From Cable to Cyber Resilience Designing Physical Networks for IACS UR E26/E27
This series explains how physical networks evolve into logical networks, and how those architectures are ultimately translated into Zone and Conduit Diagrams (ZCD) and Cyber Security Design Descriptions (CSDD) required by IACS UR E26/E27.
Introduction
When people first encounter IACS UR E26 and E27, they often think about cyber security products.
However, cyber resilience begins much earlier than that.
Before firewalls, there are networks.
Before networks, there are cables.
And before any security controls can be applied, systems must first be connected.
Understanding this sequence is essential because IACS UR E26 is fundamentally an architectural requirement — not a product requirement.
OT Networks Were Never Designed for Cybersecurity
To understand modern ship cyber security, we must first understand how OT systems evolved.
Traditionally, shipboard systems were designed independently:
Each supplier optimized its own system for reliability and operational performance. Connectivity between systems was minimal. Isolation itself acted as protection.
Cybersecurity was rarely considered because these systems were never expected to be exposed to external networks.
Digital Transformation Changed Everything
Modern vessels are no longer isolated environments. Today, ships continuously exchange information with:
Consequently, systems that were originally designed to operate independently are now interconnected. The result is a System of Systems.
The cyber risk no longer comes from individual equipment.
It emerges from the connections between systems. In many incidents, the vulnerability is not inside the equipment itself — it lies in the interfaces.
Why IACS Introduced UR E26 and E27
Historically, class societies focused primarily on safety and reliability. However, increasing digitalization introduced new risks. A cyber incident affecting one system could propagate throughout the vessel and compromise safety, operational continuity, and environmental protection.
In simple terms: E26 focuses on the ship. E27 focuses on the products installed on the ship.
Cyber Resilience Is Different from Cyber Security
🔒 Cyber Security
Focuses on preventing attacks.
🛡 Cyber Resilience
Focuses on maintaining essential functions despite attacks.
This distinction is particularly important for ships. Because a ship cannot simply stop operating in the middle of the ocean.
The objective is not to create perfect protection.
The objective is to ensure that critical functions remain available even when cyber incidents occur.
Availability becomes as important as confidentiality. This is why redundancy, segmentation, and survivability play a central role in E26.
The Physical Network Is the Foundation
A cyber architecture does not exist independently. It is built on top of a physical architecture. Every switch, every router, every firewall, every communication cable — together they form the foundation upon which cyber resilience is built.
The Correct Design Sequence
⚠️ Skipping these steps often leads to diagrams that satisfy documentation requirements but fail to represent reality.
Understanding the Purdue Reference Model
Although originally developed for industrial automation systems, the Purdue Model provides an effective framework for maritime OT environments. Most ship architectures can be interpreted through its layered structure.
The Purdue Model is not explicitly mandated by IACS. Nevertheless, it provides a practical foundation for designing trust boundaries and network segmentation in ship environments.
The Role of Network Components
Each network component serves a different purpose. Understanding these roles is essential before designing a cyber architecture.
Cyber Resilience Requires Redundancy
Unlike office environments, shipboard systems must remain operational under abnormal conditions. Physical network design must account for survivability.
Redundancy Design Considerations
Cyber resilience is not merely about security. It is equally about survivability.
Before Designing Security, Design the Network
Many projects begin with security products. But experienced engineers understand that products alone cannot create cyber resilience. Architecture creates cyber resilience. And architecture begins with networks.
Before defining VLANs,
before assigning IP addresses,
before creating firewall rules,
we must first understand how systems are physically connected.
Because every cyber architecture ultimately begins with a cable.
Zone Before VLAN
In Part 2, we move one layer above physical connectivity. Instead of asking "How should VLANs be configured?" we will ask a much more important question: "How should Zones be defined?"
Because in ship cyber security — Zones come before VLANs.
⚓ Join the ShipPaulJobs Community
Join →

Comments
Post a Comment