SPS Networks
SPS Networks
Book a call

SPS Networks

Integral·Sho·K27·Go
Orbit Connect — Available now
Multi-bearer management·Incident governance·Orbit Connect — now available →·New: What should a maritime connectivity SLA actually contain? →·Monthly SLA packs·30-day deployment·Fleet monitoring·Offshore operations·Single accountability·VSAT · LEO · LTE · L-band·One partner. One outcome.·Multi-bearer management·Incident governance·Orbit Connect — now available →·New: What should a maritime connectivity SLA actually contain? →·Monthly SLA packs·30-day deployment·Fleet monitoring·Offshore operations·Single accountability·VSAT · LEO · LTE · L-band·One partner. One outcome.·
Insights

2026-04-16 · 12 min read

Securing the Autonomous Vessel: A Cyber Risk Framework for MASS Operations

Sampaul Singh — Integral Solution Systems Pte. Ltd.

We built the tooling. That context matters here.

Integral's background is in system monitoring and integration. That expertise maps directly to the OT cybersecurity domain: the CBS layer, the network architecture, the evidence management chain. We built ShoK27Go from a conviction that well-documented systems produce well-controlled products. Compliance starts in the documentation, not the audit. We know where the burden is heaviest, where the type approval process breaks down, and where the evidence gaps sit. This paper is written from that vantage point.

E27 is comprehensive for what it covers. The problem is that it covers a vessel with a crew.

IACS UR E27 Rev.1 establishes 41 security capabilities for Computer-Based Systems on board ships, grounded in IEC 62443, mandatory for newbuilds contracted from 1 July 2024. When combined with E26's ship-level network architecture requirements, the framework provides a robust foundation for crewed vessel cybersecurity.

But E27 carries a systemic assumption that is visible in every requirement once you look for it: a human crew is on board. Someone who can detect anomalies, intervene in failures, override automated decisions, and call for help. This assumption holds at IMO Degree 1 autonomy. At Degree 2, it begins to erode. At Degree 3 (remotely controlled, no crew on board) it is structurally false.

The regulatory gap

IMO's non-mandatory MASS Code goes to adoption at MSC 111 in May 2026. The mandatory code enters force on 1 January 2032. In between, autonomous vessels will operate under a standard designed for crewed ships, with goal-based MASS provisions that contain no prescriptive security controls.

At MSC 110 (June 2025), the IMO decided that MASS cybersecurity will not be embedded in the MASS Code itself. It will depend on a separate Maritime Cybersecurity Code that does not yet exist. Until that instrument is developed and adopted, the cybersecurity provisions for autonomous vessels remain fragmented across standards that were not designed for autonomous operations.

FigureSignificance
24E27 type-approved CBS systems globally (late 2024, Pen Test Partners). Against 50,000+ newbuilds requiring E27 compliance from 2024 forward.
828Maritime cyber incidents in 2025, up 103% year-on-year (CYTUR 2026).
1,000/dayGPS spoofing incidents affecting approximately 40,000 vessels (CYTUR 2026). Direct relevance to autonomous navigation resilience.
2032Mandatory MASS Code entry into force. The organisations that engage during the voluntary phase will shape the mandatory requirements.

The 13 structural gaps

The analysis identifies thirteen structural gaps between E27's coverage and MASS cybersecurity requirements. All stem from the same root cause: E27 was designed with an implicit assumption that pervades every requirement: a human crew is present and capable of intervention.

G1–G2: Remote control and command authenticationE27 assumes CBS operates on a vessel with local operators. At Degree 2/3, the remote communication link is the primary attack surface, and no current standard addresses its security prescriptively.

G3: ROC as a security domainThe Remote Operations Centre is the bridge of the autonomous vessel, relocated to shore. E27 has no concept of it. No current standard specifies ROC security requirements.

G4–G5: AI/ML system integrityE27 has no AI/ML concept. Autonomous decision systems require integrity assurance (adversarial robustness, training data integrity, deterministic safety boundaries) that IEC 62443 does not address.

G6: Sensor fusion securityAutonomous vessels depend on fused multi-sensor output for safe navigation. E27 assesses individual sensor CBS in isolation. The fusion layer is unaddressed.

G9: Autonomous fallback / safe-stateE27 assumes human intervention is available when communications fail. At Degree 3/4, the vessel must enter a defined safe state without any human input. No standard specifies what that looks like or how to verify it.

Five process gaps compound the structural deficiencies. Most critically: E27 is point-in-time assessment; autonomous vessels need continuous cybersecurity posture monitoring. E27 survey assumes physical on-board inspection; unmanned vessels require remote survey frameworks. Neither capability exists in current class society practice.

Singapore's USV trials begin H2 2026. If those vessels are to receive any cybersecurity notation, remote survey capability needs to exist before they depart. That is six months away.

What the evidence management problem actually looks like

An OEM supplier needs to demonstrate E27 compliance for a navigation system installed across twelve vessel classes, surveyed by three different classification societies. E27 requires documentation across all 41 security capabilities: for DNV, one set of terminology and evidence formats; for ClassNK, another; for LR, a third. The same technical implementation generates three different documentation exercises.

