Secure Vendor Remote Access (SVRA) for Ships
The Vendor Access Problem on Ships
Secure Vendor Remote Access (SVRA) is a specialised approach to controlling, monitoring, and auditing remote access by third-party OEM vendors and service providers to shipboard systems. Unlike general remote access security (which addresses all users), SVRA focuses specifically on the unique risk presented by external vendors who need temporary, system-specific access to equipment they manufactured or maintain.
The vendor access problem is pervasive in the maritime sector. A typical vessel may have 15–30 different OEM relationships — engine manufacturer, navigation system vendor, automation system provider, communications equipment supplier, cargo management system developer — each potentially requiring remote access at various intervals. Historically, each vendor was given permanent VPN credentials or a dedicated modem, creating a proliferation of uncontrolled access pathways that the vessel operator has no visibility into and cannot revoke without contacting each vendor individually.
SVRA solutions replace this permanent-access model with just-in-time access: vendors request access for a specific purpose, the vessel operator approves it for a defined time window and system scope, the vendor connects via a controlled gateway with session recording, and access is automatically revoked when the session ends or the time window expires. No permanent credentials exist. Every vendor session is recorded. The operator has complete visibility and control.
Regulatory Framework
IACS UR E26 requires that access to computer-based systems by third parties (including OEM vendors) be subject to the same authentication and logging requirements as crew access. There is no "vendor exemption" in E26. Permanent, uncontrolled vendor access is non-compliant with E26's access control and logging requirements regardless of OEM warranty terms.
BIMCO/ICS Maritime Cyber Security Guidelines explicitly state that third-party access must be controlled, time-limited, and subject to monitoring. The guidelines recommend implementing a formal vendor access management process — which SVRA solutions provide as a managed service or deployable platform. TMSA3 and other charterer vetting frameworks reference this guideline in their cybersecurity assessment criteria.
ISM Code requirements for contractor management extend to cyber access. The Designated Person Ashore (DPA) is responsible under the ISM Code for ensuring that third-party activities — including remote maintenance — do not compromise the safety management system. SVRA provides the DPA with the visibility and control required to discharge this responsibility for remote vendor access.
IEC 62443 Part 2-4 addresses security requirements for OT service providers (including OEM vendors) accessing industrial systems. It requires that vendor remote access be controlled and monitored using solutions equivalent to SVRA capabilities. IACS UR E26 references IEC 62443 as the technical framework, making IEC 62443 requirements applicable to maritime OT environments.
SVRA Architecture & Workflow
SVRA solutions typically consist of a shore-based access management portal (where vendors request access and operators approve it), a shipboard gateway appliance (where vendor sessions terminate), and an access token issuance system (that generates time-limited, scope-limited credentials for each approved session). Vendors use an SVRA client application — not a conventional VPN — that connects to the gateway appliance through the approved access token only.
| SVRA Capability | Minimum Requirement | Best Practice |
|---|---|---|
| Access Window Duration | User-defined, auto-expire | 2–8 hours max per session |
| System Scope Granularity | Per-system access | Per-device, per-service |
| MFA Requirement | For token retrieval | MFA at token request + connection |
| Audit Trail | Session log (who, when, what) | Full session recording + keystroke log |
| Emergency Vendor Access | Expedited approval path | Pre-approved emergency vendor list |
Maritime Implementation Constraints
Most existing OEM maintenance contracts were written before SVRA requirements existed and grant vendors open-ended remote access rights. Implementing SVRA requires updating these contracts to require vendors to use the SVRA platform. Some OEMs treat existing permanent access as a contractual entitlement — requiring legal engagement to modify. This process typically takes 6–18 months per major vendor relationship.
Some OEM diagnostic and maintenance tools are designed to communicate with their equipment via proprietary protocols over dedicated VPN connections — not via standard RDP/SSH proxied through a gateway. Running these tools through an SVRA proxy may require vendor cooperation to modify their tool configuration, which not all vendors are willing to provide. This can create exceptions where certain OEM access paths cannot be controlled by SVRA.
Emergency vendor access (e.g. for a machinery failure at sea) may require approval from a DPA or technical superintendent who is not immediately available. SVRA platforms must include a 24/7 emergency approval path — either an on-call approver function or a pre-approved emergency access category for critical safety maintenance — to avoid safety-critical delays caused by access approval latency.
Trends & Market Developments
Shore-based SVRA platforms that manage vendor access for multiple vessels from a single operator portal are becoming available — reducing per-vessel deployment cost and management overhead. Services include pre-enrolled major maritime OEMs, standard contract templates, and 24/7 approval coverage.
Major maritime OEMs including Wärtsilä, Kongsberg, and MAN Energy are beginning to publish SVRA compatibility requirements in their service documentation, signalling a market shift from vendor resistance to vendor acceptance of secure access controls — driven by their own cybersecurity incident liability exposure.
Modern SVRA platforms support mobile approval workflows — superintendents receive push notifications on mobile devices with full session request details and can approve or deny vendor access from anywhere, eliminating the availability constraint of desktop-only approval systems. This significantly reduces emergency access latency.
AI analysis of recorded vendor sessions is emerging — automatically detecting when a vendor session deviates from expected maintenance patterns (accessing systems outside the approved scope, exfiltrating files, installing unauthorised software) and alerting the operator in real-time rather than only on post-hoc review.
Permanent vendor credentials are not acceptable under IACS UR E26. Every OEM vendor with remote access to a vessel's computer-based systems must be managed through a time-limited, approval-gated, recorded access mechanism — whether through an SVRA platform, a jump server with time-limited credentials, or an equivalent technical control.
Start with a vendor access audit. Before deploying SVRA, identify every vendor credential that currently exists for remote access to the vessel — VPN accounts, modem accounts, dedicated connections. The typical discovery exercise reveals 2–5x more vendor access pathways than the vessel operator was aware of.
Contract renegotiation is the long lead-time item. Technical SVRA deployment takes weeks; contract updates with major OEMs take months to years. Begin the contractual process early — in parallel with, not after, the technical implementation programme.
Continue the Remote Access series with OTRAA — OT-native authentication solutions for shipboard control systems.
⚓ Join the ShipPaulJobs Community
Join →
Comments
Post a Comment