Anchoring Cybersecurity in Romania’s Shipbuilding Industry: The impact of IACS UR E26, UR E27
Ungureanu, Alexandra (2025)
2025
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2025061222775
https://urn.fi/URN:NBN:fi:amk-2025061222775
Tiivistelmä
This research assessed the readiness of Romanian shipbuilding stakeholders to implement the International Association of Classification Societies' cybersecurity regulations, UR E26 and UR E27, which became mandatory for vessels contracted on or after July 1st, 2024. Conducted for a consultancy company within the maritime industry, the research sought to determine knowledge and capability gaps among private shipbuilders to inform targeted service development.
The research objectives were to quantify the levels of awareness regarding the cybersecurity regulations and to evaluate the self-reported readiness and challenges faced in implementing these regulations among Romanian shipbuilding firms. The theoretical framework integrated the NIST Cybersecurity Framework with resilience engineering principles and strategic analysis tools, all adapted to address the specific challenges and context of Romania's maritime industry.
The data for this research was collected from 28 industry stakeholders using quantitative and descriptive survey methods. The findings showed large disparities in awareness, with 50% of the respondents being partially or completely unaware of the regulations. 'Full compliance' was reported by only 18% of respondents, and limited cybersecurity expertise was noted as the main obstacle to implementation (35.7%). Significant variations in awareness and readiness levels exist between large organizations and small companies.
Among the recommendations are building cross-functional teams combining IT and vessel design/construction knowledge, creating implementation plans tailored to the size of the company, and designing specialised training programs for maritime cybersecurity. Classification societies should provide tailored guidance documents, while industry associations should facilitate knowledge transfers between multinational and domestic firms. Academic institutions should update their curricula to incorporate maritime cybersecurity basics.
For Romanian shipbuilding companies, early adoption could translate into a competitive advantage; failing to comply could widen the difference with other EU shipbuilders.
The research objectives were to quantify the levels of awareness regarding the cybersecurity regulations and to evaluate the self-reported readiness and challenges faced in implementing these regulations among Romanian shipbuilding firms. The theoretical framework integrated the NIST Cybersecurity Framework with resilience engineering principles and strategic analysis tools, all adapted to address the specific challenges and context of Romania's maritime industry.
The data for this research was collected from 28 industry stakeholders using quantitative and descriptive survey methods. The findings showed large disparities in awareness, with 50% of the respondents being partially or completely unaware of the regulations. 'Full compliance' was reported by only 18% of respondents, and limited cybersecurity expertise was noted as the main obstacle to implementation (35.7%). Significant variations in awareness and readiness levels exist between large organizations and small companies.
Among the recommendations are building cross-functional teams combining IT and vessel design/construction knowledge, creating implementation plans tailored to the size of the company, and designing specialised training programs for maritime cybersecurity. Classification societies should provide tailored guidance documents, while industry associations should facilitate knowledge transfers between multinational and domestic firms. Academic institutions should update their curricula to incorporate maritime cybersecurity basics.
For Romanian shipbuilding companies, early adoption could translate into a competitive advantage; failing to comply could widen the difference with other EU shipbuilders.