**A remote maintenance session ends. The engineer logs off. But does the session?**
On a vessel 400 nautical miles offshore, an abandoned remote connection to the ECDIS network isn't just a loose end — it's an open door.
**What UR E27 Demands**
IACS UR E27 requires that every remote session connected to a Cyber-Enabled System (CES) with untrusted network interfaces must be terminatable — fully and immediately. This means automatic termination after a configurable period of inactivity, and manual termination capability available to any authorized party at any time, including the vessel's own crew.
No exceptions. No grace periods that stretch into hours.
**Why This Matters at Sea**
"Zombie" sessions are a real and underappreciated risk in maritime OT environments. A shore-side technician disconnects from a satellite link mid-task, believing the session has closed. It hasn't. The connection persists silently, holding authenticated access to propulsion monitoring, ballast control, or cargo management systems.
Crew may have no visibility that the session is even active. And in a degraded communications scenario — common at sea — that orphaned session can linger indefinitely, with no one ashore aware it's still open and no one onboard able to identify or close it.
This requirement restores something fundamental: the crew's sovereign authority over who is connected to their vessel's systems, right now, from the bridge or engine control room.
**The IEC 62443-3-3 Technical Foundation**
SR 2.6 under IEC 62443-3-3 addresses exactly this gap. Mapped across all four Security Levels (SL 1 through SL 4), it mandates that Control Systems provide the capability to terminate sessions after a configurable inactivity period and support user-initiated termination on demand.
Critically, SR 2.6 works in tandem with SR 1.13 (which limits the conditions under which remote access is permitted at all). Together, they enforce a no-persistent-remote-access posture end-to-end: SR 1.13 controls when access starts, SR 2.6 ensures it always stops.
**Implementation Insight**
The practical challenge on many vessels is that remote access tools — VNC clients, vendor-proprietary diagnostic platforms, VSAT management portals — do not always expose session state to the vessel crew in a readable, actionable way. Compliant implementation requires a crew-accessible session dashboard with a hard-stop function, integrated at the network boundary, not buried inside each vendor application.
**Over to You →**
Does your vessel's remote access architecture give the crew a visible, single-point method to terminate any active external session? If not, what's standing in the way?
📌 Post 37/41 in my IACS UR E27 series — breaking down all 41 requirements
