Part of the PROTECT Playbook ← Return to Hub

Remote Access: The Digital Gangway

Regulatory Context: IACS UR E26 (Section 4.2.3) requires that remote access to critical systems be controlled, logged, and restricted to authorized personnel only. This module focuses on eliminating “Always-On” backdoors.

On a modern vessel, OEMs and shore-side technicians often require access to HMIs for troubleshooting. However, an unsecured VPN or a forgotten TeamViewer session is a permanent invitation for ransomware. Security is not about blocking access; it is about controlling the gate.

Vessel-Initiated

The connection must be started by the ETO on the ship, never “dialed-in” from the shore without notice.

MFA Required

Static passwords are forbidden. All remote logins must require a second factor (Code or App).

Time-Limited

Access is granted for a specific window (e.g., 2 hours) and automatically revoked.

Implementing the OT Kill-Switch

There are two primary ways an ETO can ensure a “Default-Off” posture for remote access:

The Physical Air-Gap

Keeping the vendor’s gateway or jump-host physically disconnected from the OT switch until the moment access is required. No cable = No breach.

The Logical Firewall Toggle

Maintaining a specific firewall rule labeled “OEM-REMOTE-ACCESS” in a Disabled state, only toggled On after a formal request is signed.

Tactical Member Access Required
Missing from this Module:
  • TAG-OT-FRM-06: Remote Access Authorization Log (Fillable)
  • Firewall 'Kill-Switch' Toggle Configuration SOP
  • Post-Session Security Verification Checklist.

Technical Implementation Locked

Unlock IACS UR E26 compliance checklists and bridge-specific diagnostic procedures.

Upgrade to Unlock

Next Section

OT Password Policy & RBAC

OT Password Policy & RBAC Regulatory Context: This module details the implementation of IACS UR E27 (Section 4.2). It fo...

Scroll to Top