Part of the IDENTIFY Playbook ← Return to Hub

System Interdependency Matrix

UR E26 §3.2 (1) & §4.1: The ‘Identify’ functional element requires developing an understanding of the ship’s computer-based systems (CBS), their interdependencies, and information flows. Documenting these links is mandatory for establishing the vessel’s resilience profile via the Zones and Conduit Diagram.

1. Defining Functional Connections

A vessel is a “system of systems.” The Interdependency Matrix documents the Critical Path of data. If a core system like the Power Management System (PMS) is compromised, the matrix visualizes the “ripple effect” across the vessel’s Category II and III systems.

2. Core Dependency Model

Primary System (Source) Dependent System (Target) Dependency Type Impact of Failure
GPS / GNSS ECDIS, AIS, Radar, VDR Data (NMEA 0183/2k) Loss of Positional Integrity
Power Management (PMS) Main Engine, AMS Control Logic / Power Total Blackout / Propulsion Loss
IAMCS Remote Control Stations Monitoring Data Total Engine Room Blindness
SATCOM Chart Updates, IT Network External Connectivity Loss of Remote Support

Audit Alignment: System vs. Device

Per UR E26 §4.1.1.3, the Vessel Asset Inventory must capture both physical components and their logical relationships.

SYSTEM LEVEL (Logical) Defines the Functional Dependencies. Used to determine the ‘Blast Radius’ if a data flow (e.g., NMEA) is interrupted.
DEVICE LEVEL (Physical) The actual hardware (PLC, Switch, HMI). Used for Vulnerability Management and firmware tracking.

Strategic Transition: Once the logical connections are mapped, we must evaluate the Severity of Loss. While Section 2 identifies the links, Section 3 defines the consequences and the mandatory security posture required for each system class.

3. Critical Impact Analysis (CIA) — System-Level Assessment

To comply with UR E26 §4.1.1.2, assessment must be conducted at the System Level. While an inventory tracks individual devices, the ‘Identify’ phase requires understanding how the loss of a complete functional system impacts ship safety.

System Criticality (§4.1.1.2) Functional Dependency Impact (§4.1.1.3) Control Strategy per System
CRITICAL Direct loss of Propulsion, Steering, or Electrical Power. Total isolation or physical protection of all system conduits.
MAJOR Loss of Alarm Monitoring, Radar, or Situational Awareness. Strictly managed conduits via stateful firewalls.
MODERATE Loss of Administrative, Crew Wifi, or CCTV. Standard VLAN segregation and traffic filtering.

💡 Intelligence Insight: The Blast Radius

When using our Vulnerable Assets Library, check the interdependency matrix for specific hardware. For example: a vulnerability in the ECDIS implies the VDR (Voyage Data Recorder) is also at risk due to the shared NMEA conduit. Use this to prioritize patching schedules.

4. Mapping to Zones & Conduits

Assets must be grouped into Cyber Security Zones based on criticality. “Conduits” are the communication paths (NMEA, Ethernet, Serial) that facilitate these interdependencies across boundaries.

The Zone Rule Systems with high interdependency (e.g., Engine Control and PMS) should reside in the same or strictly controlled adjacent zones to minimize attack surface.
The Conduit Rule Any conduit crossing from an IT Zone to an OT Zone requires a “Security Gate” (Firewall, Diode, or Air-gap) per mandatory UR E26 requirements.
📘

Deep Dive: Mapping Zones & Conduits

Identifying interdependencies is only the first part of the Identify phase. To see how these connections translate into audited network boundaries, explore our specialized guide on architectural segmentation.

Read more: Zones & Conduits Logic →

Unlock Full Compliance & Intelligence

Upgrade to the TAGSIA Pro Bundle to get all 40+ fillable documents, editable SOPs, and unlimited access to our real-time Threat Intel feed, CVE Library, and Vendor Advisories.

Upgrade to Pro Bundle
Includes Unlimited Intel Search
Instant access to IACS E26/E27 Templates

Next Section

Roles & Change Management (MoC)

Roles & Change Management UR E26 Compliance Summary: To maintain the vessel's resilience profile, owners must define key...

Login
Login
Scroll to Top