship owner.
- Only authorized devices may be connected to the CBSs.
- All use of such devices shall be in accordance with the shipowner's policy for use of mobile and portable devices, taking into account the risk of introducing malware in the CBS.

DEMONSTRATION
- Design phase: The Cyber security design description shall include following information:
• Any CBSs that do not meet the requirements in UR E27 Sec. 4.1 item 10, i.e., that shall have protection of interface ports by physical means such as port blockers.
- Construction phase: Use of physical interface ports is controlled in accordance with UR E27 Sec 4.1 item 10 and that any use of such devices follows procedures to prevent malware from being introduced in the CBS.
- Commissioning phase: The ship cyber resilience test procedure shall be submitted for following DEMONSTRATION:
1. Use of mobile and portable devices is restricted to authorized users.
2. Interface ports can only be used by specific device types.
3. Files cannot be transferred to the system from such devices.
4. Files on such devices will not be automatically executed (by disabling autorun)
5. Network access is limited to specific MAC or IP addresses.
6. Unused interface ports are disabled.
7. Unused interface ports are physically blocked.

⚓ Join the ShipPaulJobs Community

Join →
Share

Comments