Secure Space & Physical Access
Regulatory Context: IACS UR E26 §4.4 requires that physical access to cyber-system assets (Category II and III) be restricted to authorized personnel only.
In maritime OT, the “Perimeter” isn’t just a firewall; it’s a locked door. If an unauthorized person can physically touch a PLC or a switch, they can bypass all digital security by performing a factory reset or “man-in-the-middle” attack.
Defining the Secure Space
A Secure Space is any area housing critical OT infrastructure, such as the Bridge, ECR, or dedicated Server Rooms. To satisfy a class surveyor, the ETO must prove that these areas are not just “off-limits” by policy, but secured by physical barriers.
Administrative Controls
- Access Logs: Maintain a logbook for visitors (vendors/contractors) entering the Server Room.
- Key Management: Keys to OT cabinets must be kept in a secure locker, never left in the cabinet door.
Technical Controls
- Cabinet Security: All racks must be locked. Use tamper-evident seals for remote outstations.
- Port Security: Physically block unused RJ45 ports in public areas with plastic port locks.
Tamper Detection & Surveillance
Since 24/7 physical guarding of every PLC cabinet is impossible, we rely on evidence of tampering and tiered access controls.
Next Section
UPS & Power Integrity
UPS & Power Integrity Operational Requirement: Cyber security infrastructure (Firewalls, IDS, Managed Switches) must rem...