Part of the IDENTIFY Playbook ← Return to Hub

System Interdependency Matrix

UR E26 §3.2 (1) & §4.1: The ‘Identify’ functional element requires developing an understanding of the ship’s computer-based systems (CBS), their interdependencies, and information flows. Documenting these links is mandatory for establishing the vessel’s resilience profile via the Zones and Conduit Diagram.

1. Defining Functional Connections

A vessel is a “system of systems.” The Interdependency Matrix documents the Critical Path of data. If a core system like the Power Management System (PMS) is compromised, the matrix visualizes the “ripple effect” across the vessel’s Category II and III systems.

2. Core Dependency Model

Primary System (Source) Dependent System (Target) Dependency Type Impact of Failure
GPS / GNSS ECDIS, AIS, Radar, VDR Data (NMEA 0183/2k) Loss of Positional Integrity
Power Management (PMS) Main Engine, AMS Control Logic / Power Total Blackout / Propulsion Loss
IAMCS Remote Control Stations Monitoring Data Total Engine Room Blindness
SATCOM Chart Updates, IT Network External Connectivity Loss of Remote Support

3. Mapping to Zones & Conduits

Assets must be grouped into Cyber Security Zones based on criticality. “Conduits” are the communication paths (NMEA, Ethernet, Serial) that facilitate these interdependencies across boundaries.

The Zone Rule Systems with high interdependency (e.g., Engine Control and PMS) should reside in the same or strictly controlled adjacent zones to minimize attack surface.
The Conduit Rule Any conduit crossing from an IT Zone to an OT Zone requires a “Security Gate” (Firewall, Diode, or Air-gap) per mandatory UR E26 requirements.
🛡️

Ready to Secure these Connections?

Now that you’ve identified interdependencies, the next step is defining your physical and logical boundaries.

Implementation: Zones & Conduits Playbook →

💡 Intelligence Insight: The Blast Radius

When using our Vulnerable Assets Library, check the interdependency matrix for specific hardware. For example: a vulnerability in the ECDIS implies the VDR (Voyage Data Recorder) is also at risk due to the shared NMEA conduit. Use this to prioritize patching schedules.

Next Section

Roles & Change Management (MoC)

Roles & Change Management UR E26 Compliance Summary: To maintain the vessel's resilience profile, owners must define key...

Scroll to Top