Part of the IDENTIFY Playbook ← Return to Hub

Software & Firmware Tracking

UR E26 §4.1.1.1 & §4.1.1.3.2: The vessel asset inventory shall identify the software name and version (including application programs, operating systems, and firmware). Additionally, per §4.1.1.3.2 and §4.1.1.4.4, a ‘Ship cyber security and resilience program’ must be established to manage the lifecycle of these digital assets through a software maintenance and update policy.

1. The Software Master List (SML)

Every Computer Based System (CBS) identified in your hardware inventory must have its software “DNA” documented. This is critical for Vulnerability Management; you cannot protect a system if you do not know which version of code is running its core functions.

Essential Documentation Points:

  • Application Software: Specific program versions (e.g., PMS v4.2).
  • Operating Systems: Windows Builds, Linux Kernels, or RTOS versions.
  • Firmware: Hard-coded software in PLCs, Sensors, and Controllers.
  • Patch Level: The latest security update applied (e.g., KB number).

2. How to Extract Version Data

Via HMI / Local Display

Most Bridge/Engine HMIs have a “System Info” or “About” page. Audit Tip: Take a photo of this screen during physical surveys as evidence for the Class Surveyor.

Via Engineering Tools

For “headless” PLCs, use OEM software (e.g., TIA Portal) to pull the firmware build number and checksum for verification.

3. Maintenance & Patch Tracking

Software Category Critical Tracking Data Update Frequency
Operating SystemsBuild Number, Patch Level (KB#)Monthly / Quarterly
PLC/Controller FWMajor/Minor Version, Build DatePer OEM Bulletin
Security SoftwareAV Engine & Signature VersionDaily (If connected)

Surveyor Verification: During surveys, Class may verify versions by vulnerability scanning or manually checking systems to ensure they match the “As-Approved” baseline.

Next Security Phase

Marine Protocol Guides

Marine Protocol Guides Requirement: To enforce Conduits (Step 03), you must first understand the "Language" of the assets. This module maps common maritime protocols (NMEA, Modbus, J1939) to their technical ports. Marine OT environments are a hybrid ...

Continue to Marine Protocol Guides →

Scroll to Top