**Your ship survives a cyberattack. Systems are back online. But are they actually secure — or just running?**
That distinction is the entire point of SR 7.4.
---
**What UR E27 Requires**
IACS UR E27 mandates that every Computer-Based System aboard a vessel must be recoverable to a *known secure state* following any disruption — whether that disruption is a cyber incident, hardware failure, or both happening simultaneously. Recovery procedures must be documented, specific to each CBS type, and aligned with vessel safety timelines and SOLAS requirements.
---
**Why This Matters at Sea**
A vessel's ECDIS comes back online after a malware event. Navigation resumes. But if the recovery simply restored services without verifying that security controls are intact, you may have reintroduced the same vulnerability — or worse, an active compromise.
Consider the compound failure scenario: a ransomware event coincides with a hardware fault in the integrated bridge system. Recovery sequencing, priorities, and verification steps must be predetermined. At sea, improvisation under pressure is not a recovery plan.
Recovery time objectives must also be realistic for the operating environment. A procedure that takes 4 hours is meaningless on a vessel approaching a constrained fairway.
---
**The IEC 62443-3-3 Technical Layer**
SR 7.4 under Foundational Requirement 7 (Resource Availability) is deliberately more demanding than conventional IT disaster recovery. It scales across Security Levels SL 1 through SL 4:
→ SL 1 requires basic documented recovery capability
→ SL 2 adds verification that security controls are restored, not just services
→ SL 3 demands automated or procedurally rigorous integrity confirmation
→ SL 4 applies to safety-critical systems where recovery verification must be near-absolute
The critical differentiator: SR 7.4 requires *verified confirmation* that security controls are fully functional post-recovery — not merely that the system is responding to commands with an unknown security posture.
---
**Implementation Reality** 🔧
One of the most common gaps found during vessel audits: recovery procedures exist for IT systems but not for OT — specifically not for PLC-based machinery control or integrated automation systems. Each CBS type requires its own documented procedure, including hash verification of firmware, configuration integrity checks, and access control validation before the system is returned to operational use.
---
**The Question Worth Asking**
When did your vessel last run a documented recovery drill for an OT system — and did the post-drill verification actually confirm a *known secure state*, or just confirm the system was running?
📌 Post 27/41 in my IACS UR E27 series — breaking down all 41 requirements
#SystemRecovery #IACS #URE27 #IEC62443 #MaritimeCyberSecurity #KnownSecureState #DrillRequired
'Security > Maritime Cyber Security' 카테고리의 다른 글
| [IACS UR E27] FR7 Resource Availability - Least Functionality (0) | 2026.05.21 |
|---|---|
| [IACS UR E27] FR7 Resource Availability - Emergency Power (0) | 2026.05.21 |
| [IACS UR E27] FR7 Resource Availability - System Backup (0) | 2026.05.21 |
| [IACS UR E27] FR7 Resource Availability - Resource Management (0) | 2026.05.21 |
| [IACS UR E27] FR7 Resource Availability - Denial of Service Protection (0) | 2026.05.21 |
