**Who has admin access to your vessel's ECDIS right now — and does anyone actually know?**
If you can't answer that with certainty, you have an authorization problem. And on a ship, that problem can cascade from a misconfigured terminal into a safety event.
---
**What UR E27 Demands**
IACS UR E27 under Foundational Requirement 2 (Use Control) mandates that every Computer-Based System aboard a vessel enforces access permissions at every interface — HMI, CLI, API, and maintenance ports alike. The principle is simple: deny everything by default, then allow explicitly and minimally. No user should access more than their role requires.
---
**Why This Matters at Sea**
Vessels operate with lean crews across rotating watches, making role boundaries easy to blur in practice. When a third engineer can browse propulsion control parameters they have no business touching, or a port technician retains remote access after servicing, the attack surface grows silently.
Improperly scoped permissions represent the second most common vulnerability type found in OT environments — and maritime systems are not exempt. A single over-privileged account connecting through an unmonitored maintenance port is often all an attacker needs.
Separation of duties is the safeguard: no single person should hold the keys to every critical system function aboard.
---
**IEC 62443-3-3 Technical Context**
SR 2.1 treats authorization enforcement as the runtime execution of your access policy — not just a configuration checkbox, but an active control applied at every system interaction.
→ SL-1 establishes role-based access control (RBAC) as the baseline across all CBS interfaces
→ SL-2 introduces attribute-based access control, where context — shift, location, system state — shapes what a role can actually do
→ SL-3 and SL-4 mandate dynamic authorization with real-time contextual awareness, meaning permissions can adapt based on operational conditions
The practical implication: a bridge officer, a chief engineer, and an IT administrator must have technically distinct permission sets enforced by the system itself — not by informal convention or trust.
---
**Implementation Insight**
One of the most persistent challenges in maritime OT is legacy vendor accounts. Manufacturers frequently ship systems with default credentials and broad service accounts that persist through commissioning into operation. Identifying, scoping, and technically restricting these accounts — without breaking vendor support agreements — is where many authorization programs stall. It requires both technical rigour and commercial negotiation.
---
**What's your experience?** Have you encountered vessels where vendor accounts or shared credentials were the norm rather than the exception — and how did you address it?
📌 Post 8/41 in my IACS UR E27 series — breaking down all 41 requirements
#AuthorizationControl #IACS #URE27 #IEC62443 #MaritimeCyberSecurity #RBAC #LeastPrivilege
