# Post 16/41: Timestamps
**Without a reliable timestamp, your incident log is just a list of events — not evidence.**
---
IACS UR E27 requires that every security-relevant audit record generated by a Computer-Based System aboard a vessel carries an accurate, consistent timestamp. No exceptions. This isn't a nice-to-have. It's a foundational condition for any audit trail to be considered valid or usable.
---
**Why does this matter on a ship specifically?**
A modern vessel runs dozens of networked CBS — ECDIS, SCADA, engine management, cargo control, access systems. Each logs events independently. When something goes wrong — a malware incident, an unauthorized access attempt, an unexplained control system anomaly — investigators must reconstruct a timeline across all of those systems simultaneously.
→ If one system's clock is 4 minutes ahead, and another is 47 seconds behind, correlation becomes guesswork.
→ Guesswork in a maritime incident investigation is not acceptable to flag states, insurers, or class societies.
---
**What IEC 62443-3-3 SR 2.11 tells us:**
SR 2.11 maps timestamp requirements across all four security levels:
→ SL 1: Timestamps required on all audit records
→ SL 2: Synchronization to an authoritative time source is mandatory
→ SL 3–4: Tamper-evident timestamps — the integrity of the timestamp itself must be protected
Vessels operating at higher security levels cannot simply log events — they must be able to demonstrate that those timestamps have not been manipulated. This directly affects forensic admissibility.
---
**The maritime implementation insight:**
Here is where ships have a genuine advantage that shore-based facilities rarely enjoy — GPS. A vessel's GPS receiver provides an extraordinarily accurate, continuously available time source. GPS-derived NTP, distributed across vessel CBS and synchronized to UTC, solves the authoritative time source requirement cleanly and cost-effectively. UTC matters here: a vessel transiting multiple time zones cannot use local time without introducing inconsistencies between systems configured in different zones.
🕐 The irony is that vessels already carry the solution onboard. The challenge is architectural — ensuring every CBS actually consumes it.
---
**A question for the professionals in this space:**
In your experience, what percentage of vessels you have audited or surveyed have had coherent, synchronized time infrastructure actually verified — not just assumed?
---
📌 Post 16/41 in my IACS UR E27 series — breaking down all 41 requirements
#TimeSync #IACS #URE27 #IEC62443 #MaritimeCyberSecurity #Forensics #NTP
'Security > Maritime Cyber Security' 카테고리의 다른 글
| [IACS UR E27] FR3 System Integrity - Malicious Code Protection (0) | 2026.05.15 |
|---|---|
| [IACS UR E27] FR3 System Integrity - Communication Integrity (0) | 2026.05.15 |
| [IACS UR E27] FR2 Use Control - Response to Audit Processing Failures (0) | 2026.05.14 |
| [IACS UR E27] FR2 Use Control - Audit Storage Capacity (0) | 2026.05.14 |
| [IACS UR E27] FR2 Use Control - Auditable Events (0) | 2026.05.13 |
