2016-04-25 - e2 task 2 4 d2 10 - recommended on … · ces specifi architectur on-board ecurity int...

D2.1netw Project no.Project acr sea Funding sc Start date End date oDuration: Due date oActual subRevised suOrganisatio

10 Rework

. ronym:

cheme:

of project: of project:

of deliverabbmission datubmission don in charg

ecomArch

le: te:

date: e of deliver

mmenhitec

6363EfficEFF

Inno

1 Ma30 A36 m

25 A

able: Part

ndedcture

329 cienSea2 ICIENSEA2

ovation Actio

ay 2015 April 2018 months

April 2016

-ner 21, DAN

“This project the Europeanresearch andunder grant a

on-b

2 – efficient

on (IA)

NELEC

has received fun Union’s Horizod innovation progagreement No 6

boar

, safe and s

unding from on 2020 gramme

636329”.

rd

sustainable traffic at

DOCUM

Authors Name Henrik BeErik Styhr Anders RyTimo Kosti

Peter Ande

DocumeVersion 0.1 0.2 0.7 0.9 0.91 1.0

RevieweName Andy WinbHannu PeiKrzysztof BJens Kristi

MENT S

and cont

ech HelnæsPetersen

ydlinger iainen

ersen

nt HistoryDate 2015-2015-2015-2016-2016-2016-

rs

bow ponen

Bronk an Jensen

STATUS

ributors

s (editor)

y

09-09 10-01 12-01 03-18 04-20 04-25

S

InitialsHBH HBH HBH HBH HBH HBH

of

OrganisDanelecWärtsiläTransasFuruno

Cobham

DescripFirst DrSecondUpdateFinal DFinal DFinal R

OrganisCIRM FurunoNIT DMA

“This pthe Euresearunder

f 91

sation c Marine ä s

m

ption raft d Draft ed with 10%Draft for reviDraft for reviReport

sation

project has receuropean Union’srch and innovatigrant agreemen

% review chaew ew meeting

eived funding fros Horizon 2020 ion programme nt No 636329”.

anges

g

om

Contents

1 Su

2 Int

3 De

4 Me

5 Sc5.1 Intr5.2 Ba

5.2.1 5.2.2 5.2.3

5.3 The5.4 Arc

6 Vie6.1 Co6.2 Fun6.3 Info6.4 Co6.5 De6.6 De6.7 Op

7 Vie7.1 Inte

7.1.1 7.1.2 7.1.3

7.2 Cy7.3 Lin7.4 Pri7.5 Ca7.6 Ba

7.6.1 7.6.2 7.6.3

7.7 Da7.8 Vie

8 Sta

9 Pe

s

mmary ....

roduction

efinitions a

ethodology

ope and Croduction .ckground .The HeritSOLAS, CType App

e MC and chitectural

ewpoints .ontext Viewnctional Viormational

oncurrency evelopmenteployment Vperational V

ews ..........eraction TyPoint to PMulticast Broadcas

ber Securink Requiremority .........

andidate Casic CommGeneric WData ServBroadcas

ata Formatsewpoints fo

akeholder

rspectives

................

n ...............

and Acron

y ..............

Context ....................................age ..........Carriage Rproved ‘clusMCC in CoElements

................wpoint .......

ewpoint ... ViewpointViewpoint

t ViewpoinViewpoint Viewpoint .

................ype ..........

Point (P2P)................

st ..............ity ............ments ......................arriers ......unication S

Web Servicvice ..........st Messages ..............or the differ

r Identifica

s ..............

................

................

nyms ........

................

................

................

................

................Requiremensters’ .......ontext ......(AE) ........

................

................

................t ...............t ...............t ..............................................

................

................) ...............................................................................................................Services ...ce.............................

e Service ..................rent servic

ation ........

................

of

................

................

................

................

................

................

................

................nts and IM................................................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................ces ............

................

................


f 91

................

................

................

................

................

................

................

................O Type Ap................................................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................


................

................

................

................

................

................

................

................pproval .....................................................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................


................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

................

om

.............. 5

.............. 5

.............. 6

.............. 7

.............. 9

.............. 9

.............. 9

.............. 9

............ 12

............ 14

............ 16

............ 17

............ 19

............ 19

............ 19

............ 19

............ 19

............ 19

............ 20

............ 20

............ 21

............ 25

............ 25

............ 25

............ 25

............ 25

............ 27

............ 27

............ 29

............ 30

............ 32

............ 32

............ 33

............ 33

............ 34

............ 34

............ 35

5

5

6

7

9 9 9 9

4 6 7

9 9 9 9 9 9 0 0

5 5 5 5 5 7 7 9 0

3 3 4

4

5

9.1 Low9.2 Re9.3 Cy

9.3.1 9.3.2 9.3.3 9.3.4 9.3.5 9.3.6

10 Sta10.1 WP10.2 Re

10.2.1 10.2.2 10.2.3 10.2.4 10.2.5

10.3 De10.3.1 10.3.2

11 Arc11.1 Sim11.2 Ne11.3 Inte11.4 Inte11.5 Qu

12 Arc

13 Ide

14 Co

Bibliogra

15 Ap

16 Ap

w impact Inequirementber SecuriUser NeeUsing theCyber SeMitigationDetect anCyber Se

akeholderP3 User Neequirement

Traffic SControlShip OpAdminisAccomm

educed, AsConcurOpenin

chitecturamplest Impetwork Topoegrated Coegrated Ga

uality of Se

chitectura

entification

onclusion

aphy .........

ppendix A

ppendix B

ntegration t of an “opeity Conside

eds describe NIST Fracurity Risk

n of Cyber nd Respondcurity Con

r Concernseed analysts deducedSegmentat of Qualityperation nestrative Nemodation (sumed and

rrency .......g discussio

al Candidaplementatioology .......ommunicatateways ...rvice ........

al Candida

n of poten

................

................

– Consoli

– Final Re

with existien” and haerations ....bed by E2, mework fok IdentificatSecurity Rd to Cyberclusion ....

s (Requiresis ............d from Anation ..........

y of Serviceetworks ....etworks .....(Infotainmed/or obviou................on on how

ates ..........on .............................tion System................................

ate Test Re

ntial Areas

................

................

idated Use

eview Rep

of

ng infrastrarmonized ................WP3 .......

or Improvintion ..........

Risks usingr Security B................

ements) ...................lysis of typ................

e ...............................................

ent, Passeus Require................

w AIS functi

................

................

................m .............................................

esults .....

s for stand

................

................

er Needs .

port ..........


f 91

ucture andarchitectur................................g Critical I................ 460-GateBreaches .................

................

................pical netwo................................................................nger and C

ements .....................ionality is i

................

................

................

................

................

................

................

dardizatio

................

................

................

................


d architecture .............................................nfrastructu................ways .......................................

................

................ork topolog................................................................

Crew netwo................................mplemente

................

................

................

................

................

................

................

n .............

................

................

................

................


ure ...........................................................

ure Cybers................................................................

................

................gy .............................................................................ork) ..........................................ed ............

................

................

................

................

................

................

................

................

................

................

................

................

om

............ 35

............ 35

............ 36

............ 38security . 38............ 39............ 40............ 41............ 42

............ 43

............ 43

............ 44

............ 45

............ 46

............ 47

............ 48

............ 49

............ 49

............ 50

............ 50

............ 53

............ 53

............ 55

............ 56

............ 58

............ 59

............ 60

............ 60

............ 60

............ 61

............ 63

............ 66

5 5 6 8 8 9 0

3 3 4 5 6 7 8 9 9 0 0

3 3 5 6 8 9

0

0

0

3

6

1 SumThis reporboard sysTask 2.3 Son-board ExchangeThe reporand infrasService PBased on The meth

2 IntroIntegrationelement inreport is tonetwork sarchitectu In collaboharmonizeregime, winteroperasystems, and safe m

mmary rt constitut

stem integrSeamless part of the

e System (Vrt use the ustructure, 2

Portfolio andthe propoodology us

oduction of equipmn providingo provide t

standards, ure to be us

oration withed on-boar

whether by able radio cautomationmanner, us

tes deliveraration archRoaming f

e Maritime VDES). user needs2015) combd proposessed requirsed, is the

on ment in ong the shipbthe first steand installsed.

h Work Pacrd architecIMO and Icommunicn systems sing intellig

able D2.10itecture. Tfunction, thCloud (MC

s describedbined with s a set of rements, th(ISO/IEC4

-board netboard compep in analyation trend

ckage 3, incture, whichEC instrumation devicand other

gent netwo

of

0 in the Effhe architeche MaritimeC), and the

d in (E2-T3analysis o

requiremenhe report s42010, 201

tworks takiponent of tysing the avds, to form

nput is provh, while re

ments, or bces with toelectronic

ork controll


f 91

ficienSea2 cture is intee Cloud Cl EfficienSe

3.1, Analysof the servints for the uggests an11)

ing cyber sthe maritimvailable ona recomm

vided towaspecting th

by Class, wday's and

c data proclers to sep


project. It egrating thient Comp

ea2 Task 2

sis report oces specifiarchitecturn on-board

security intme cloud. Tn-board commendation o

rds the defhe current

will promotetomorrow'sessing sysarate the n


describes he EfficienSponent (MC2.1 VHF Da

on communfied in the Mre.

d architectu

to account The scope mponents,on the netw

finition of atype appro

e the integs navigatiostems in a networks.

om

the on-Sea2 CC), the ata

nication Maritime

ure.

is a key of this , existing work

a oval ration of

on reliable

3 Defi AE AIS ASM DMZ DOS E2 ECDIS FW GPS GW ICS LOS MC MCC MMS MSP QoS RADAR

SOLAS

VDE VDES VDR VTS

Wi-Fi

initions

ArchitectAutomatiApplicatioDemilitarDenial OfEfficienSElectroniFirewall Global PoGatewayIntegrateLoss of SMaritime Maritime Maritime Maritime Quality oRAdio DeSafety ofamendmVHF DataVHF DataVoyage DVessel Ta trademNetwork)

s and Ac

ural Elemec Identificaon Specificrised Zone f Service ea2 c Chart Dis

ositioning Sy d Commun

Service Cloud Cloud ClieMessaginService Pf Service etection Anf Life at Seents) a Exchanga ExchangData Recoraffic Servark of the

)

cronym

ent ation Systec Messagin

splay and

System

nication Sy

ent Compog Service ortfolio

nd Ranginga (SOLAS

ge ge Systemrder (IEC 6ice Wi-Fi allian

of

ms

em (IEC 62ng

Informatio

ystem

onent

g (IEC 623S Conventio

61996:201

nce (WLAN


f 91

2320:2008

n System

388:2013)on, 1974, w

3)

N or Wirele


)

(IEC 61174

with

ess Local A


4:2015)

Area

om

4 MetDue to thethe entire kind of thiwhich bindsystems. the architemaritime c To suppora recognizhas used Architectu Literature GroundedStakeholdThe proceillustrated

thodoloe rules andelectronicnking is reds the MarThis beingecture mucloud and

rt future vazed way tothe standa

ure Descrip

supporting

d in this staders, Concess to follo in Figure

ogy d regulationc infrastructequired to britime Clou

g stated, houst be provas such su

alidation ofo describe ard: (ISO/IEption.

