E26 Page 1 of 56 IACS Req. 2022/Rev.1 2023 E26 (cont) Cyber resilience of ships 1. Introduction Interconnection of computer systems on ships, together with the widespread use onboard of commercial -off-the-shelf (COTS) products, open the possibility for attacks to affect personnel data, human safety, the safety of the ship, and threaten the marine environment. Attackers may target any combination of people and technology to achieve their aim, wherever there is a network connection or any other interface between onboard systems and the external world. Safeguarding ships, and shipping in general, from current and emerging threats involves a range of measures that are continually evolving. It is then necessary to establish a common set of minimum functional and performance criteria to deliver a ship that can indeed be described as cyber resilient. IACS considers that minimum requirements applied consistently to the full threat surface using a goal -based approach is necessary to make cyber resilient ships. 1.1 Structure of this UR Table 1 : Structure of this UR Introductory Part 1 Introduction 2 Definitions 3 Goals and Organization of Requirements Main Part 4 Requirements 4.1 Identify 4.2 Protect 4.3 Detect 4.4 Respond 4.5 Recover 5 Demonstration of compliance 5.1 During design and construction phases 5.2 Upon ship commissioning 5.3 During the operational life of the ship Supplementary Part 6 Risk assessment for exclusion of CBS from the application of requirements (required only when systems are excluded from application of this UR) Appendix I: Summary of actions and documents Appendix II: Summary of requirements and documents Note: 1. The Unified Requirement published in April 2022 was withdrawn before coming into force on 1 January 2024 2. Rev.1 to this UR is to be uniformly implemented by IACS Societies on ships contracted for construction on or after 1 J uly 2024 and may be used for other ships as non - mandatory guidance. 3. The “contracted for construction” date means the date on which the contract to build the vessel is signed between the prospective owner and the shipbuilder. For further details E26 (Apr 2022) (Rev.1 Nov 2023 Complete Revision ) E26 Page 2 of 56 IACS Req. 2022/Rev.1 2023 E26 (cont) regarding the date of “contract for construction”, refer to IACS Procedural Requirement (PR) No. 29. 1.2 Aim and purpose The aim of this UR is to provide a minimum set of requirements for cyber resilience of ships, with the purpose of providing technical means to stakeholders which would lead to cyber resilient ships. This UR targets the ship as a collective entity for cyber resilience and is intended as a base for the complementary application of other URs and industry standards addressing cyber resilience of onboard systems, equipment and components. Minimum requirements for cyber resilience of on -board systems and equipment are given in IACS UR E27. 1.3 Scope of applicability 1.3.1 Vessels in scope This UR is applicable to the following vessels : - Passenger ships (including passenger high -speed craft) engaged in international voyages - Cargo ships of 500 GT and upwards engaged in international voyages - High speed craft of 500 GT and upwards engaged in international voyages - Mobile offshore drilling units of 500 GT and upwards - Self-propelled mobile offshore units engaged in construction ( i.e. wind turbine installation maintenance and repair, crane units, drilling tenders, accommodation, etc) This UR may be used as non -mandatory guidance to the following. - Ships of war and troopships - Cargo ships less than 500 GT - Vessels not propelled by mechanical means - Wooden ships of primitive build - Passenger yachts (passengers n