For a non-type-approved CBS (which, given 24 type-approved systems against 50,000+ newbuilds, is the overwhelming majority of CBS installations), the documentation burden per vessel is substantial. Asset inventory, topology diagrams, security capability descriptions, SCRTP test procedures, FAT cyber component records, Security Configuration Guidelines. Multiply by the number of CBS on the vessel, then by fleet size.

ShoK27Go was built to address this directly. The platform's CBS registration workflow maps each system's security capabilities to the 41 E27 requirements, with class-specific output formatting for DNV, ClassNK, LR, BV, ABS, and RINA. Evidence collection is structured around the actual survey workflow. SCRTP procedures are built into the evidence chain. FAT cyber components are tracked through the platform's lifecycle management so the FAT record becomes part of the CBS's ongoing compliance file.

KIZUNA: the trust layer

Evidence generation addresses the documentation problem. KIZUNA addresses the trust problem.

The E27 type approval bottleneck is a trust problem. A shipyard accepting a CBS from a supplier has no way to verify, at the time of installation, that the system meets its claimed security profile. For the approximately 24 systems with type approval, the certificate provides that assurance. For everything else, the shipyard relies on supplier documentation that was generated by the supplier.

KIZUNA is Integral's Certified Supplier Registry protocol. It validates, independently witnesses, cryptographically seals, and publicly maintains the compliance status of maritime CBS suppliers. The protocol operates in three phases: registry listing (documentation validated), witness testing (security capabilities tested against SCRTP procedures, not just documented), and cryptographic seal (ED25519 signature over the evidence package: tamper-evident and remotely verifiable).

ShoK27Go is the evidence engine. KIZUNA is the trust outcome. Supplier → ShoK27Go → KIZUNA Protocol → Registry Listing → Shipyard / Class Society / Vessel Owner.

For MASS operations, KIZUNA's cryptographic evidence chain addresses process gap P3 (remote survey capability) directly. A class surveyor assessing a Degree 3 unmanned vessel remotely needs tamper-evident evidence that CBS were configured as documented. The sealed evidence package provides that assurance without physical boarding.

The framework

The proposed framework is an extension layer above E27, additive rather than duplicative. The industry's investment in E26/E27 compliance carries forward. Requirements are graduated by degree of autonomy, so Degree 1 vessels are not burdened with Degree 4 controls. Every requirement maps to a verifiable evidence artefact, enabling automated compliance assessment.

Ten chapters covering: ROC security, communication channel security (encryption, authentication, latency-tolerant protocols, redundancy), autonomous navigation system resilience (sensor fusion integrity, AI model verification, GNSS spoofing resistance), unmanned vessel physical security, fleet-level cybersecurity management, continuous compliance and monitoring, and automated incident response for Degree 3/4 operations.

The window

The non-mandatory MASS Code (May 2026) creates the framework for voluntary adoption. The Experience-Building Phase (from December 2026) collects operational data. The mandatory code development (from 2028) crystallises requirements based on that evidence. Organisations that engage during the voluntary phase will shape the mandatory requirements. Those that wait will comply with a baseline others set.

The cost of retrofitting cybersecurity into autonomous vessel designs after the mandatory code enters force in 2032 will be substantially higher than designing it in from the outset. Every class society that publishes a MASS cyber notation before 2028 will see earlier engagement from operators who want to be classified. Every CBS manufacturer that extends E27 documentation to address MASS-specific requirements will have a competitive advantage as the mandatory code deadline approaches.

The full framework (13 structural gap analysis, five process gaps, risk assessment methodology by autonomy degree, classification society readiness assessment, and implementation timeline) is available as a detailed technical paper.

References

  1. IACS UR E27 Rev.1International Association of Classification Societies, 2022. Security capabilities for Computer-Based Systems on board ships.
  2. IACS UR E26International Association of Classification Societies, 2022. Cyber resilience of ships.
  3. IEC 62443 seriesInternational Electrotechnical Commission. Security for industrial automation and control systems.
  4. IMO MSC 110International Maritime Organization, June 2025. Deliberations on MASS cybersecurity and the decision not to embed cybersecurity requirements in the MASS Code.
  5. Pen Test PartnersMaritime cybersecurity research, 2024. Type approval landscape for IACS UR E27 — 24 type-approved CBS systems against 50,000+ newbuild compliance requirements.
  6. CYTURMaritime Cyber Threat White Paper, 2026. 828 recorded maritime cyber incidents in 2025, up 103% year-on-year; GPS spoofing disruptions at approximately 1,000 per day affecting an estimated 40,000 vessels.
  7. CydomeMaritime Trends Report, 2026. Independent monitoring of GPS spoofing and jamming events; reports a 500% rise in spoofing/jamming incidents across 2025, corroborating the scale cited from CYTUR.

The data, analysis, and views in this paper draw on a combination of published research, publicly available regulatory documentation, and the author's own assessment. Where statistics are cited, the originating source is noted; figures may vary depending on the methodology and timing of the underlying research. The views expressed are those of the author and do not represent any classification society, flag state, or standards body.

Download the full framework paper.

The complete technical paper includes the 13-gap analysis, MASS cyber risk matrix by autonomy degree, classification society readiness assessment across DNV/ClassNK/BV/ABS/LR/RINA, and the full implementation timeline to 2032.

Download PDF

An Integral company

Maritime fleetsOffshore assetsSolutions

One control plane. One SLA. One partner.