g the stand

andard, thecerns, Vieww and the 1.

ns in the mture of a shbe limited tud Client Cowever, it iven (testedupport fulfil

f the on-bothe on-boaEC42010,

dard is (Ro

e descriptiowpoints and

steps take

of

maritime dohip to be ato the nove

Componentis reasona) to be a vlment of re

oard MCC aard archite2011) Sys

ozanski & W

ons in this d Perspecten to provid


f 91

omain, onea subsystemel part of tht (MCC) to ble to suggalid part of

equirement

and to provcture. This

stems and

Woods, 20

documenttives. de a recom


e cannot imm of the mhe shipboathe existin

gest that thf the architts to the m

vide a descs work prodSoftware e

013).

make use

mmended a


mmediatelymaritime cloard architecng type apphe novel patecture of t

maritime clo

cription thaducing thisengineerin

e of the con

architectur

om

y consider oud; this cture proved arts of the oud.

at is using s report g –

ncepts:

e is

FFigure 1 Proccess to follow

of

w to produce r


f 91

recommende


ed architectur


re

om

5 Sco

5.1 IntrBy today (global fleeannum. Ayear to baare small perhaps 2MC shoulthe MC im‘critical masafety andpractical tfulfil its po This real-whence notComponeexisting ruoperationsit could beLack of suimplemenof the MC The approthe fundamnecessariin full resprules. Whpositive siand integrwith the Mdescribe tequipmenincomplet

5.2 Bac

5.2.1 ThFrom the particular

pe and

oduction (2015), in et. Comme

Assuming aalance scraand intend

2.000 per yd not be so

mplementatass’ wouldd efficiencyterms, the otential.

world impat be undere

ent (MCC), ules, regulas and marie. uch compantation beyoC even befo

oach chosemental thely must bepect of theile this maide-effectsrated ship

MCC. Indeethe MCC wnt – if not, tte.

kground

e Heritageearly 1990focused o

Contex

rough numercial expe

a service lifapping andded for locayear – is a omething wtion rate w

d be too lony would imMC must a

act on the estimated:from every

ations, equitime equip

atibility couond limitedore it goes

en in the wesis being te an add-onir present fy seem as

s, one beincontrol sys

ed, as a dirwithin the frthen the co

e 0s, to the mn on-board

xt

mbers, thererts in the mfe of, say, 3d to provideal trading, potential ta

which just would be tong, unneceprove becalso apply

MC, its fun unless they relevant uipment anpment man

uld even turd testing inbeyond an

work reportthat the MCn to existinfunction an

s a constrag that prevstem archirect result ramework ompatibility

middle of thd infrastruc

of

re are apprmaritime d30 years, se the expeeach of tharget for thnew ships o low, and

essarily pocause of the

to the exis

nction, chae MC, andvantage p

nd culture onufacturing

rn out to bn isolated gn embryon

ted in this dCC, as a reng ship sysnd entirely int from sovious work tectures isof this lineof existing

y of the MC

he first decctures and


f 91

roximately domain expsome 3.00cted growte remaininhe Maritimewill benef

d, correspostponing the MC. Thusting fleet a

racteristicsespeciallyoint is fundof commer

g, it is less

e an unsurgeographicnic state.

document esult of thestems and

aligned toome perspe

on ship sys suitable ae of thinkingg referenceCC to the p

cade of 200control sy


63.000 SOpect a grow0 ships areth. While sng part of the Cloud (Mit from; if thndingly, thhe day whes, both con

and future

s and archy its on-boadamentallyrcial shipbulikely to be

rmountablecal areas, c

reflects thie argumeninstrument the preseectives, it hystems, shas a foundag, it must b

e models ofpresent wo

00, two resystems, one


OLAS shipswth rate of e being bu

some of thehese new

MC). Howehat was thehe timespaere the manceptuallybuilds in o

itecture, shard Maritimy compatibuilding, shiecome the

e barrier tocausing the

is understats presentetation infrant set of rehowever a

hip infrastruation for thbe possiblef ships and

orld is prob

search proje being the

om

s in the 2% per

uilt every ese ships ships – ver, the e case, n to reach

aritime and in

order to

hould me Cloud le with thep success

o e demise

anding, ed,

astructure, elevant lso has uctures e work e to d ships ably

jects in e

e

ATOMOSother one cooperateinfrastruct2001; DISDISC projsystems –(ISO/IEC4One suchgrouping pcomponen1997)): • The

positetc.,prop

• The genethe abst

• At thdescinto stan

The thinkiand perhaControl sythe three

S Consortiubeing the

ed on bringtures and i

SC II). Direject aimed – or, in oth42010, 201 AD is shophysical shnts and a g

‘Generic’ tion, speed but the g

pulsion con‘Compon

eralise, i.e.correspondtraction pyrhe lowest lcribed with5 to 10 gdardized m

F

ing expresaps more rystems. Onoriginal DI

um (ATOMMiTS Foru

ging forwarintegrationctly applicaat providiner words, A11). own in Figuhipboard dgeneric gro

level cond, headinggeneric layntrol etc. nent’ level . informatioding impleramid. level, whic

h a relativeroups. The

modelling is

Figure 2 - Abs

sed in the refined andne such exSC layers

OS, 1994;um (The Mrd a comm mechanisable to theng a commArchitectur

ure 2, whicevices into

oup, each b

tains inforg, destinatioyer also co

contains on that is dementation

ch is the ‘Lely low nuerefore, sims possible

straction of t

original DId evolved Axample comare expan

o

ATOMOSMiTS Forum

on suggessms, joininge matter at mon undersral Descrip

ch introduceo (from botbeing defin

rmation peon, name ontains ge

ship spedefined by n of the sy

Level of Sember of vmilarly to wat this lev

the DISC ISC-

ISC ISC abArchitecturmes from (nded to five


of 91

S II, 2000; Am, 2015). Tsted standag forces in hand, part

standing ofptions (AD)

es a three-ttom to topned as follo

ertaining toof the ship

eneric func

ecific detathe specifi

ystems be

ensors andariants, e.what was el.

-System, from

bstraction ral DescripRødseth, C

e. While the


ATOMOS These two gard for Intethe two D

t of the wof integrated), as this te

-layer abstp) sensors ows (edited

o the shipp, general ctions such

ails that aic configuring consid

d Actuatorsg., valves the case

m (DISC, 1997

pyramid istions of IntChristensee two conc


IV, 2002), groups mo

egrated ShISC projec

ork in the od ship conterm is used

traction pyand actuatd from (DIS

p as an emachineryh as navig

are not poration of thedered as p

rs’, such decan be g

at the gen

7)

s reflected tegrated Sen, & Lee),cepts are q

om

and the oreover ip Control cts (DISC, riginal trol d by

ramid, tors, SC,

ntity, e.g.,y conditiongation and

ossible toe ship andpart of the

evices areeneralised

neric level,

in later, hip where

quite

, n d

o d e

e d

similar in interconneinterconne‘Layer’ is interconneelectrical With the dfrom ‘botto • ‘Inst

highcomseemActu

• ‘Proc(199dive

• ‘Intethe D

• ‘Genwhicpres

• ‘Off-wousupp

EspeciallyLee) is se

many respectivity; in ection betwbroader inections. Thconnection

definition aom’ to ‘top

rument Laer-level apmands de

ms to be cuators’; cess Laye

97) abstracrgence betgrated ShDISC (199neral Ship ch are irrelsent work, ship Layeld come toplemented

Figure 3 -

y the moreeen as usef

pects, it shothe (Røds

ween devic its definitihe horizontns between

above in mip’, as follow

ayer’ – whpplications

evices at thclose to, or

r’ – which ction pyratween the ip Control 7) ‘GenericLayer’ –

levant to ISlike infotainr’ – which

o consider with the fa

Schematic S

evolved ISful in the c

ould howeveth, Christces, rather on, and dotal lines in n the three

ind, (Rødsws:

hich defines that utilizhe bottom r even iden

appears tomid, but wtwo mentio(ISC) Lay

c Layer’; which comSC, but whnment netw, for all pras part of

acilities and

hip Network

SC Ship Ncontext of t

o

ver be nottensen, & Lr than the Does not expthe DISC

e layers.

seth, Christ

es the intezes the infof the ‘Ins

ntical with,

o be similawhere a coned mode

yer’ – whic

mbines tophich are sworks and ractical purthe ship-sd services

Architecture

etwork Archis docum


of 91

ed that theLee) terminDISC (1997plicitly diffeAD howev

tensen, & L

erconnectiformation strument L the DISC

ar to the ‘Ccloser scruels with resh is seen

p-level, shensible to shipboard

rposes, enshore comm

offered by

from (Rødse

chitecture fent since i


e latter AD nology, ‘La7) model der betweenver imply th

Lee) descr

on betweeprovided,

Layer’, Con (1997) ‘La

Componenutiny probaspect to layas being s

ip-wide fuconsider i

d administrancompassemunicationy the MC.

eth, Christens

from (Rødst has its fo


focuses oayer’ thus mdefinition, wn devices ahat there a

ribes five la

en sensorand in so

nceptually,ayer of Se

nt Layer’ inably wouldyers 2 andsimilar in p

nctions wiin the con

ration; es the funcns solutions

sen, & Lee)

seth, Chrisocus on

om

n means the where and re

ayers,

s and theome cases this layer

ensors and

n the DISCd reveal ad 3; purpose to

ith entitiestext of the

ctions ones of today,

stensen, &

e s r d

C a

o

s e

e

interconneproviding as their tyarchitectuthe extenstunnels, tocritical dev In way of the (Røds

5.2.2 SO

5.2.2.1 NThe SOLAequipmeneach entitrequiremeconformanInternationStandards As an illusrequires thaccordingindependeand charaMSC.192(in practicehave theircites a nuensures imdocumentrequired tEquipmenpassing th One issueequipmenseen as adevice is a

ection, rathan overvie

ypical, immure could resive usageo segregatvices and

topology dseth, Christ

OLAS, Car

Navigation AS convennt that a shty of such eents, knownce againsnal Electros’.

stration of hat all ship

g to Sectionent 3 GHz acteristics o(79):2004,e, that equr equipmenmber of otmplicit fulfits and proco use only

nt Directivehe relevant

e is in partint is Type Aan indepenapproved a

her than onew of the b

mediate relaelate to she of securitte network type appro

descriptiontensen, &

riage Req

and Comntion dictatehip must caequipment

wn as ‘Perfost the Perfoo-technical

this chain ps above 3n 2.7.1 of tRADAR if

of these on upon whicipment supnt ‘Type Apther IEC stlment of alcesses, Eu

y equipmene (MED), fot tests.

icular relevApproved adent islandas a RADA

n devices. basic functiationships,ip – off-shity devices segments

oved entitie

, the work Lee) five-la

uirements

mmunicatioes the min

arry to fulfil t, the IMO ormance Sormance SCommissi

of requirem300 gross tthe same rthe ship is

ne or two Rch the test ppliers whopproved’ intandards also the latturopean shnt which haor which eq

vant for theaccording td – so in thAR device

o

As such, tions and/o including ip integratiin the form

s and to proes.

