This recommendation regards computer networks, connecting computer based systems onboard for -IT and OT systems, which are vulnerable to potential cyber events that could lead to dangerous situations for the safety of human life, vessel or cargo, or threat to the environment.

Networks onboard ships and vulnerabilities

Networks on board ships can be categorized according to many different properties and can include the following:

  • Extension (local, ship-to-shore within the company, ship-to-shore with other companies, connected to public networks);
  • Technology (fieldbus, Ethernet, WiFi, mobile, short-range wireless);
  • Supported protocols (fieldbus protocols, IP, TCP, UDP);
  • Type of service (supporting IT or OT systems);
  • Category of systems connected (Cat. I, II or III systems – see UR E22);
  • Accessibility (restricted, controlled, public).


Each network type has specific properties and can be affected by specific vulnerabilities. If compromised, its failure can lead to consequences that have different impacts on safety and/or security.

Network vulnerabilities can be related to access to and use of the information generated, archived or transported in the network and quality of the communication service implemented by means of the network.

Preventing cyber incidents

In order to prevent these networks from being breached, there are a number of measures that can be taken. These are:

Risk assessment

Risks should be evaluated taking into account the possible impact of unauthorized access; the possible impact of degradation of data flow; factors related to the ship as a whole, like type of service and navigation.

Key network resources

The following items should be identified:

  • Networks on board;
  • Networked IT and OT systems;
  • Data flows and network devices or resources potentially limiting them;
  • Connections with external systems or networks;
  • Access points and interfaces, including machine-to-machine (M2M) interfaces;
  • Roles and responsibilities of users;
  • Network vulnerabilities and threats, including those related to information security and those related to the quality of communication service, e.g. leveraging vulnerability scan tools, security information databases, etc.

Network protection safeguards

System Integrators and Suppliers should consider and implement the following safeguards to prevent cyber events:

  • Management of identities and credentials of network users, including M2M networks;
  • Enhanced authentication control, or restricted privileges, for remote access or from access points of the lower level of security;
  • Physical access control to network access points;
  • Pervasive implementation of Least Privilege Policy;
  • Bring-your-own-device (BYOD) management policy;
  • Encryption for data at rest (stored) and data in transit (exchanged);
  • Integrity checks for data at rest and data in transit;
  • Separation of networks, firewalling, De-Militarized Zones (DMZs), etc.;
  • Separation of networks supporting IT systems (e.g. for administrative tasks, passenger and crew connectivity, etc.), OT systems (e.g. for engine control, cargo control, etc.) and alarm systems;
  • Event logging and Quality of Service (QoS);
  • Data backup procedures;
  • Network configuration change and patch management;
  • Use of certified approved and/or appropriate products suitable for their intended operational environment;
  • Use of routing technology for ship to shore and ship to ship communication.

Cyber incident response

The following measures aim to take appropriate actions regarding detected cybersecurity events:

  • Confine the breach to the minimum extension;
  • Procedures for a timely acknowledgment and management of incident alerts;
  • Assignment of roles and responsibilities;
  • Continuous training of personnel;
  • Periodic cyber incident drills;
  • Preservation of logs and any elements related to cyber incidents.

Testing and assessment

Finally, for networks connecting systems of Cat. II and III, vulnerability assessment and test campaigns should be conducted in the operational configuration at least once before delivery, in order to verify the actual resilience of onboard networks to cyber incidents.

See more in the PDF below