Asset Inventory & Mapping Guide
Requirement: IACS UR E26 (§4.1.1) and IEC 62443-2-4 require a documented inventory of all Computer Based Systems (CBS). This module provides the technical methodology for discovering and categorizing these assets.
You cannot protect what you cannot see. In the maritime environment, asset management is the process of identifying every PLC, HMI, Sensor, and Gateway that contributes to the safe operation of the vessel.
1. The Maritime Discovery Framework
Listening to network traffic via SPAN ports to identify assets without sending any data. Safe for all maritime OT systems.
On-deck verification of serial numbers and firmware from nameplates on non-networked equipment.
Safety Warning: Active Scanning
Never perform active vulnerability scans or “NMAP” scans while the vessel is underway. High-frequency pings can cause PLCs to enter a “Fail-Safe” state.
2. Mandatory Data Points for E26
The “Golden” Inventory Row
REQUIRED EVIDENCE| Data Point | Importance |
|---|---|
| System Role / Function | Defines Zone placement. |
| Firmware Version | Vulnerability tracking. |
| MAC / IP Address | Conduit enforcement. |
Next Security Phase
System Criticality Mapping
System Criticality Mapping Computer-based systems are categorized in accordance with IACS UR E22 (Cat I–III). UR E26 references this categorization and uses it to scope and apply cyber-resilience requirements across onboard systems. High Impact Cat...