In its February 2020 newsletter, the Korean Register informs that the cyber security type approval has been developed based on international standards such as ISA 62443 4-2, IEC 61162-460, and inspect cyber security level and function of cyber systems including remote access equipment; integrated control and monitoring systems on board the ship. The security requirements and their levels are verified on 12 categories and 124 requirements.
Concerning the KR Type Approval of Maritime Cybersecurity Inspection Items, the Register notes that components shall provide the capability to be continuously monitored using commonly accepted security industry practices and recommendations to detect; characterize and report security breaches in a timely manner.
Concerning guidelines for Data Packet Monitoring, the Intrusion Detection System (IDS) is used to monitor security breaches. Namely, the definition of IDS is “software that automates the intrusion detection process” and can be used to complement the limitations of firewalls that provide IP address and network port-based prevention policy.
IDS further identifies intrusions and notifies users based on packet analysis for data received even if IP and Ports allowed by the firewall. Similar to IDS, there is an IPS (Intrusion Prevention System) that provides a blocking function instead of notification function. It is also called IDPS with IDS and IPS together.
Applicants need a Security Level 2 or higher to provide IDS, IPS or equivalent functions to monitor security breaches. Due to the fact that IDS and IPS detect or block based on data packet analysis, there is a possibility of false positive (detected or blocked normal data packets) and variety of types such as network-based IDS/IPS using network equipment and host-based IDS/IPS using software applications on nodes such as PCs.
KR stresses that the applicant should understand types/characteristics of IDS/IPS and provide function for the monitoring of security breaches.