Part of the IDENTIFY Playbook ← Return to Hub
Phase: Identify All vessels
Satisfies: E26E27IEC 62443IMO MSC-FAL.1

System Interdependency Matrix

This guide documents how onboard systems depend on each other for data and control — essential for understanding the blast radius of a cyber incident and for designing effective security zones.

1. Defining Functional Connections

A vessel is a “system of systems.” The Interdependency Matrix documents the Critical Path of data. If a core system like the Power Management System (PMS) is compromised, the matrix visualizes the “ripple effect” across the vessel’s Category II and III systems.

2. Core Dependency Model

Primary System (Source) Dependent System (Target) Dependency Type Impact of Failure
GPS / GNSS ECDIS, AIS, Radar, VDR Data (NMEA 0183/2k) Loss of Positional Integrity
Power Management (PMS) Main Engine, AMS Control Logic / Power Total Blackout / Propulsion Loss
IAMCS Remote Control Stations Monitoring Data Total Engine Room Blindness
SATCOM Chart Updates, IT Network External Connectivity Loss of Remote Support

Audit Alignment: System vs. Device

Per UR E26 §4.1.1.3, the Vessel Asset Inventory must capture both physical components and their logical relationships.

SYSTEM LEVEL (Logical) Defines the Functional Dependencies. Used to determine the ‘Blast Radius’ if a data flow (e.g., NMEA) is interrupted.
DEVICE LEVEL (Physical) The actual hardware (PLC, Switch, HMI). Used for Vulnerability Management and firmware tracking.

Strategic Transition: Once the logical connections are mapped, we must evaluate the Severity of Loss. While Section 2 identifies the links, Section 3 defines the consequences and the mandatory security posture required for each system class.

3. Critical Impact Analysis (CIA) — System-Level Assessment

To comply with UR E26, assessment should be conducted at the System Level. While an inventory tracks individual devices, the ‘Identify’ phase requires understanding how the loss of a complete functional system impacts ship safety.

System Criticality Functional Dependency Impact Control Strategy per System
CRITICAL Direct loss of Propulsion, Steering, or Electrical Power. Total isolation or physical protection of all system conduits.
MAJOR Loss of Alarm Monitoring, Radar, or Situational Awareness. Strictly managed conduits via stateful firewalls.
MODERATE Loss of Administrative, Crew Wifi, or CCTV. Standard VLAN segregation and traffic filtering.

Intelligence Insight: The Blast Radius

When using our Vulnerable Assets Library, check the interdependency matrix for specific hardware. For example: a vulnerability in the ECDIS implies the VDR (Voyage Data Recorder) is also at risk due to the shared NMEA conduit. Use this to prioritize patching schedules.

4. Mapping to Zones & Conduits

Assets must be grouped into Cyber Security Zones based on criticality. “Conduits” are the communication paths (NMEA, Ethernet, Serial) that facilitate these interdependencies across boundaries.

The Zone Rule Systems with high interdependency (e.g., Engine Control and PMS) should reside in the same or strictly controlled adjacent zones to minimize attack surface.
The Conduit Rule Any conduit crossing from an IT Zone to an OT Zone requires a “Security Gate” (Firewall, Diode, or Air-gap) per mandatory UR E26 requirements.
📘

Deep Dive: Mapping Zones & Conduits

Identifying interdependencies is only the first part of the Identify phase. To see how these connections translate into audited network boundaries, explore our specialized guide on architectural segmentation.

Read more: Zones & Conduits Logic →
PREVIOUS:
OT Traffic Baselining Procedures

Next Section

Risk Assessment Guide

Risk Assessment & Threat Mapping This guide explains the risk assessment process required to exclude systems from E26 sc...

Risk Assessment Guide →
Login
Login
Scroll to Top