Why Maritime Cybersecurity Became a System Engineering Issue (6/9)

💡 Insight Series 6 / 9 IACS UR E26/E27 Engineering Evidence System Engineering

Chapter 6. Required Engineering Evidence

Why Maritime Cybersecurity Became a System Engineering Issue (6/9)

Blue Horizonist (Lew)
Blue Horizonist (Lew)
Maritime & Cyber Security Consultant · ISP Consultant
📚 Blue Horizonist Series — Why Maritime Cybersecurity Became a System Engineering Issue
Ch.01 Why Does Cybersecurity Need to Be a System Engineering Issue? Ch.02 Ships Are Now Complex Systems Ch.03 Complexity Requires a Different Kind of Thinking Ch.04 The Purpose Behind IACS UR E26 and E27 Ch.05 From Functional Design to Explainable Design
Ch.06 Required Engineering Evidence 📍 You are here
Ch.07 Zone & Conduit Architecture in Practice Coming Soon
Ch.08 The Compliance Gap: What Shipyards Deliver vs. What Class Requires Coming Soon
Ch.09 Maritime Cybersecurity as a Discipline Coming Soon

In the previous chapter, we explored why Explainable Design is becoming increasingly important in modern ship environments. We also discussed why implementing the required functionality alone is no longer sufficient, and why designers must be able to explain their design intent, operational assumptions, and engineering rationale.

This naturally leads to the next question:

🔍 Key Question

"How can such a design actually be explained?"

In real-world projects, the answer to this question is typically found in various forms of documentation. However, the documents discussed here are not simply deliverables prepared for submission. They represent Engineering Evidence that explains:

  • The engineering decisions that were made,
  • The assumptions on which the system was designed, and
  • The methods used to verify that the design performs as intended.

Ⅰ. Engineering Evidence Is More Than Documentation

In many projects, Engineering Evidence is often viewed simply as documentation that must be submitted. In reality, however, its purpose goes far beyond document collection. The more important question is whether it can answer questions such as:

  • Why was this design selected?
  • What engineering decisions were made?
  • Which operational environment was assumed?
  • Which design constraints were considered?
Engineering Evidence provides the rationale behind these decisions. In other words, the value lies not in the documents themselves, but in the engineering knowledge they communicate.

Ⅱ. Engineering Evidence Exists Throughout the Engineering Lifecycle

Engineering Evidence is not created at a single point in time. Instead, it is continuously generated throughout the entire engineering lifecycle — from initial design through operation and maintenance. Typical examples include:

Requirements Architecture Network Design Interface Specification Configuration Factory Acceptance Test Shipboard Test Operation Manual Maintenance Procedure
Each of these documents can serve as Engineering Evidence. More importantly, these documents should not be viewed as isolated artifacts. Together, they explain the same design intent from different engineering perspectives.

Ⅲ. Different Stakeholders Need Different Evidence

An interesting aspect of Engineering Evidence is that not every stakeholder requires the same information.

Shipyard System Interfaces · Integration Architecture · Operational Impact
Equipment Supplier CBS Functionality · Product Configuration · Implementation Details
Classification Society Design Rationale · Verification Results · Test Procedures

Engineering Evidence is therefore not intended to satisfy everyone with a single document. Its purpose is to help different stakeholders understand the same system from their respective perspectives.

Ⅳ. Engineering Evidence Creates Traceability

Traceability is becoming one of the most important concepts in modern Cybersecurity projects. For example, if a particular security requirement exists, it should be possible to answer questions such as:

  • How has it been reflected in the design?
  • Which interfaces implement this requirement?
  • How has it been verified through testing?
  • How is it maintained during operation?
When these relationships are clearly established, confidence in the overall system increases significantly. Engineering Evidence provides the foundation that makes this level of Traceability possible.

Ⅴ. Good Engineering Evidence Reduces Project Uncertainty

In many real-world projects, engineers often spend more time explaining existing documents than creating new ones. Typical examples include:

  • Additional technical meetings
  • Repeated clarification requests
  • Design explanation sessions
  • Test result reviews
When sufficient Engineering Evidence is available, much of this repetitive communication can be avoided. Well-prepared Engineering Evidence is not merely a means of demonstrating compliance. It is an effective way to reduce uncertainty throughout the entire project.

Ⅵ. Engineering Evidence Is an Engineering Asset

The value of Engineering Evidence extends well beyond the completion of a Cybersecurity project. The same information can continue to support activities such as:

System Modifications Software Updates Maintenance Incident Investigation Classification Surveys Future Ship Designs
For this reason, Engineering Evidence should not be regarded merely as a project deliverable. It should be considered a long-term Engineering Asset that organizations continuously develop, maintain, and improve.

Closing Remarks

Engineering Evidence is playing an increasingly important role in today's Maritime Cybersecurity projects. Its purpose is not to generate additional documentation. Rather, it enables engineering teams to clearly communicate:

  • Design Intent
  • Operational Assumptions
  • Verification Results
  • Relationships Between Systems

in a manner that can be understood by all stakeholders. Ultimately, effective Engineering Evidence is far more than documentation. It represents accumulated Engineering Knowledge that supports system understanding, verification, maintenance, and future system evolution.

Key Takeaway

Engineering Evidence is not simply documentation to be submitted. It is accumulated engineering knowledge — the rationale, assumptions, and verification results that make a design understandable, traceable, and trustworthy across its entire lifecycle.

In the next chapter, we will explore how Engineering Evidence can be effectively prepared and utilized throughout real-world projects, and discuss the respective roles that shipyards and equipment suppliers should play in this process.

#MaritimeCybersecurity #IACS #URE26 #SystemEngineering #ShipDesign #EngineeringEvidence #Traceability #Maritime40 #BlueHorizonist
Blue Horizonist (Lew)
Blue Horizonist — Jiho (Jay, 智晧) Lew
Maritime & Cyber Security Consultant · ISP Consultant

Practitioner at the intersection of maritime OT security and IACS UR E26/E27 compliance. Writing the Blue Horizonist series to bridge the gap between regulatory language and real-world engineering decisions at shipyards and aboard vessels.

⚓ Join the ShipPaulJobs Community

Join →
Share

Comments