being repoayer AD, in

s and IMO

ons Equipnimum set o the Convehas moreo

Standards’,Standards oion (IEC) p

ments, SOtons are to regulation, s above 3.0RADARs aspecificat

o wishes ton accordans being ma

ter. In addithips – i.e. sas been apquipment i

e present wto its basiche case de- only.


of 91

the (Rødser devices ialso – impon. It is als

m of firewalovide cybe

orted on inncluding th

O Type App

pment of navigatiention – thover publis and to maoperationapublishes a

LAS Ch. Vcarry a 9 Gmust be s000 gross

are describion IEC 62o manufac

nce with IEandatory; ftion to thisships whichpproved acs rewarded

work: navigc function, escribed in


eth, Christen an ISC a

portantly – so seen asls, gatewa

er-security

the presehe defined

proval

on and come carriage hed a high

ake assessal and reproa correspon

V, Reg. 19,GHz RADAupplementtons. In tued in IMO

2388:2013 cture marinC 62388:2fulfilment o complex oh flies a Euccording to d the ‘Whe

gation and and is, as the forego


ensen, & Larchitecturehow an IS

s worthwhilays and VPisolation fo

ent documemeaning o

mmunicatirequireme

her-level sesment of oducible, tnding set o

, Section 2AR, which,ted with anrn, the proResolutionbuilds. Th

ne RADARs2013 – whicof the formeof approvauropean fla

o the EC Meelmark’ up

communica starting

oing, a RAD

om

Lee) is e, as well C le to note

PN or mission

ent adopts of ‘Layer’.

on ents. For et of

he of ‘Test

.3.2 , n operties n is means, s have to ch in turn er

al ag – are aritime pon

cations point, DAR

To ensurestandardsthe correscommunicunderstoorugged – communic As toucherequiremecommunicthe realm overall rulspawned navigationdevices likmembers RADAR, Ethe correcwell as mo

5.2.2.2 EThe Classregime whsystems, and segre Where shrequiremedifferent psystems –of an examfeatures a From an adescribedand actuastandardiz

• Bin• An

volmA

e the integrs often pressponding incations staod in the mand, as a bcations.

ed upon brents and thcation equof navigat

les set forta set of Pen functionske VHF, Mof the GM

ECDIS, Hect function ore genera

Equipmentsification Shen it comeand publis

egation of f

ips are quents, they hpropulsion – the list is mple, whileand automa

architecturad above, in ators, and tzed within

nary sensoalogue sentage or a c

A outputs b

rity of naviscribes dirnterface standards aremaritime do

benefit to c

iefly in the he IMO typipment. Retion: any seth by SOLAerformances. This mea

MF, HF, FleMDSS clan,eading Conof navigati

al-purpose

t for Alert,Societies ares to equip

sh rules forfunction.

ite generichowever dplants, auxvery long,

e all ships ation level

al vantagethe sense

the ‘Instrumthree area

ors which cnsors, whiccurrent is pbeing the m

gation sysect interfacandards. Ine almost umain, and cyber secu

foregoinge approva

eferring to eagoing shAS Ch. IV ‘e Standardans that theeet broadba from a rul

ntrol (autopion systemsensors li

Monitorinre to a greapment for sr their desig

c when it coiffer muchxiliary engi and the nhave geneof individu

e point, AMe that at thement Layeras:

conceptuallch usually proportionamost comm

o

tems and sces between the latterniversally are chara

urity, they d

, the main l regime fathe latter,

hip above 3‘Radiocomds and Tese primary fand, Watchles-based pilot), to th

ms (Gyro, Gke wind sp

ng and Coat extent reship-boardgn, perform

omes to thmore in thines, valve

number of veric systemual instanc

MC systemse lowest ler’ interface

ly are contprovide an

al with the monplace),


of 91

subsystemen systemr context, tused. Thescterized asdo not allow

functions/dall in the spthe rules b300 gross

mmunicatiost Standardfunctions oh Receivervantage poe sensor p

GNSS, echpeed and d

ontrol (AMeplicating t

d Alert, Monmance, res

e navigatiohe AMC spe systems, variations v

ms like a ‘Bes are, aga

s however vel they us

es to such c

tacts whichn industrialmeasured


ms, the IMOs, and almthe family ose interfacs being staw extraneo

devices gopheres of nbase is verytons has tons’, which ds, similarlyof voice/dars, and theoint are co

packages ro sounder

direction, N

MC) the IMO Tynitoring ansponse tim

on and comhere: Shipswitchboa

very large.Ballast Watain, varied

follow the se relativelcomponen

h can be ei-standard value (0-1


O Type Appmost alwaysof IEC 611

ces are weable, effectous

overned bynavigation ry similar too comply win turn hasy to the wo

ata commue other variomparable required tor(s), speedNAVTEX an

ype Apprond Control es, interco

mmunicatiops are outfiards, tank g. Moreoverter Systemd in many r

ideas in thly standard

nts tend to

ither closedinterface w

10 VDC an

om

proval s dictates 62 serial ll tive and

y carriage and o that in with the s orld of nications ous to ensure log(s)) as nd AIS.

val (AMC)

onnections

ons tted with gauging r, in way ’, the

respects.

he AD d sensors be

d or open, where a nd 4-20

• Fiefor or athis

Irrespectivinstrumencomply wiIf the equiinstead; m The consulower levewhich canthan not ainstallationalmost exproprietarsmall-pacone protorequireme AMC systdescribedone descrAMC systof AMC syship-specthe Classiprocess, iapproved particular question, interconne

5.2.3 TypIrrespectivin the IMOignored, hthan implyand the deindividual ships are or be able

eld-buses, informatio

analogue is level.

vely, it shont level, is rith the envipment is a

more often

umers of dels of the An be either are interconns this cou

xclusively Ery, since mcket, near-rcol concur

ents from s

tems are gd for navigaribed abovtems are mystems is b

cific configuification Sot is validat‘building bship and pand, of paections and

pe Approvvely of the O type apphowever rey, the SOLemands incomponenfree to be

e to mainta

most oftenon more coinformation

ould be notrequired tovironmentaalso be usethan not, s

data (and thAD) connec

PLC-typesnnected atuld include Ethernet. P

many supplireal-time crrently, prospecific ser

oing throuation and cve, driven bmuch more based on turations, anociety chosted that theblocks’, andplant are aarticular reld infrastruc

ved ‘clustrule and rroval or th

estrictive anLAS convenn SOLAS ants, do notmore lavis

ain the man

n using IEComplex thann, but also

ted that all o be ‘Type l standardsed in the ssuppliers c

he correspcted to the s or PC-typt the ‘ProceHDLC, Ar

Protocols vaers believeommunicaviding datarvices and

gh an apprcommunicaby the natu

varied thathe submisnd of testssen by the e systems d that the rdhered to, evance in ctures.

ers’ egulation be Class typnd rigid thention is conre set fortht exceed a shly equippndatory tra

o

C 61162-tyn what it isCanbus a

hardware Approved’s describehip’s bridg

choose to c

ponding pro ‘Instrumepes of hardess Level’ rcnet and Eary at the ‘e that certa

ations. Soma transmispurposes,

roval proceations equiure of the ban the lattession of dras of the ind

ship owneunder scrurelevant ru including this contex

base, i.e. wpe approvaese procesncerned wh to ensuregiven max

ped than stading perm


of 91

ype sentencs possible tnd Profibu

involved a’. This mead in IACS e, it has tocertify agai

oviders of cnt Layer’ isdware – prusing som

Ethernet, in‘Process Lain propert

me suppliersion which, rather tha

ess which ipment, bubeast: as der two domawings andividual syser for a parutiny are coules and rethe performxt, the seg

whether theal domainssses may s

with the safee that a shximum levetated by thits without


ces or Modto convey ws are relat

and/or connans that haE10 (IACS

o fulfil (IEC inst both st

commandss usually processors w

me kind of nn newer insLevel’, but aties of TCPrs are also

h is optimizan one-size

is comparat it is moreescribed inains. In prad functionastems, undrticular shipomposed egulations imance of tregation an

e approvals, the rationseem to beety of the cip as a whoel of accephe Convent

being in c


dbus RTU with simpletively often

nected to tardware is S).

C 60945, 20tandards.

s to devicerocess comwhich morenetwork. Installations are very ofP/IP are ill-o using mozed to the e-fits-all.

able to thee individuan the foregactice, the

al descriptioer the ausp. During tentirely of tin force forthe systemnd isolatio

l regime is nale shoul

e. As the nacrew/passeole, as we

ptable risk. tion, they w

compliance

om

telegramse binary in use at

the tested to

002)

es in the mputers, e often

n older this is ften -suited for re than

e one l than the

going, approval

ons of pices of his type r the

m in n of

grounded d not be ame more engers, ll as its While

will not gete with

s

t

SOLAS, aPerformanensure thato the mar Within theexactly thintegrity, dsafety andvaluablesan internausually is financing words, anClass rulewith a lon One practboard sysboard systime limite‘meant’ toboard syssystem re(AMC) syswill also bbeing ‘closystem thfunctions both.

and the assnce Standaat capabilitriner.

e scope of e same midependabid wellbeing. The cons

ationally reunable to for building

ny recognizes – also cog list of int

tical result stem is govstems are ced to integro work togestems like iepresents ostems are

be clear thased worldsat is not tywhich com

AutomatioSystem

Commu

Di

Figure 4 – C

sociated seards and thties which

machineryission as IMlity and resg of the cresequence ocognized Cbe insuredg or acquirzed ship owonsideringternational

of the typeverned by tcreated ourate deviceether. For tit has beenone such ctwo other

at these sys’: one canype approvmpromise th

NaS

on

unications Devic

irect links

Conventional

et of presche correspare deeme

y and automMO, and thsilience of ew, the proof not meeClassificatid by a recoring a non-wner does that Classrules and

e approval the IMO ort of type a

es and to pthis reasonn done alsocluster, the archetypic

ystems essnnot directlved for the he type ap

avigation System

e

Type-aDirec

(2016) topolo

o

cribed safeponding IECed to be cr

mation sysheir rules aa ship and

otection of eting and reion Societyognized un-conformannot have a

s rule comregulation

regime, irr by Class,pproved ‘b

provide funn, it is in mo in the for communic

cal clusterssentially arey add compurpose a

pproved fun

GMDSSystem

Firew

approvedct links

ogy showing


of 91

ty standardC Test Staritical to life

stems, the are formulad the ship sthe enviro

emaining iny is that suderwriter. nt ship will a choice bupliance ims besides

respective is what co

building blonctions whiany cases regoing (secations syss. Followinge meant to

mponents oas approprinctionality

Sm

wall/Router

clusters of t


ds. Indeedandards aree at sea ar

Classificatated to enssystems wnment andn complianch a ship, This meannot be ava

ut to be in plicitly ensIMO.

ly of whethould be calocks’, but thch, througmeaningfu

ee Figure 4stem and tg the argumo be kept ar devices tate, and oof such an

Public Address

In

ype approved


d, the IMO e formulatere always a

tion Societsure the sa

which influed the presence with theand its ca

ns, in practailable; in ocomplianc

sures comp

her a particlled ‘clustehey are at h the Ruleul to subdi4): The navthe automaments pres

apart, as weto either ty

one cannot n entity, clu

nfotainmentSystem

d equipment

om

ed to available

ties have afety, nces the

ervation of e rules of rgo, tice, that other ce with pliance

cular ship-ers’: On-

the same e base, arevide ship-vigation ation sented, it ell as

ype of add

uster, or

e

The excepadditionaldevice or rule and ralso seembut also bdedicatedworkstatiocontrol, onhere is sethe risk of

P

5.3 TheThe argumbut also ohowever aco-exist wthe upcom

• Thca

• Thsy

• ThM

ption for th devices aapplication

regulationsm to involvebetween end for particuons can cone network

egregation f corruption

AutomationSystem

Communic

Direc

Performance daSuppliers Re

Figure 5

e MC and Mment that iton the existalso clear f

with type apming MC se

he on-boaran be provhe on-boarystems andhe on-boar

MC/MCC do

his practiceand/or funcn, while ob

s in force. We the extenntities at eaular purpos

onceivably k for adminand the enn of essent

NavSy

cations Device

ct links

ata (could be offemote Diagnosti

5 - State-of-th

MCC in Cot is necessting fleet isfrom the fopproved cluervices to t

rd architecvided to therd architecd clusters ord architecoes not vio

e is usuallyctions do nobserving thWhen it consive use oach layer, ases (see Fbe connec

nistration, ansuring thatial service

vigation ystem

f-line)cs

ChS

Type-aDirec

he-art topolog

ontext sary for thes a primaryoregoing thusters, thethe marine

cture must e mariner;cture has toof systems

cture has toolate mand

o

y tied to beot violate tat the addmes to netof gatewayas well as igure 5). A

cted to oneand one neat no data fes.

