Integration of independent systems increases the possibility that the systems responsible for safety functions can be subject to cyber events including external cyber-attacks and failures caused by unintentionally introduced malware.


Systems which are not directly responsible for safety, if not properly separated from essential systems or not properly secured, can increase the intrusion risk or cause unintended damage.

For this reason, it is necessary to keep a record and understand the extent of integration of vessels’ systems and for them to be arranged with sufficient redundancy and segregation.


When integrating computer-based on-board systems to allow their communication and cooperation, operators should take into account the following recommendations.

1. Software installation

Installation of any software in integrated systems should be conducted through a controlled computer, removable media or DMZ. Direct connection to the internet should be avoided.

2. Segmentation

Segmentation of the network should be arranged and documented. Segmentation should be such as to prevent loss of essential systems upon a single failure.

3.  Firewalls

Internal firewall should be applied between each network segment. In addition, firewall between the onboard network and the internet should be duplicated and both should operate in real time. To prevent any unintended communication taking place, the firewall should be configured by default to deny all communication.

4.  Switches and protocols

Network switches should be applied between each network segment. Each segment should have its own range of Internet Protocol (IP) address, while protocols should be encrypted.

5. Anti-virus

Anti-virus software should be installed on each onboard computer or any programmable device having a standard operating system. For PLCs or other equipment without standard operating system, security measures should be applied in accordance with manufacturer recommendations.

Anti-virus should include the following prevention:

  • Anti-virus signature database;
  • File pattern;
  • File size;
  • File type;
  • Grayware;
  • Heuristics;
  • Virus scan.

6.  Safety functions

Safety functions implemented in the integrated network should be implemented in autonomous hardware units. A single fault should not cause any function of the essential system in the integrated network to be unavailable. What is more, any failure should be indicated as an alarm and at the same time all functions should be maintained in order to achieve operation of the essential systems in an integrated network.

7. Testing

Most probable failures detection should be simulated, while redundancy tests should be performed.

You may see further information in the PDF below