ThalaSec Institute
ThalaSec Institute
  • Strona główna
  • Trainings
    • IACS Basic
  • Więcej
    • Strona główna
    • Trainings
      • IACS Basic
  • Strona główna
  • Trainings
    • IACS Basic

Trainings list

Cybersecurity for Newly Built Ships – Compliance with IACS UR E26/E27

Category: Technologies
Subcategory: Operational Technology
Training code: OT-IACS-24
Duration: 3 days
Price information from: 4950 PLN net
Training language: Polish
Delivery format: classroom-based, online 


Training Objectives 


The objective is to equip participants with the knowledge and skills required to identify, analyze, and manage cybersecurity threats in Operational Technology (OT) environments used in the construction and operation of seagoing vessels. The training addresses the specifics of shipboard automation systems, OT communication protocols, and the requirements of classification societies and standards such as IEC 62443 and the International Association of Classification Societies (IACS) UR E26/E27. 



Training Schedule (3 days)

Day 1: Introduction to OT/ICS in shipyards and onboard vessels + threats and vulnerabilities
Day 2: Communication protocols and OT environment protection + risk and incident management
Day 3: OT standards and regulations in the maritime sector + practical workshop on producing documentation compliant with IACS UR E26/E27


Target Audience

The training is intended for:

– shipyard automation and electrical engineers
– designers of marine automation and control systems
– OT/ICS specialists responsible for integration of shipboard systems
– personnel responsible for compliance with classification society requirements (BV, DNV, ABS, etc.)
– cybersecurity teams supporting OT environments
– auditors and consultants involved in the resilience of maritime systems


Training Scope

The program consists of the following modules:


  1. Introduction to OT/ICS environments in shipyards and onboard vessels
    – definitions: OT, ICS, SCADA, DCS, PLC, RTU, HMI (Human-Machine Interface)
    – differences between IT and OT in shipyards and onboard ships
    – typical ship system architectures – Purdue model, zones and conduits on vessels
    – impact of cyber incidents on physical safety, operations, and continuity
  2. Threats and vulnerabilities in ship and shipyard OT systems
    – OT threat landscape: malware, ransomware, supply-chain attacks, ICS-specific threats
    – attack vectors in ship and shipyard OT environments: diagnostic interfaces, CAN networks, propulsion interfaces, BMS (Ballast Management System)
    – vulnerabilities specific to maritime systems: legacy devices, lack of segmentation, weak authentication, exposure via onboard networks
    – case studies of maritime cyber incidents
    – exercise: case analysis and identification of vulnerabilities in shipboard systems
  3. Communication protocols in ship OT – security and risks
    – overview of industrial protocols used on vessels: Modbus, DNP3, Profinet, Ethernet/IP, CANbus, NMEA, IEC 61162
    – characteristics and use cases in shipboard systems
    – typical OT protocol weaknesses in ship and shipyard environments
    – OT communication security techniques: segmentation, filtering, encryption, network monitoring
    – laboratory session: network traffic analysis (e.g., Modbus TCP) in a simulated ship environment
  4. Defending and securing OT environments in shipyards and onboard vessels
    – Defense-in-Depth concept for ship OT systems
    – physical and logical network segmentation according to IEC 62443 and classification society expectations
    – hardening OT devices: PLC, HMI, RTU, propulsion controls, cargo systems
    – OT security monitoring: IDS/IPS for industrial networks, logging and security analytics
    – identity and access management in ship OT environments
    – laboratory session: firewall configuration for OT zone segmentation, attack simulation and incident response
  5. Risk and incident management in maritime OT environments
    – fundamentals of OT risk assessment: threat identification, impact and likelihood evaluation
    – developing OT security policies for vessels and shipyards
    – business continuity planning (BCP) and disaster recovery (DR) for shipboard OT
    – OT incident management processes – the role of a CSIRT (Computer Security Incident Response Team) in maritime contexts
    – exercise: performing a risk assessment for a shipboard scenario (e.g., ballast or propulsion system attack)
  6. Standards and regulations for OT security in the maritime sector
    – overview of key standards: IEC 62443, IMO MSC-FAL.1/Circ.3, IACS UR E26/E27
    – classification society requirements: Bureau Veritas (BV) NR 659, Det Norske Veritas (DNV) Cyber Secure, American Bureau of Shipping (ABS) CyberSafety
    – impact of national regulations on ship and shipyard cybersecurity
    – discussion: implications for system design, documentation, and testing of ship OT systems


 

Benefits for Participants

After completing the training, participants will:

– understand OT environments in shipyards and onboard vessels
– be able to identify vulnerabilities and threats in ship and shipyard OT systems
– have knowledge of OT protocol security and hands-on experience from simulation labs
– be equipped to design and implement OT security architecture (segmentation, monitoring, hardening)
– be capable of conducting risk assessments and preparing incident response procedures for shipboard systems
– understand regulatory and classification requirements, including IACS UR E26/E27, and apply them in shipbuilding and integration processes


Prerequisites

- General understanding of ship electrical systems, including power distribution, control circuits, and automation components used on vessels.
- Ability to read and interpret technical documentation, such as wiring diagrams, system schematics, interface descriptions, and equipment data sheets.

- Basic familiarity with industrial automation concepts, such as PLCs, sensors, actuators, alarms, and control loops (no programming experience required).
- Experience working with or preparing documentation for ship systems, for example system descriptions, I/O lists, block diagrams, or electrical plans.

 - Awareness of how onboard systems interact operationally, including propulsion, navigation, cargo handling, or auxiliary systems.
- Basic understanding of networks used in ship systems, such as Ethernet-based connections, serial links, or fieldbus communication (from an engineering—not IT—perspective).
- Ability to understand English-language technical manuals, as most vendor documentation and classification requirements are issued in English.


Training Methodology

– combination of theoretical lectures, practical workshops, and simulations (online or on-site labs)
– group work on real-world ship/shipyard system scenarios
– industry examples and case studies related to maritime automation


Certification and Training Documentation

Participants receive a personalized Certificate of Completion confirming competencies in maritime OT cybersecurity.

A post-training report with recommendations for shipyard OT architecture and documentation can be provided upon request.


Organization and Logistics

The training is delivered on-site or online/hybrid using platforms such as  Microsoft Teams.

For on-site sessions: training room equipped with workstations or participant laptops, access to OT simulators or test environments.

Copyright © 2025 ThalaSec Institute — Wszelkie prawa zastrzeżone.

  • Privacy Policy

Obsługiwane przez GoDaddy

Ta witryna korzysta z plików cookie.

Używamy plików cookie do analizowania ruchu w witrynie i optymalizacji Twoich wrażeń. Jeśli zaakceptujesz użycie plików cookie, Twoje dane zostaną zagregowane z danymi innych użytkowników.

OdrzućZaakceptuj