GMDSSystem

art Updating (coSuppliers Remot

Firew

approvedct links

gy (2016) sho

e MC and My dimensiohat it is insue architectuer:

support th

o be so thas; o ensure thatory funct


of 91

ing able tohe type ap-ons are totworked sy

ys and firewthe usage

As an exame network fetwork for flows from

SSm

ould be off-line)te Diagnostics

wall/Router

owing a highe

MCC to ben of the coufficient thaure must be

at eNaviga

at it does n

hat the losstions;


o demonstrpproved nao be complystems, bewalls, not oof multiple

mple of thisor alert, mCCTV; theone doma

Public Address

)

er level of inte

e fitted not ontext. Withat the MCCe so that th

ation functi

not compro

s of conne


rate that suature of theliant to anyst practice

only betwee networkss, operator onitoring a

e importantain to the n

InfotainmentSystem

tegration

only on nehin that, it C is simplyhe MCC ca

ions and s

omise type-

ctivity to th

om

uch e host y relevant e does en layers,

s

and t issue next, with

ew ships is

y able to an provide

ervices

-approved

he

• Thbe

5.4 ArchTo be ablehave a nedescribedOne suchanother, wapproved IMO Perfothey nevearchitect. Figure 6 selements

• e-N• Aut• Na• GM• Info• IEC• Pu• T2

The MCCVSAT, T2 Elements Figure 3, each repr

he topologest practice

hitecturae to produ

eed for comd from a nu view, whic

which is monavigation

ormance Sertheless ha

show a potare clearly

Navigation tomation S

avigation SyMDSS Systotainment C61162-46blic Addres.3 Roamin

C as well as2.1 VDES a

that can bsuch as EC

resent a ce

gy of the one for secur

l Elementce candida

mmunicatioumber of arch is well rore implicitn and commStandards aave to be k

tential concy visible:

Services System ystem tem system

60 ss g

s the elemeare clearly

be identifiedCDIS, RAD

ertain funct

n-board arcrity, protec

ts (AE) ate architecon with the rchitecturarepresentet, is the funmunicationand the IECknown to, a

ceptual mo

ents providalso an AE

d from e.gDAR, AIS mtion within

o

chitecture ction and se

ctures, the MC throug

al views, ased in the abnctional viens devices C Test Staappreciate

odel of the

ding the vaE

. may not nethe Naviga


of 91

has to be iegregation

e essential gh the MCs set forth bbove, is theew: becausand comp

andards, thed and und

architectu

arious com

eed to be itation Syste


in compliann of infrastr

elements, C, are to bby (ISO/IEe physical –se the funcponents arehese are seerstood by

re. Some a

munication

tems in theem.


nce with thructure.

i.e. elemebe identifieC42010, 2– topologicctionality oe inherent eldom exply the syste

architectur

n services,

e architect

om

he industry

ents that ed and 2011). cal – view;f type in the licit, but

ems

ral

such as

ure, since

y

e

For claritythe lower Figure 6 nstandardsE10 or IECphysical pcommunicreason, thexample, and certaitechnolog

AutS

eNavigationServices

F

y, it should half of

not necesss and test sC 60945 fo

proximity tocations reqhere may nwould be tin kinds of

gy.

tomationSystem

Commun

Commun

Commun

Direct links

Figure 6 – Po

be noted t

sarily are tystandards. or shipboao the ship’squirement wnot be a relthe case foterrestrial

Navigation System

Onboard Ext

IEC 611

nications Device

nications Device

nications Device

TypD

otential/conce

that the thr

ype approvIndeed, w

rd use, thes navigatiowhich is nolevant set or a WiFi dcommunic

o

GMSys

ternal-enabled Ne

162-460

Roam

FW

pe-approvedDirect links

eptual ship-b

ree individ

ved accordwhile such de relevant son bridge, tot mandateof perform

device, certcations net


of 91

DSSstem

etwork

ming Device (cost-o

oard eNaviga

ual commu

ding to an Idevices hastandard bthey are seed by rules

mance standtain kinds otworks, suc


Public Address

optimized routing)

Typ

ation topolog

unications’

MO/IEC seave to confbeing depeeen here as and reguldards avaiof satellite ch as mob


)

InfotainmentSystem

ype Approval Dom

gy

’ devices s

et of perforform to eithndent on ts fulfilling alations. Foilable, whiccommunicile phone

om

ain

shown in

rmance her IACS he a

or this ch, for cations

6 ViewThis chapdefined scExperiencviewpoints

• Co• Fun• Info• Co• De• De• Op

In WP2, T

6.1 ConThe contethe on-boThe conteinvolved infrom the sConcerns

6.2 FunThe functiresponsib

6.3 InfoThe informmanages

6.4 ConThe concuoperating/Since the and functiviewpoint However, prioritizati

6.5 DevThe develprocess. The architeasy deve

wpointspter identifiecope for Tace from uses are recom

ontext nctional ormational

oncurrency evelopmenteployment perational

Task 2.4 we

ntext Viewext viewpoiard system

ext viewpoin various sship. s/requireme

ctional Vional viewp

bilities, inte

ormationamational viand distrib

ncurrency urrency vie/servicing architectu

ionality relyis a given the viewpon and the

velopmenlopment vi

tecture andelopment o

s es the viewask 2.4. e of the (ISmmended

t

e have not

wpoint int describ

ms and theint is consiservice con

ents seen f

iewpoint point descrrfaces and

al Viewpoewpoint debutes inform

Viewpoinewpoint bain multiple

ure in scopeying on thito consideoint may be architectu

nt Viewpoewpoint de

d the data of services

wpoints im

SO/IEC420for consid

t identified

es the relair environmdered to bntexts i.e. a

from all rel

ribes the s

d primary in

oint escribes thmation.

nt asically des

contexts.e is centras communer. be simplifieure behavi

oint escribes th

communic.

o

portant for

010, 2011)eration:

further vie

ationships, ment. be fully releall services

levant type

system’s runteractions

he way the

scribes the

al in communication nee

ed to requiriour in spe

he architec

cation proto


of 91

r the on-bo

methodolo

ewpoints.

dependen

evant sinces that invol

es/classes

untime funcs.

architectu

e architectu

unication toeds to ope

rements recial situatio

cture that s

ocols and


oard archite

ogy is that

ncies and in

e the architlve commu

of services

ctional elem

re stores,

ural behavi

o/from the erate concu

elated to coons e.g. in

upports the

data struct


ecture with

the follow

nteractions

tecture in sunication to

s must be

ments, the

manipulate

iour when

ship and surrently, th

ommunicat distress.

e developm

tures shou

om

hin the

ing

s between

scope is o and

included.

ir

es,

services e

tion

ment

uld support

t

6.6 DepThe deplodeployed.Since we takes the recommenbe defined

6.7 OpeThe operaand suppo

ployment oyment vie. have the oexisting inndation and.

erational Vational vieworted when

Viewpoinwpoint des

overall goafrastructur

nd the exist

Viewpoinwpoint desn active.

nt scribes the

al of recomre into consting infrast

nt scribes how

o

e environm

mmending asideration tructure, a

w the archi


of 91

ment into wh

architectureand identifperspectiv

tecture wil


hich the sy

e in our defies the gave dealing w

l be opera


ystem will b

efined scopap betweenwith deplo

ated, admin

om

be

pe that n the oyment will

nistered

7 ViewThis chaprerequisiintegrated Efficient cdifferent soperation share, stomatrix outtime aspeThe table The e-Nafrom memorganizatiInternationAuthoritieInternationCommissiIn defininservices hVarious ohave furth The TaskviewpointsAt this timsince this MSP show

ws apter descites and /d ships net

communicsystems pand monit

ore and tratlining the

ect. does not i

avigation smber stateions, inclunal Radios (IALA), nal Marition (IEC).

ng the curhas been dther works

her refined

k 2.4 analys describe

me of writiis work on

wn in Figur

cribes theor requiretwork.

cation solurovides netoring to rensfer data user need

include wh

strategy has of IMO uding the o-Maritime

the Inteime Cou

rrent and defined, nas, MarNIS,the servic

ysis work d in chapteng (April 2

ngoing. E2re 7. This n

e operatioments for

utions andew way ofeporting oris the key

d, services

hat is requir

as been deand a num

Internatioe (CIRM)ernational ncil (BIM

future maamely: The

Flagship, ces defined

to produceer 6, and b2016), the Task 2.2 numbering

o

onal needsr the desig

d enhancef doing “olr analytics to succes

s in use, d

red by and

eveloped mber of Inonal Hydr),the Inte

ChamberMCO) and

aritime com Maritime SEfficienSe

d by MSP.

e Views hbasing the ere is a bithas produ

g is also us


of 91

s/views thgn of the

ed ability td stuff” -of historics. In the ta

data type a

d fulfilled by

by IMO (Nntergovernmrographic rnational r of Shipd the Int

mmunicatioService Poea, Monalis

as resulteviews on tt of confusced the ov

sed in the w


hat shall on-board

to integratall the wa

cal data. Thable below and data n

y the insta

NSCR-1/28mental andOrganizatAssociatio

pping (ICSternational

on needs,ortfolio (MSsa, ACCSE

d in combhe MSP. sing numbverview of work of Tas


be consarchitectu

te informaay from plahe possibiwe have p

needed inc

alled GMDS

8) with cod non-govtion (IHOon of LS), the B Electro

, a set ofSP). EAS and M

bining seve

bering of thcurrent desk 2.4.

om

idered asure for the

ation fromanning viality to use,prepared acluding the

SS.

