Wireless & Bluetooth Hardening
Requirement: This module addresses IACS UR E26 (Section 4.1) regarding wireless communication security. It mandates that all wireless OT conduits must use industry-standard encryption and prevent unauthorized bridging between IT and OT.
Wireless technology on ships—from Bluetooth vibration sensors to Wi-Fi tablets for engine rounds—offers operational efficiency but expands the attack surface. Unlike a physical cable, wireless signals travel through bulkheads, meaning an attacker in a pilot boat could potentially access your OT backbone without ever stepping on deck.
The Invisible Threat: Shadow Wireless
Rogue Access Points
Crew members often install “travel routers” in the ECR to extend Wi-Fi. These devices create an unmonitored back-door into the vessel’s OT network.
Vulnerable Bluetooth
Industrial sensors often use default pairing codes (0000). Without hardening, an attacker can spoof sensor data or hijack the connection.
Step 1: Hardening the Airwaves
Securing wireless OT requires a combination of signal management, robust encryption, and strict authentication protocols.
⚓ ETO Wireless Audit Checklist
Radio Frequency (RF) Survey: Conduct a walk-through with a Wi-Fi analyzer to identify unauthorized SSIDs appearing in machinery spaces.
No Admin-over-Wi-Fi: Restrict switch and PLC management interfaces so they are only accessible via a physical, wired connection.
Power Tuning: Reduce the transmission power of OT access points so the signal does not “bleed” excessively outside the vessel’s hull.
Legacy Tip: On older ships where the OT network is “flat,” NEVER connect a Wi-Fi access point directly to an OT switch. Use a dedicated firewall to inspect traffic first.
Next Section
Trusted Time (NTP) Management
Trusted Time (NTP) Management Requirement: This module addresses IACS UR E26 (Section 4.4) and E27 requirements for logg...