IACS re-published in May 2020 its recommendation on cyber resilience (No. 166). The new document harmonised all 12 existing recommendations in one single, standalone recommendation consolidating IACS’ previous 12 recommendations related to cyber resilience (Nos. 153 to 164) and applies to the use of computer-based systems which provide control, alarm, monitoring, safety or internal communication functions which are subject to the requirements of a classification society. Part of the objective in consolidating the 12 recommendations was to define responsibilities and harmonise and simplify the language used therein.
The single recommendation has again been prepared including input from a wide range of industry partners contributing via the Joint Industry Working Group on Cyber Systems – including IUMI - and covers the constructional aspects of the 12 previously published recommendations. It provides information on matters such as reference guidelines and standards, terms and definitions, goals for design and construction, functional requirements, technical requirements and verification testing.
This new recommendation is applicable to a vessel’s network systems using digital communication to interconnect systems within the ship and ship systems which can be accessed by equipment or networks off the ship. Operational aspects that were included in the superseded 12 recommendations have been identified and grouped under a separate annex. Following the publication of this consolidated recommendation the earlier 12 recommendations have been officially deleted by IACS.
Based on the experience gained from the practical implementation of this recommendation IACS will assess the suitability of using it as the basis for a Unified Requirement on Cyber Resilience. The Rec 166 can be downloaded here.