[IACS UR E27] FR1 Identification & Authentication - Account Management

IACS UR E27 - FR1 Identification & Authentication - Account Management

 

# Account Management: The Ghost Crew Problem

 

How many former crew members still have active accounts on your vessel's systems right now? If you don't know the answer, that's the vulnerability.

 

---

 

**What UR E27 Requires**

 

IACS UR E27 mandates full lifecycle management of every user account across all Computer-Based Systems aboard a vessel. That means the system must support the complete sequence: add, activate, modify, disable, and remove. No gaps, no exceptions, no accounts that simply get forgotten.

 

---

 

**Why This Matters on Ships**

 

Crew turnover on commercial vessels is relentless. A crew change in Rotterdam doesn't always trigger a systematic account audit across navigation, propulsion control, and cargo management systems. The result is a growing trail of dormant accounts belonging to engineers, officers, and technicians who no longer serve on that vessel — or that company.

 

A former crew member with retained credentials is not a theoretical risk. It is a documented attack surface. Whether through malice, credential theft, or simple negligence, those accounts represent unauthorized access waiting to happen.

 

---

 

**The IEC 62443-3-3 Technical Layer** 🔐

 

SR 1.3 of IEC 62443-3-3 defines the system-level requirement for account management, and the Security Level progression adds meaningful technical depth:

 

→ SL-1: Basic account management functions must exist

→ SL-2: Controls for temporary and contractor accounts are introduced

→ SL-3+: Automated deactivation triggers are required — the system must act, not rely on human memory

→ SL-4: Full integration with enterprise identity governance

 

For most vessels, SL-2 is the realistic baseline target. That means temporary accounts — used by port technicians, surveyors, and vendor engineers — must have defined expiry controls, not just manual deletion policies that depend on someone remembering.

 

---

 

**Implementation Reality**

 

The practical challenge in maritime OT is that many legacy control systems were never designed with centralized identity management in mind. Role-based account templates for common vessel positions (master, chief engineer, ETO) help standardize provisioning. But every modification — creation, privilege change, or deletion — must produce a timestamped, auditable record that survives the next system reboot.

 

Audit trails are not optional. They are how you prove the account was disabled before the incident, not after.

 

---

 

What processes does your organization currently use to ensure crew change events trigger immediate account deactivation across all onboard CBS?

 

📌 Post 2/41 in my IACS UR E27 series — breaking down all 41 requirements

#AccountManagement #IACS #URE27 #IEC62443 #MaritimeCyberSecurity #AccessControl