Anatomy of a Ship ZCD — Understanding the Building Blocks of an IACS UR E26 Zone and Conduit Diagram
Introduction — Why a ZCD Is More Than a Picture
A Zone and Conduit Diagram (ZCD) is frequently described as a deliverable. Engineers produce it, classification societies request it, and auditors review it.
But what exactly is a ZCD? What does it consist of? And what must be true before it can be drawn?
A ZCD is not a drawing.
It is the visible expression of the assumptions, trust boundaries, and communication rules that define a ship's cyber resilience.
Required by
IACS UR E26
Core of
CSDD
Represents
Cyber Architecture
The ZCD does not describe hardware. It describes trust relationships — which systems can communicate, through which boundaries, under which controls. It is the graphical form of the entire security design.
Before a single zone can be defined, the asset inventory must be complete. It is impossible to define trust boundaries for systems that have not been identified.
Required Attributes
Common Examples
Each asset must be assigned to a Purdue level. This assignment drives zone definition and conduit design.
Zone Attributes
Baseline Nine Zones
A conduit is not simply a cable or a network link. It is a defined, controlled communication path between two Zones — with explicit security attributes.
Conduit Attributes
The Data Flow Matrix is the foundation from which conduit definitions, firewall rules, and verification procedures are derived. Without it, conduits are assumptions.
Required Attributes
SL-Ts are derived from risk assessment and define the required level of protection for each Zone across three security dimensions.
🔄
Availability
🔒
Integrity
🔐
Confidentiality
Navigation Zone
SL-T 3
Machinery Zone
SL-T 3
Crew Network
SL-T 1
⚙ Technical Controls
📄 Administrative Controls
The ZCD is a logical representation. Behind it sits physical infrastructure that implements the architecture.
🔀
Router
🛡
Firewall
⚡
Core Switch
🔌
Access Switch
📶
Wireless AP
👁
IDS Sensor
🖥
Jump Server
+
and more
Supporting Artifacts (10–12)
The ZCD diagram itself is the visible tip. These three tables are what support and justify every element in the diagram.
The diagram is the graphical output of all preceding work. It uses standardized symbols to represent the architecture at a glance.
The ZCD is not a standalone document. It sits within the Cyber Security Design Description (CSDD) as the graphical summary of the full architecture.
A ZCD is only valid as long as it reflects the actual ship. Management of Change (MoC) is essential to keep the architecture current.
The ZCD must be reviewed and updated when:
Final Thoughts
A Zone and Conduit Diagram is not a drawing.
It is the visible expression of the assumptions,
trust boundaries, and communication rules
that define a ship's cyber resilience.
It begins with cables. It ends with verified architecture.
Full Journey
Physical Network → Logical Network → ZCD → CSDD → Verification
This series laid the architectural foundation. The next series will go deeper — into practical implementation.
🔭 Coming Next — E26 ZCD Practical Guide
⚓ Join the ShipPaulJobs Community
Join →
Comments
Post a Comment