Why Identify comes first — on every vessel

You cannot protect what you have not mapped. This applies equally to a newbuild working toward IACS UR E26 certification and to an existing tanker fleet implementing IMO MSC-FAL.1 requirements ahead of a SIRE inspection. The starting point is always the same — a documented inventory of every networked system onboard, an honest assessment of what each system does and what the consequence of losing it would be, and a map of how systems connect to each other and to the outside world.

For vessels subject to IACS UR E26, the Identify phase produces the Cyber System Description Document (CSDD) — the primary document Class surveyors review. For existing vessels, the same work produces the risk register and asset inventory required by IMO MSC-FAL.1/Circ.3 Rev.3, TMSA 3 Element 13, and the Industry Guidelines on Cyber Security Onboard Ships. The documents are different in format but the underlying work is identical — understand what is on the vessel, how critical each system is, and where the boundaries between zones sit.

Getting this phase right also has a practical operational benefit beyond compliance. An ETO who has mapped every CBS, knows which systems share network segments, and understands which protocols are in use is in a fundamentally stronger position during an incident — because they already know the topology rather than discovering it under pressure.