ntributionsvernmental), Comité

LighthouseBaltic and

technical

f maritime

MonaLisa2

eral of the

he MSP’s,efinitions of

s e

m a ,

a e

s l

é e d l

e

2

e

, f

MSP reference

MSP 1MSP 2MSP 3MSP 4MSP 5MSP 6MSP 7

MSP 8

MSP 9MSP 10MSP 11MSP 12MSP 13MSP 14

MSP 15

MSP 16-----

Fig

Maritim

VTS IVTS NavigatVTS Traffic

LocMaritime Sa

Ves

Telemedical MaMaritime

NaNautic

IceMeteoro

real-time hydrogra

Search aRemote m

C

gure 7 Maritim

me Service (IALA W

Information Service tion Assistance Serc Organization Servcal Port Service (LPafety Information (MS

Pilotage ServiceTugs Service

ssel Shore Reportin

aritime Assistance Se Assistance Serviceautical Chart Serviccal Publications Sere Navigation Service

ological information saphic and environm

servicesand Rescue (SAR) monitoring of ships sOffshore activitiesFishing activitiesLeisure boating

Coastal surveillance

me Service P

WG3) S

(IS);rvice (NAS)vice (TOS)PS)SI) service

ng

Service (TMAS)e (MAS)erviceeserviceental information

Servicesystems

e

o

Portfolio (MSP

EfficienSea 2Selected & ref Use C

MSP 1MSP 2MSP 3MSP 4MSP 5MSP 6MSP 7

MSP 8


MSP 15



of 91

P) as defined

Cases

Ic


by IALA and

EfficienSea 2 M(WP

VTS (tatasktask

Port informatMSI & NM

Port reportiSRS reportin

Self‐organising emSea charts

ce Cat Service ‐ chartMETOC (

Self‐organising em


E2

MSP use casesP2.2)

ask 6.2)k 6.2k 6.2tion (task 5.2)

M (task 4.2)

ng (task 5.2) ng (task 6.2)mergency (task 6.1)s (task 4.4)

ts & forecast (task 4.7task 4.3)

mergency (task 6.1)

om

7)

Category

Task 4.5 M

Task 4.5 3

Task 4.6

Task 4.6Task 6.1 1

Task 4.6

Task 5.3

Task 6.2

Task 6.2

Task 6.3

Task 5.2

Task 4.7

Task 4.2

Task 4.4

Task 4.3

Task 5.1

Figur

MSP

MSP 5/14/15/18

MSP 3/18/(others?)

MSP 1/8

MSP /2/3/4/6/13/14

MSP 1/2/3

MSP 1

MSP 8

MSP1

MSP8

MSP 10/16

MSP 4

VTS &

Port Infor

MSP 13 Ice ChServic

MSP 5

MSP 11

MSP 14

Route

Smart b

Sea Ch

Weat

Port Rep

MSI &

MSP 8

re 8 MSP Use

Po(prio

Po(prior t

MSI &

Real t

Sea C

Sea Char

Smart buo

Smart Buoy

A

RRoute info'Route optim

(Ex. Arctic na

Route informatiinc

Ro

Ice Cha

Ice Cha

Ice Chart

Ice Chart

Po

PoComm

VT(see also

SR

SRS

Self-organizing e(Arctic are

rmation

Emission Mon

harts ces

UseCas

data

buoys

harts

ther

porting

NM

o

cases and re

ort Reporting or to port entry)

ort Reporting to port departure)

MSI & NM

NM (Hydro data)

time Metoc Data

METOC

harts (authorities)

rts (commercial serv.)

oy Broadcast Service

y Management Service (AtoN)

Route planActive route

Route checks - suggestion - alertsmisation & negocationav: ice + shallow waters)

ion (optimization, revisioncident, hazard)

oute exchange

art Service - charts


t Service - forecasts


ort Information

ort Informationmercial services

TS Reportingo Route info task 4.6)

RS Reporting

emergency ea)

nitoring

se


of 91

elation to E2

Data Source

on-board adm

on-board adm

Shore Authoriti

Shore Authoriti

Shore Authoriti

Commercial en

Shore Authoriti

Commercial en

Smart Buoy

Off-shore installa

Ship

Shore AuthoritiVTS services

Commercial ProvPilot

, VTS services

Ship

Shore Authoriti

Commercial Prov

Shore Authoriti

Commercial Prov

Port authorities (not iPort organisatio

Commercial entPort organisatio

Ships sensors/deSmart Buoys sensors

Shore control sta

Shore Authorit

Ships

Ships

Data to


Tasks

eUs

(what eq(what e

min Shore A

min Shore A

ies Sh

ies Sh

ies Sh

ntity Sh

ies Sh

ntity Sh

y SOff-shore

ations A

Shore AVTS

S

iessvider S

s S

S

ies Sh

vider Sh

ies Sh

vider Sh

n Effic.2)ons Sh

titiesons Sh

evicess/devicesations

Shore AShipping

ies S

Sh

ShSh

be available electronica


sagequipment)endpoint)

Authorities

Authorities

hips

hips

hips

hips

hips

hips

hipsinstallations

AtoN

Authoritiescenters

Ship

Ship

Ship

Ship

hips

hips

hips

hips

hips

hips

AuthoritiesCompanies

hips

hore

hipshore

ally

om

Task 2.2 and relatioSince thcommunicFigure 9.

For each of charactsub-chaptIn the tabdenote thpossible a

and Task on to workhe on-bocation/serv

of the use-teristics ofters)

bles in the hat further at this time

2.4 have k on-going oard arcvices, Task

Figure 9

-cases in tf the comm

following cinvestigat

e of writing

in co-operin various

chitecture k 2.4 have

E2 Task 2.4 a

his larger tmunication

chapters thtion has to(April 2016

o

ration workE2 tasks.

also hproduced

added Servic

table, E2 Tinvolved i

here are qo be made6).


of 91

ked out a This list is ave to an additio

es and their u

Task 2.2 ann the serv

question me to achie


list of MSshow in Fisupport

nal set of

use cases

nd Task 2.vice (descr

arks severeve better


P’s, their igure 8.

other use cases

4 have defribed in the

ral places.guess tha

om

use cases

types of, shown in

fined a sete following

This is toan what is

s

f n

t g

o s

7.1 InteThere are

• Po• Mu• Bro

The table and the fo

7.1.1 PoWe have the sourceproviding communic

7.1.2 MuMulticast known andestinatio

7.1.3 BroBroadcastare not kThereforeThere aremessagesGeocasts known or Since broreport will

7.2 CybTo indicatare used.

• Aut• Co• Clie

The table Note that

eraction Te three inte

int to Pointulticast oadcast

in Figure ollowing su

oint to Poindefined the of commacknowle

cation.

ulticast is defined

nd the souon is provid

oadcast t is defineknown by e there are e several sus distribute

can be bnot. adcasts ca use the te

ber Securitte the leve

thenticatioonfidentialitent Authen

in Figure MSP desig

Type eraction/com

t (P2P)

10 shows tub-chapters

nt (P2P) he P2P co

munication iedgement

as a “one rce of com

ding acknow

ed as “onethe sourcnot guaran

ubsets of bed to a geobased on m

an be “filteerm broadc

ty el of cyber

on of informty (Encryptntication

10 shows cgn is still w

mmunicati

the interacs describes

mmunicatiis sure thaof recepti

to many” cmmunicatiowledgeme

e to many”ce and arntee that inbroadcastsographical multicasts

red” by vacast.

r security i

mation, incltion)

cyber secuwork on-go

o

on types:

ction types s the intera

on so thatat informatiion. TCP

communicaon is sure nt of recep

” communire not pronformations. E.g. geolimited areor broadc

rious cons

n the com

luding data

urity characing and he


of 91

involved inaction type

t the destinon is transis one ty

ation, wherthat inform

ption

ication, whoviding acn is transfecasts used

ea. casts, all d

straints, wh

mmunication

a integrity (

cteristics foence inform


n the varioes in more

nation endsferred, sinype of pro

re all destimation is tr

here the dcknowledgerred. d in literatu

depending

here geogra

n, the follo

(Digital sig

or the variomation is su


ous MSP usdetail.

d-point is knce the desotocol use

nation endransferred,

estination ement of

ure for MSP

if the rec

aphy is jus

owing char

ning)

ous MSP uubject to c

om

se cases

known andstination ised in P2P

dpoints are, since the

endpointsreception.

P denoting

ceivers are

st one, this

racteristics

use cases.hange.

d s P

e e

s .

g

e

s

s

VTS & SRS

Port Informatio

Ice Charts Services

Route data

Smart buoys

Sea Charts

Weather

Port Reporting

MSI & NM

Figure 10

Port Re(prior to

Port Re(prior to po

MSI

MSI & NM (

Real time

ME

Sea Charts

Sea Charts (co

Smart buoy Bro

Smart Buoy Man(At

RoutActive

RouteRoute info's - suRoute optimisat

(Ex. Arctic nav: ice

Route information (oincident

Route e

Ice Chart Se

Ice Chart Se

Ice Chart Serv

Ice Chart Serv

Port Info

Port InfoCommerc

VTS R(see also Rout

SRS R

Self-organizing emerg(Arctic area)

on

Emission Monitorin

UseCase

g

0 Use Case In

eporting port entry)

eporting rt departure)

& NM

(Hydro data)

Metoc Data

TOC

s (authorities)

ommercial serv.)

oadcast Service

nagement Service toN)

e plane route

e checkuggestion - alertstion & negocatione + shallow waters)

optimization, revision, t, hazard)

exchange

ervice - charts

ervice - charts

vice - forecasts

vice - forecasts

ormation

ormationcial services

eportingte info task 4.6)

Reporting

gency

ng

o

nteraction Ty

P2P

MulticasPoint to

many, witack.

X

X

X

X

X

X

X X

X

X

X

X

X

X X

X X

X

X

X

X

Interaction


of 91

pe and Cybe

t,o th

Broadcast,Point to

many, No ack.

Auth

(dsig

X

X

X

X

X

X

X

X

X

X

X

Type


r Security

enticationigital

gning)

Confidential(Encrypted)

X X

X X

X X

X X

X

X X

X

X X

X

X X (?)

X

X X

X X

X

X

X X

X X

X

X X

X X

X X

X X

Cyber Securit


l Client Authenticati

on

X

X

(X)

X

X

X

X

ty

om

7.3 LinkThe Link r

• Tra• Info• Tra• Lat

This is bathe commThe link reE2 Task 2options foThe table Note that

7.4 PrioFor use wcalling.

• Dis• Urg• Saf• Ro• Ge

The tablecases.

k Requirerequiremen

ansaction Formation sansfer per tency

asically to pmunication.

equiremen2.2, evaluaor commun

in Figure MSP desig

ority when prior

stress gent fety

outine eneral

e in Figure

ments nts are spl

Frequencysize per traday, per si

provide som

nts are not ating commnication in v11 shows tgn is still w

ritizing traff

11 shows

it into the f

y nsaction ite

me estima

as importamunication various scethe Link re

work on-go

fic, we hav

s the priori

o

following:

ates on req

ant in relattechnolog

enarios. equirementing and he

ve used th

ity for the


of 91

uired band

tion to devgies, but w

ts for the vence inform

he same d

communic


dwidth and

veloping arill provide

arious MSmation is su

definitions

cation in th


d accepted

rchitecture an unders

P use caseubject to c

as in GM

he various

om

latency in

as it is forstanding of

es. hange.

