Executive Summary

On January 20, 2026, maritime technology company GTMaritime launched GT Identify, a new cybersecurity solution aimed at helping ship operators manage cyber risk and meet regulatory requirements. The system, built on the company's GT Hub platform, provides a centralized inventory of all onboard IT and Operational Technology (OT) assets across a fleet. By providing visibility and vulnerability reporting, GT Identify is designed to help organizations comply with the International Maritime Organization's (IMO) cyber risk management rules and the International Association of Classification Societies' (IACS) Unified Requirements E26 and E27.

Regulatory Details

The launch of GT Identify is a direct response to increasing regulatory pressure on the maritime industry. Key regulations addressed include:

• IMO Resolution MSC.428(98): Requires ship owners and managers to incorporate cyber risk management into their Safety Management Systems.
• IACS Unified Requirements E26 & E27: These new requirements, which come into force for new builds, mandate stricter cybersecurity controls for vessels' critical OT systems. They cover areas like network design, asset management, and protection of onboard systems.

The GT Identify solution aligns its capabilities with the "Identify" function of the NIST Cybersecurity Framework, which is the foundational first step in managing cybersecurity risk. This involves understanding the business context, the resources that support critical functions, and the related cybersecurity risks.

Affected Organizations

The primary audience for this solution is ship owners, ship managers, and operators of maritime fleets worldwide. It is relevant to any organization in the shipping industry that needs to comply with IMO and IACS cybersecurity mandates.

Compliance Requirements

GT Identify helps organizations meet several specific compliance obligations:

• Asset Management: It creates a comprehensive, centralized inventory of all connected hardware and software on each vessel. This is a fundamental requirement of both IACS E26/E27 and the NIST Framework.
• Risk Assessment: By providing vulnerability reporting, the system highlights outdated software or exposed components. This data is essential for conducting risk assessments and prioritizing remediation efforts.
• Continuous Monitoring: The system provides ongoing visibility into the state of onboard IT/OT assets, supporting a continuous monitoring approach to cyber risk management.

Implementation Timeline

The IACS UR E26 and E27 requirements are being phased in, typically applying to vessels contracted for construction on or after a specified date. Ship operators need to implement solutions like GT Identify to ensure their new vessels are compliant from day one and to retrofit or update procedures for their existing fleet to meet IMO guidelines.

Impact Assessment

For the maritime industry, the failure to comply with these regulations can have significant consequences, including vessels being detained by port state control, loss of insurance coverage, or inability to secure contracts. A lack of visibility into onboard assets, which GT Identify aims to solve, is a major security gap. It prevents effective vulnerability management and leaves vessels exposed to cyberattacks that could disrupt navigation, propulsion, or cargo management systems, with potentially catastrophic safety and environmental consequences.

Compliance Guidance

Maritime organizations should take the following steps:

1. Adopt a Framework: Formally adopt a recognized cybersecurity framework like the one from NIST to structure the cyber risk management program.
2. Implement Asset Inventory: Deploy a solution like GT Identify to gain a complete and accurate inventory of all IT and OT assets on every vessel. This is the foundational step that cannot be skipped.
3. Conduct Vulnerability Assessments: Use the data from the asset inventory to identify and prioritize vulnerabilities for remediation.
4. Develop and Test Response Plans: Create and regularly test incident response plans specifically for maritime scenarios, such as a GPS spoofing attack or a ransomware infection on a cargo management system.