System Interdependency Matrix
UR E26 §3.2 (1) & §4.1: The ‘Identify’ functional element aims to develop an organizational understanding to manage cybersecurity risk by identifying the ship’s computer-based systems (CBS), their interdependencies, and relevant information flows. Understanding these interdependencies and data flows (such as those between the Engine Room and the Bridge) is mandatory for establishing the vessel’s resilience profile and is documented through a Zones and Conduit Diagram and Cyber Security Design Description.
1. Defining Functional Connections
A vessel is a “system of systems.” The Interdependency Matrix documents the Critical Path of data. If a core system like the GPS or the Power Management System (PMS) is compromised, the matrix visualizes the “ripple effect” across the rest of the ship’s Computer Based Systems (CBS).
2. Core Dependency Model
Use the following logic to map your Category II and III systems:
| Primary System (Source) | Dependent System (Target) | Dependency Type | Impact of Failure |
|---|---|---|---|
| GPS / GNSS | ECDIS, AIS, Radar, VDR | Data (NMEA 0183/2k) | Loss of Positional Integrity |
| Power Management (PMS) | Main Engine Control, AMS | Control Logic / Power | Total Blackout / Loss of Propulsion |
| IAS / AMS | Remote Control Stations | Monitoring Data | Blindness to Engine Room Status |
| SATCOM | Chart Update Server, IT Network | External Connectivity | Loss of Remote Support/Updates |
Next Security Phase
Roles & Change Management (MoC)
Roles & Change Management UR E26 Compliance Summary: The "Identify" element mandates a detailed asset inventory (names/versions per §4.1.1) and a mapping of system interdependencies and data flows. To maintain the vessel's resilience profile, owners...