DSS DSC

MSP use

n

r f

C

e

VTS & S

Port Inform

Ice ChaServic

Route d

Smart b

Sea Ch

Weath

Port Repo

MSI & N

Figure

Po(prio

Po(prior t

MSI &

Real t

Sea C

Sea Char

Smart buo

Smart Buoy

A

RRoute info'Route optim

(Ex. Arctic na

Route informatinc

Ro

Ice Cha

Ice Cha

Ice Chart

Ice Chart

Po

PoCom

VT(see also

SR

SRS

Self-organizing e(Arctic are

mation

Emission Mon

arts ces

UseCas

data

uoys

harts

her

orting

NM

e 11 Use Case

ort Reporting or to port entry)

ort Reporting to port departure)

MSI & NM

NM (Hydro data)

time Metoc Data

METOC

Charts (authorities)

rts (commercial serv.)

oy Broadcast Service

y Management Service (AtoN)

Route planActive route

Route check's - suggestion - alertsmisation & negocationav: ice + shallow waters)

ion (optimization, revisioncident, hazard)

oute exchange





ort Information

ort Informationmercial services

TS Reportingo Route info task 4.6)

RS Reporting

emergency ea)

nitoring

se

o

e Link Requir

Transaction Frequency

I(p

Depend of Type of Operation1 per day ?

Depend of Type of Operation1 per day ?

Depend on info type & priority



On request

On requestOn event (change)

On requestOn event (change)

1 hOn event (alert)

On event

before leave berthon changeon demand

n, On eventOn request

1h

1h

1h

1h

On request

On request

On eventOn request

Depend on type of operation 1 per day?

On eventOn request


of 91

rements and

nformation Sizeper transaction)

(maximum)

Traper d

sk

32 x 1 K Byte 32 x 1

32 x 1 K Byte 32 x 1

1‐10 kByte

High data volumes> 1 Mb

?

< 1‐10 kBytes(images ?)

< 1‐10

<150 MB ? <20

?

< 1 kbytes < 1

< 10 Kbytes 10 K

250 bytes 1

1 Kbytes(may be more,

images ?)

1 KBytes 4

1 Kbytes(may be more,

images ?)

?

?

< 10 Kbytes 10 K

32x 1K Byte 32x 1

< 1 kByte < 1

Link Requirements


Priority

nsfer day per sitekB

Latency

1 K Byte

1 K Byte

?

1‐4 hours (?)

0 kBytesfew hrs to

several weeks

0 MBfew hrs to

several weeks

1 hS

Days

10 kB

KbytesFew mn to few

hours

1200

?

4800

?

?

?

KbytesFew mn to few

hours

1K Byte

kByteFew mn to few

hours


Priority(Distress,Urgent,Safety,RoutineGeneral)

Routine

Routine

Safety

Safety

Routine

RoutineUrgent (on event)



RoutineSafety (alert)

Safety

Routine


Routine

Routine

Routine

Routine

Routine

Routine


Routine

Urgent

Priority

om

7.5 CanThe candE2 Task 2

• Wi-• WiM• Ce• AIS• VD• MF• MF• Inm• Irid• VS• VD

For descremerging Figure 12larger exc

Smart buoys

Sea Charts

Weather

Port Reporting

MSI & NM

ndidate Caidate carrie2.2 are:

-Fi Max

ellular netwS/ASM

DE-TERR F/HF NBDPF/HF digitamarsat dium SAT DE-SAT

ription of thcommunic

2 show cancel sheet n

Port Reportin(prior to port en

Port Reportin(prior to port dep

MSI & NM

MSI & NM (Hydro

Real time Metoc

METOC

Sea Charts (autho

Sea Charts (commer

Smart buoy Broadca

Smart Buoy Managem(AtoN)

UseCase

arriers ers for the

works (2G,

P l data serv

hese, pleascations tec

ndidate carot suitable

Figure 12 Ex

W

ng ntry)ng arture)

o data)

c Data

orities)

rcial serv.)

st Service

ment Service

communic

3G, LTE)

vice (NAVD

se refer tochnologies.

rriers for se to include

ample Candid

Wi-Fi WiMAX

X X

X X

X X

X X

X X

X X

X X

o

cation to s

DAT)

o (E2-T2.2,.

some MSPe in this rep

date Carriers

Cellular networks(2G, 3G,

LTE)

AIS/ASM

X

X

X ASM

X

ASM

X

X

X

ASM

ASM


of 91

upport the

2016) An

P use caseport.

s for some MS

M VDE-TERR MN

X

X

X

X

X

X

X

X

X

Candidate C


various se

nalysis rep

s. The full

SP Use Cases

MF/HF NBDP

MF/HF digitadata service(NAVDAT)

Carriers


ervices, id

port on ava

list is ava

s

al e Inmarsat

(also C) Iridiu

X X

X X

X X

X X

X X

X X

X X

om

entified by

ailable and

ailable in a

um VSAT VDE-SAT

X X

X

X X

X X

X X

X X

X

X

X

y

d

a

7.6 BasThis chapenvisionecombinati The actuathis report

• (ACMa

• (AC• (E2• (E2

show a se

• Ma• Alm• Loc• Loc

It is judgeservice elthat cannoIn some oMCC and With a fewtop of the Figure 13 make useservices.

ic Commupter makesd serviceson can be

al design ot, however

CCSEAS, ariners SerCCSEAS, 2-T3.1, Ana2-T3.1, D3

et of basic

aritime Mesmanac cal Data Scal Lookup

ed that the ements of ot be standof the use-c

tailored cow exceptioIP layer (R

and Figure of the bas

unication an attemp by T2.4 inused to cr

f the variour, analysis

Service Dervice, 2015Service Dealysis repo.2 Concep

elements

ssaging

ervice p Service

on-board cthe MCC.

dardized incases, the omponentsns (AIS thrRFC1122,

re 14 showsic service

n Services pt to break n to basic create the c

us servicesof various

escription: 5) escription: ort on commptual Mode

in the MCC

componenOthers wil

n a similar specific se

s. rough VHF1989).

w how the vs, partly of

o

down the

communicacomplete se

s obviouslyservice de

Maritime S

Maritime Cmunicationl, 2015)

C:

ts for manll require fumanner aservices ma

F), it is ass

various serffered by th


of 91

services fration servicervice in th

y cannot bescriptions

Safety Info

Cloud, 201n and infra

y of the usurther tailos done for ay be imple

umed that

rvices in thhe MCC an


rom the MSces, that sihe Maritime

e predicted, such as:

ormation an

5) structure, 2

se cases caored web sethe MC an

emented as

all of the s

e MSP arend partly b


SP and theingle hande Cloud (M

d in the sc

nd Notice t

2015),

an be baseervice com

nd MCC. s a combin

services ar

e anticipateby tailored W

om

e future ded or in MC).

cope of

to

ed on the mponents

nation of

re built on

ed to Web

Sea Charts

Weather

Port Reporti

MSI & NM

Ice ChartsServices

Route data

Smart buoy

VTS & SRS

Port Informat

Port (prior t

Port (prior to p

MS

MSI & NM

Real tim

M

Se

Sea Charts (

Smart buoy B

Smart Buoy M(

RoAct

RouRoute info's - Route optimis

(Ex. Arctic nav:

Route informationincide

Route

Ice Chart S

Ice Chart S

Ice Chart Se

Ice Chart Se

Port I

Port IComme

VTS (see also Ro

SRS

s

ng

UseCase

a

ys

S

Self-organizing eme(Arctic area)

ion

Emission Monito

Figure 1

Reporting to port entry)Reporting

port departure)

SI & NM

M (Hydro data)

me Metoc Data

METOC

a Charts

(commercial serv.)

Broadcast Service

Management Service (AtoN)

oute plantive route

ute checksuggestion - alerts

sation & negocationice + shallow waters)

n (optimization, revision, ent, hazard)

e exchange

Service - charts

Service - charts

ervice - forecasts

ervice - forecasts

Information

Informationercial services

Reportingoute info task 4.6)

Reporting

ergency )

oring

13 Basic Com

Data Source

on-board adm

on-board adm

Shore Authoriti

Shore Authoriti

Shore Authoriti

Commercial en

Shore Authoriti

Commercial en

Smart Buoy

Off-shore installa

Ship

Shore AuthoritiVTS services

Commercial ProvPilot

VTS services

Ship

Shore Authoriti

Commercial Prov

Shore Authoriti

Commercial Prov

Port authorities (not iPort organisatio

Commercial entPort organisatio

Ships sensors/deSmart Buoys sensors

Shore control sta

Shore Authoriti

Ships

Ships

Data to

o

mmunication

eU

(what e(what

min Shore

min Shore

es S

es S

es S

ntity S

es S

ntity S

SOff-shore

tions A

Shore VTS

essvider

s

es S

vider S

es S

vider S

n Effic.2)ons S

itiesons S

evicess/devicestions

Shore Shipping

ies S

S

SS

be available electronic


of 91

Services for

Usageequipment)endpoint)

MM

Authorities X

Authorities X

Ships X

Ships X

Ships X

Ships X

Ships

Ships

Shipse installations X

AtoN X

AuthoritiesS centersShip

X

Ship X

Ship X

Ship X

Ships X

Ships X

Ships X

Ships X

Ships

Ships

Authoritiesg Companies

Ships X

Shore X

ShipsShore

cally


the MSP

MS Almanac LLS

X X X

X X X

X

X

X X X

X X X

X X

X X

X

X

X X X

X X X

X X X

X

X X X

X X X

X X X

X X X

X X

X X

X X X

X X X

?

Base Com


S LDS WEB

X

X

X

X

X

X

X

X

munication Service

om

B AIS

7.6.1 GeA web sertherefore JSON. ThThe term integratingstandardsto transferwhat serv

7.6.2 DaThe Data/shore or fsimply mehandled bthe qualityThe Data/data/file trdestinatio

Vessel tracking

Voyage Safety monitoring

Ro

Voyage efficiency monitoring

Vessel Performance

analysis

Ship’s system performance

M

Ship’s system performance

and maintenance

analysis

an

Cargo monitoring

V

Ship’s spares and logistics

Text Communication

eneric Webrvice is as a basic se

he service c"Web servg Web-bass over an Inr the data,

vices are av

ata Service/File Servicfrom shoreeans that thby a basic ry of service/File servicransport ca

on endpoint

Ship to S

Ship to Shore S

AIS

oute + Tracking + Safeconditions and

Tracking + Nav Data +dynamic ves

Consolidated data pacshore based performa

plannin

Monitoring of vessel syand alar

Consolidated data pacnalysis of vessels syste

maintenance

Volumes/weight, enviroetc.

