The IACS UR E26 Design Approach: Risk-Based Segmentation for Newbuilds
Requirement: This module details the mandatory, risk-based segmentation approach for newbuilds subject to IACS UR E26, focusing on the systematic isolation of Essential Services from non-critical systems.
While basic models offer a pragmatic solution for existing vessels, those subject to IACS Unified Requirement E26 (in force since July 2024) must implement a deliberate strategy starting at the initial design stage.
This guide details the compliance-driven approach required to satisfy IACS mandates, ensuring security architecture is built around isolating Essential Services and minimizing risk propagation.
1. The Design Mandate
IACS UR E26 mandates that security be built around a formal Risk Assessment. You must prove that a compromise of a non-essential system cannot cascade into a failure of an Essential Service.
Systems with similar criticality can be grouped into one Security Zone for efficiency.
Essential Services must remain isolated from non-essential systems like Crew IT.
E26 governs the overall vessel plan; E27 governs the security of specific assets within those zones.
Architecture Blueprint: Tiered Isolation
Technical Schematic // IACS UR E26 Compliance ModelREF NO: E26-SEG-001
Navigation Zone
- ECDIS Master / Backup
- Radar / AIS / GPS
- VDR (Voyage Data Recorder)
Machinery Zone
- Main Engine Control
- Power Management (PMS)
- AMS / Steering Gear
HTTPS, SMB, IMAP, VoIP
Modbus TCP, NMEA 0183/2000, IEC 61162
OPC UA (Signed/Encrypted), TLS 1.3
2. Identifying Critical Security Zones
IACS UR E26 requires that systems be grouped into Security Zones based on a risk assessment, with the primary goal of ensuring the isolation and integrity of Essential Services. Systems with different functional roles and security requirements must be isolated from each other via secure conduits.
The following functional groups are established as distinct, isolated zones in E26-compliant designs:
| Functional Group | Risk Mitigation Goal | Reason for Isolation |
|---|---|---|
| Navigation | Integrity of position & route planning. | Prevents spoofing spreading to control systems. |
| Propulsion | Guarantee safe command of main engine. | Prevents IT-malware triggering loss of maneuverability. |
| Power (PMS) | Maintain stable power supply to loads. | Prevents compromise causing system-wide blackouts. |
| Safety/VDR | Protect evidence capture and safety comms. | Ensures emergency systems available during a breach. |
3. Securing the Conduits
In the E26 approach, the Conduits (the connections between zones) are where the security policy is strictly enforced. The design must specify how communication across all zones is restricted and monitored.
Deny-by-Default
Firewalls must block all traffic unless explicitly required for operation.
Data Flow Analysis
Required documentation proving only sanctioned industrial protocols are passing.
SL Enforcement
Conduits must match the Security Level (SL) of the highest criticality zone connected.
Auditable Evidence Checklist
- System Definition: Formal boundary maps for every critical asset.
- Zone & Conduit Diagram: Schematic showing hardware (Firewalls/Routers) and rulesets.
- Risk Mitigation Proof: Technical validation that IT-Zone compromise cannot impact Propulsion.
Crucial Takeaway for Newbuilds: Segmentation must be driven by a risk assessment that dictates the necessary isolation of Essential Services. This is about compliance and safety assurance, not simply network design.
Technical Appendix & Acronyms
- ZTNA (Zero Trust Network Access) Authentication-first security requiring verification before granting access to any application.
- iDMZ (Industrial DMZ) A perimeter network used to securely terminate connections between IT and OT environments.
- IACS UR E26 Unified Requirements for cyber resilience of ships, targeting OT environment protection.
- SL (Security Level) As defined in IEC 62443, representing the resistance of a system to specific classes of threats.
Design Strategy Set?
With the newbuild design framework defined, learn the practical steps for implementing segmentation on existing vessel retrofits.