UseCase

Figure

b Service defined by

ervice implecan be RE

vice" as gesed applicanternet proWSDL is u

vailable.

e ce is a bas to ship. Thhe size of request/rese providedce is envisian be initiats as well a

Ship

Ship to Ship

ety alarms + loading d stability

+ Fuel + static and ssel data

ckage needed for ance analysis and ng

ystem performance rms

ckage needed for em performance and

planning

onmental conditions

e 14 Basic Co

y W3C Weemented u

EST complinerally undations usinotocol backused for de

sic service he term larthe data tosponse we by e.g. VSoned to be

ated by speas other re

Data Source

Ships

Ship/Shore

Ship

Ship

Ship

Ship

Ship

Ship

Ship

Shore

Data to b

o

ommunicatio

eb Service using standiant or not.derstood, d

ng the XMLkbone. XMescribing t

that is ablerger conteno be transpeb service SAT, VDESe of a “bacecification equirement

U(what (wha

Sh

be available electroni


of 91

n Services fo

Architectudards such . describes aL, SOAP, WL is used the service

e to transpnt is a semported is ofin a robustS.

ckground” nof content ts to the pa

Usageequipment)t endpoint)

Ships

hip/Shore

Shore

Shore

Shore

Shore

Shore

Shore

Shore

Ship

ically


or MSP

re Workingas HTTP,

a standardWSDL and to tag the ds available

port larger cmi-undefinef a size that manner d

nature in thidentificati

articular tra

MMS Almanac

X

X

Base C


g Group, a HTML, XM

dized way oUDDI ope

data, SOAe and UDD

content froed measureat is too bigdue to the

he sense thion, sourceansport in a

LLS LDS

Communication Serv

om

nd ML and

of en P is used

DI lists

om ship to e. It g to be nature of

hat a e and a request

WEB AIS

X

X

X

X

X

X

X

X

vice

to the Datclient wheBoth sourcertain amcontent. The simplclient plusto the FTPthe client Several Sfor transpprovide arouts whenservices tSimilar meis to work

7.6.3 BroWe have acknowledstation trabroadcastIt is envisito “subscrchannel. For inspiraa referencthe Really In (ACCS(MMS) is a certain gfiltering ap

7.7 DatSince the MSP menhave provlanguage JPEG200Other worNotice to

ta/File Serven the transrce and desmount of st

lest implems a serviceP server anof complet

SATCOM porting largere that the n transportypically maethods shoacross VD

oadcast Mdefined brodgement o

ansmitting vt of data inioned that ribe” to the

ation to arcce to similay Simple S

EAS, Servdescribed geographicpplied on m

a Formatfirst versio

ntioned in cvided seveand allows0. rks, such aMariners S

vice, and tsport has cstination etorage cap

mentation o that enabnd the FTPtion and lo

providers aer data ammethods u

ting larger ake use ofould be conDES.

Message Soadcasting

of receptionvoiced fore

nformation for receive

e broadcas

chitectural ar broadcayndication

vice Descriusing geo

cal area. Tmessages

ts on of the (Ichapter 7.6ral additions for encod

as (ACCSEService, 20

hen the secompletedndpoints thacity, enou

of such a sles clients

P client to “cation of th

re offering mounts to/frused are odata amou

f advancednsidered w

Service g as a distrn. The servecasts via via availab

ers to be at stations,

design of st services (RSS), als

ption: Mar-casting, a

The basic Bbroadcast

HO, 2009)6 and the wns/extensioding langua

EAS, Servic015) and (A

o

ervice will t. hat supporugh to sup

service couto request

“get” the filhe transpo

file transprom the sh

overcomingunts, especd TCP spoowith respec

ribution of vice type isVHF radio

ble data exble to recesimilar to t

a Broadcas that haveso called W

ritime Cloua broadcasBroadcast

could also

) S100 stanwork in e-Nons to S10ages such

ce DescripACCSEAS


of 91

take care o

rt this servpport the pr

uld containt files to bele from theorted file.

port/synchrhip. The vag the problecially in areofing and vct to the MC

informatios similar to

o. The new xchange coeive broadctuning into

ast Message been devWeb Feeds

d, 2015), asting methoMessage So be a solu

ndard wasNavigation 00. S100 d as XML, G

ption: Marit, S-100 Pr


of the trans

ice must ofroviders an

a FTP sere transferree server an

ronisation slue added ems with laeas of poovarious typC data serv

n to multipo an autom

element hommunicatcast inform the specif

ge Serviceveloped fors.

a Maritime od addressService wittion here.

publishedprojects lik

defines a cGML, HDF

time Safetyroduct Des


sport and n

of course cond consum

rver and a ed from thend when do

services asthat these

atency andorer link quapes of comrvice, espe

ple clients wmated weathere is thattions chan

mation, theyfic VHF rad

, it is worthr the W3C,

Messaginsing receivth geograp

d, several wke the Monconceptual F-5, ISO 82

y Informatiscription: M

om

notify the

ontain a mers of the

FTP e source one, notify

s means e services d drop-ality. The pression.cially if it

without her t it is the nels. y will havedio

h to make namely

g Service ers within

phic

works on nalisa 1&2 schema

211 and

on and Maritime

Safety Infon the S1In generasuch as JenhancedIt is not inthat the arservices.

7.8 ViewTo be suranalysed

• • • • • • •

With the cthat analystakehold

8 StakThe Efficiecommunica sub-comrequiremeboard arc

formation / 00 standal, the XMLSON and B

d efficiency the scoperchitecture

wpoints fre that all afrom the v

Context FunctionaInformatioConcurrenDevelopmDeploymeOperation

current statysis. Thereer concern

keholdeenSea2 prcation frammponent suents for thehitecture.

Notice to rd. schemas BISON are

y. e of this doe must sup

for the difaspects areviewpoints

al onal ncy

ment ent nal

te of the defore a mor

ns as given

er Identroject has bmework for upporting te framewor

Mariners S

are the doe becoming

cument to port any of

fferent see considereas set out

efinitions ore intuitive n in chapte

tificatiobeen setupthe maritim

that framewrk, the wor

o

Service, 20

ominant weg increasin

define datf the data f

rvices ed for the sin chapter

of the varioapproach

er 10.

on p in such ame cloud, work. Sincerk of WP3 w


of 91

015) base t

eb service ngly used o

ta formats formats us

services der 6.

ous serviceneeds to b

a way, that and as suce WP3 muwill also pr


the data fo

data formaon the basi

further. It csed in the d

efined in M

es, it is too be applied

WP3 devech the on-bust collect irovide requ


ormats dev

ats althougis of claime

can be condefinition o

MSP, they h

early to cowhen ded

elops the board archnput and d

uirements f

om

veloped,

gh formats ed

ncluded of web-

have to be

onduct ucing

hitecture is develop for the on-

e

9 PersAn architethat are uthat requir The follow

• Low• Re• Cy

9.1 LowPresentlyas navigabased comand AIS. Within botsolutions Furthermosubstantiashould bewhich hassafe data With the elittle standarchitectuTo validatmap of theoverview.

9.2 ReqMany discarchitectu An Open

• Thefun

• Thedef

spectiveectural perssed to ensre conside

wing perspe

w impact Inequirementber Securi

w impact I, the stand

ation sensommunicatio

th the naviare still do

ore, it is noally, conside possible ts been put platforms.

existing madardizationures and thte the cande existing

quirementcussions caure means.

architectur

e architectnctionality e architectfined and p

es spective is

sure that a eration acro

ectives hav

ntegration t of an “opeity Conside

Integratiodardization ors in the IEon betwee

igation, autominant.

ot expecteddering bothto integrateinto estab

agnitude ofn, it is impohe existing didate archinstalled b

t of an “oan be initia This chap

re means:

ture suppo

ture is basepreferably

s a collectiosystem ex

oss a numb

ve been id

with existien” and haerations.

on with exof the on-

EC61162 sn sensors

tomation a

d that the ah the magne into the Mlishing and

f the instalortant to uninstalled b

hitectures uase to at le

pen” andated on whpter describ

rts easy ex

ed on funchave open

o

on of archixhibits a paber of the s

dentified to

ng infrastrarmonized

xisting infboard data

series of stand data u

and commu

advent of tnitude of thMaritime Cd maintaini

led base onderstand tbase. using this peast a top

harmonihat the requbes the as

xpansion w

ctional elemn source im


of 91

tectural acarticular sesystems a

be relevan

ucture andarchitectur

frastructua infrastructandards, tusers, suc

unication d

he Maritimhe installedCloud, but aing the pre

of on-boardthe gap be

perspectivelevel topol

zed archiuirement osumptions

with and im

ments with mplementa


ctivities, tacet of relatedrchitectura

nt for E2 T

d architecture

ure and arcture is mothat cover sh as RADA

domains on

me Cloud w base, whi

also the veesent effec

d data infraetween sug

e, it is impoogy and da

tecture of an open made in T

mplementat

interfacestion examp


ctics and gd quality pral views.

Task 2.4:

ure

rchitectuostly in areaserial and AR, ECDIS

n ships, pro

will change ich it in any

ery substanctive, efficie

astructuresggested ca

ortant to pata commu

and harmoTask 2.4.

tion of add

s that are pples.

om

guidelines roperties

re as such network

S, VDR

oprietary

this y case ntial effort ent and

s with very andidate

roduce a unications

onized

ditional

publicly

Harmonizproperties Context pHarmonizFunctionaHarmonizInformatioelements.HarmonizOperation Note, thatbe standa

9.3 CybThe Cybedo so, as of securitysociety on The only s(IEC6116 Europeananalysis opolicies an Currently,on the are BIMCO ha(BIMCO, 2Intercargo American applicatioThis note Both BIMCsecurity, a The originElectrotec

zed architecs are define

properties dzed contextal propertiezed functiononal proper.

zed informanal properti

t the aboveardised.

ber Securiter Security

the world oy breachesn land, sea

standards 2-450, 201

n Network aof cyber send recomm

, there are ea.

as in Janua2016). Theo and Inter

Bureau ofn of cyber is indicate

CO and ABas well as t

nal and ongchnical Com

cture meaned by exist

describe hot properties

es describenal propertrties descr

ational propies describ

e does not

ty Considstandardsof intercons and their a, air and s

found, tha11) and (IE

and Informecurity aspemendations

suggestio

ary 2016 pe guidelinertanko, and

f Shipping security p

ed to be the

BS are refethe ISO/IE

going workmmission i

ns that its ting and / o

ow architecs then mea

e the functities then mribe what in

perties thebe how the

mean that

derations area is co

nnected IT effects arepace.

t relate dirEC61162-4

mation Secuects in the s in the Ma

ns to IMO

published Ges are prodd several o

(ABS) hasrinciples toe first in a s

erencing thEC 27000 s

k of the ISAin producin

o

context, fuor upcomin

ctural eleman: use of ion of arch

mean: requnformation

en mean: se architectu

t e.g. all fu

omplex andsystems a

e continuin

rectly to cy460, 2015).

urity Agencmaritime s

aritime Sec

and work

Guidelines duced and other organ

s February o marine aseries.

he NIST sestandards.

A99 commng the mult


of 91

unctional, inng areas fo

ments interstandardisitectural el

uirement of is exchan

tandardiseure will be o

nctionality

d growing, and devicesng to provid

ber securit.

cy (ENISAsector, cleactor. (ENIS

initiated fo

on Cyber supported

nisations an

2016 pubnd offshore

eries of sta

ittee is beiti-standard


nformationor standard

act. sed protocoements.

f standardisged betwe

ed data formoperated w

of the arch

and will prs are devede a sourc

ty on-board

) has prodarly identify

SA, 2011)

r producin

Security Oby BIMCO

nd compan

lished a gue operation

andards rel

ng utilizedd IEC 6244


nal and opedisation.

ols.

sed functioeen archite

rmats. when active

hitecture n

robably coeloping. Thce of risks t

d are the

uced a repfying the ne

g recomm

On-board SO, CLIA, ICnies.

uidance nons (ABS, 2

lated to cy

d by the Int43 series. A

om

erational

onality. ectural

e.

needs to

ntinue to e history to our

port on eed for

endations

Ships CS,

ote on the 2016).

ber

ernational Although

not a specAutomatio– Informasystems –security th IHO has cbe the basDPSWG) for 2018 pto include Since the strategy fostandardssystems acontrols, lcommunic The requi

In Figure have diffestakehold In (MARINdiscussedcarriers an

cific maritimon and Contion techno– Requiremhreats in th

created andseline for aare draftin

publishing.e placehold

work on cor Task 2.4s and recomareas alongike use of cation.

red securit

Figur

15 the threerent requirers.

NTECH, 20d. Partly asnd partly a

me standantrol Systeology – Se

ments, bothhe maritime

d maintainall IMO e-Nng cyber se The S-100

ders for dig

cyber secur4 is to basemmendatiog with comfirewalls, g

ty levels de

re 15 Three a

ee areas, Srements fo

009) securs a summaa discussio

rd, the ISAems (IACS)ecurity techh of which e context.

ns the baseNavigation.ecurity to b0 metadata

gital signatu

rity will bee the cybeons, as we

mmon IT prgateways,

epend on t

reas with diff

Safety relaor control o

rity issues rary classificn of some

o

A/IEC 6244) Security ahniques – Iare releva

eline S-100. Within IHbe includeda will alreaures.

on-going ier security cell as standractices forauthentica

the on-boa

ferent Securit

ted, Commof cyber sec

related to scation of diremedial a


of 91

43 series aand complnformationnt to the re

0 standard HO two wod into the Sady amend

n the timefconsiderat

dards applier implemenation, autho

ard function

ty requireme

mercial/Buscurity and

ship to shoifferent typactions tha


addresses ements IS

n security mesponse to

which is srkgroups (

S-100 baseed for edit

frame of Eftions on theed in the IT

ntation of riorization a

nal areas.

nts (SINTEF,

siness andsimilarly d

ore commue of satelli

at can be ta


Industrial SO/IEC 270managemeo potential

selected by(S100WG aeline most tion 2.1.0 p

fficienSea2e above mT and Conisk mitigatind encrypt

2005)

d Entertainifferent

unication isite commuaken.

om

001:2013 ent cyber

y IMO to and probably

publishing

2, the mentioned

trol ion ted

ment

s nication

In Figure different lestandard tthe (IEC6functional

9.3.1 UsThe directcommunic

• Discouaga

• Thereq

However, communic

• Ro• Sta

info• The• Ow

ma

9.3.2 UsBoth ABSmanagemThe frame

16 a typicaevels of sethat specif1162-460,ity and is t

er Needs t requiremecation and

sruption of uld affect aainst Cybee level of pquired for t

the consocation and

ole based aandardizedormation ae infrastruc

wnership ofanaged

ing the NIS and BIMCment. ework amo

Figure 16 Ty

al security ecurity requfies a firew 2015) whethen called

describedents extracinfrastruct

infrastructa large poper Security protection shose syste

olidated listinfrastruct

access cond function(sare neededcture mustf informatio

IST FrameCO discuss

ongst other

ypical Securit

implementuirements

wall to use fere the fire

d a 460-Ga

d by E2, Wcted from tture, 2015)

ture functiopulation of risks should be ems that de

t of user neture, 2015)

ntrol (authes) for valida

t provide ston element

ework for Is the use o

rs contains

o

ty Implement

tation is share separafor on-boarewall functiateway.

WP3 the conclus) are the fo

ons due to users, and

at least eqepend on t

eeds in (E2) has the fo

entication aation of au

tandardizets, and aut

Improvingof the NIST

s the four e


of 91

tation (MARIN

hown. The ated using rd securityionality is c

sion in (E2ollowing:

hacking od thus such

quivalent tothe infrastr

2-T3.1, Anollowing cy

and authoruthenticity a

ed means tthorization

g Critical IT framewor

elements:


NTECH, 2009)

different sfirewalls. S

y control hacombined w

2-T3.1, Ana

r other typh services

o the level ructural fun

alysis repoyber securi

isation) and integri

to support to pass it

nfrastructrk for cybe


)

sections wiSince 2009as emergedwith a gate

alysis repo

pes of cybeshould be

of protectinctions.

ort on ity related

ity of trans

encryptionon must b

ture Cyber security r

om

th 9, a new d, namely eway

ort on

er-attacks protected

on

needs:

ferred

n of data e

rsecurityrisk

• Ideasseeffecritprioof oGov

• Proinfra poAccPro

• DetcybExaCon

• Rescyb

9.3.3 CyRisk identoperationsIt is imporunderstan Many diffeon-board

• Ba• De• Dir• Eav• Sp• Tam• Info• Priv• Exp• So• Ma• Ide• Pa

entify – Devets, data, anective use oftical functionoritize its effoutcome Catvernance; Rotect – Deverastructure sotential cybecess Control

ocedures; Matect – Develbersecurity eamples of ountinuous Mospond – Devbersecurity e

yber Securtification iss and datartant to addnd what thr

erent Cybearchitectur

ckdoors enial-of-Serrect-accessvesdroppinoofing mpering ormation Dvilege Escploits cial Engine

alware entity Theftssword Att

velop the orgd capabilitief the Framewns and the re

fforts, consistegories with

Risk Assessmelop and impservices. Theersecurity evl; Awarenesaintenance; lop and impevent. The Dutcome Cateonitoring; anvelop and im

event.

rity Risk Ids the procea and the pd that the preats that i

er Security re are liste

rvice s ng

Disclosure calation

eering

t tacks

ganizational es. The activwork. Underelated cyberstent with itshin this Fun

ment; and Riplement the e Protect Funvent. Examps and Trainiand Protectilement the a

Detect Functiegories withind Detectionmplement th

dentificatiss of deter

possible ouprocess incs relevant.

threats exed here.

o

understandivities in the Irstanding thersecurity risks risk managnction includisk Managemappropriate

unction suppples of outcoing; Data Seive Technolappropriate aion enables in this Func

n Processes. he appropriat

ion rmining ris

utcomes cludes und.

xist and ne


of 91

ing to managIdentify Fune business cks enables angement stratede: Asset Mament Strateg safeguards orts the abilome Categorecurity; Inforogy. activities to timely discotion include

te activities

ks that cou

derstanding

w are appe


ge cybersecunction are foontext, the rn organizatiegy and busianagement; Bgy.

to ensure deity to limit ories within thrmation Pro

identify the overy of cybe: Anomalies

to take actio

uld potentia

g vulnerab

earing. A f


urity risk to oundational fresources thion to focus iness needs.Business En

elivery of cror contain ththis Functionotection Proc

occurrence bersecurity es and Events

on regarding

ally impact

ilities and

few relevan

om

systems, for at support and . Examples nvironment;

ritical he impact ofn include: cesses and

of a events. s; Security

g a detected

t system

to

nt to an

f

It is advisasources o

• UnThr

• http• ii) U• http• http• iii)

ConSP

• http• iv)

Lan• http

env201

9.3.4 Mit

9.3.4.1 MSome equprovided bcommunic Here we c

• 611equpub

• “Lethestacon

9.3.4.2 UThe 460 nbe preferacloud. Theaccessed uncontroll

able to useof threat inf

ited States Nreat Informap://csrc.nistUnited Statep://www.dhp://www.dhUnited Stat

ntrolled Un800-171, Ju

p://nvlpubs.European Undscape 201ps://www.evironment/14/at_dow

tigation of

Mission criuipment wiby the Marcating with

can identify

162-460 couipment is blished recegacy” eque Maritime atus of safenfigured fo

Uncontrollenetwork proable to alloe Maritimefrom an u

led networ

e Threat Information:

National Insation Sharin.gov/publices Departm

hs.gov/topichs.gov/topictes Nationa

nclassified Inun 2015. .nist.gov/nisUnion Agen14, Jan 201enisa.europ/enisa-thre

wnload/fullR

f Cyber Se

itical equipithin the naritime Clou such equi

y two extre

ompliant every rare t

cently. uipment coCloud ava

ety and secor this purp

ed equipmovides sec

ow the conne Cloud is sncontrolled

rks include

ntelligence

stitute of Stng, SP 800-ations/draft

ment of Hom/informatio/cybersecurl Institute o

Information

stpubs/Specncy for Netw5. pa.eu/activat-landsca

Report

ecurity Ris

pment avigation syd. IEC-611ipment.

emes in the

quipment itoday due

nnected inailable for thcurity. A fiose.

ment curity but anection ofsupposed td network.

o

(ABS, 201

tandards and-150, Draft,ts/800-150/s

meland Secuon-sharing rity-informaof Standards

in Nonfede

cialPublicatwork and In

vities/risk-mape/enisa-t

sks using

ystem, for 162-460 de

e range of

inside a futo the fact

n legacy nehis equipmrewall dev

also placessome nonto provide Examples


of 91

16) by cons

d Technolog Oct 2014. sp800_150_

urity, “Inform

ation-sharins and Techneral Informa

ions/NIST.Snformation S

managemethreat-land

460-Gate

example, efines a sta

available e

lly compliat that the -4

etworks. It ment withouvice like the

many rest-critical eqcybersecu

s of applica


sulting and

gy (NIST),

_draft.pdf mation Shar

ng nology (NISation System

SP.800-171Security (EN

ent/evolvinscape-

ways

will requireandardized

equipment

ant 460-net460 standa

should be ut degradine 460-Gate

trictions. Inuipment di

urity, so it cations that


d monitor t

Guide to Cy

ring,” curre

ST), Protectms and Orga

1.pdf NISA), ENI

g-threat-

e access tod solution f

t:

twork. Sucard has be

possible tong their cueway could

n some casirectly withcan be safecould be u

om

he various

Cyber

ent.

ting anizations,

ISA Threat

o data for

ch en

o make rrent

d be

ses it may h the ely used in

s

• e-N• Ap• Ap

Uncontroldirect con From the ConnectioGateway, (DMZ) to The use cdata (e.g. equipmen Two ways

• Mofromeveof t

• SetDeeasnet

The latter defined inhand, the

9.3.5 DeThe on-boThe only a2015) stansystem lothe mentio The architpredict thetemporary

Navigation plication foplication fo

led equipmnnections s

point of vieon between

by settingtransfer da

cases are b automated

nt in uncon

s to use the

ove files recm equipmeen by meathe marinet up autom

efine a metsily (or auttworks.

r method isn advance.

former me

etect and Roard architavailable bndards. Thg informatoned stand

tecture mue nature ofy isolation

prototype or browsingor managin

ment may usuch as HT

ew of 6116n such a n

g up an appata files.

basically red reports).trolled netw

e files insid

ceived froment inside tns of remo

er comparematic transfhod or contomatically

s preferableIt is more

ethod will a

Respond ttecture neebuilding blohese, amonion. To supdards.

ust providef the requirof safety c

display terg Maritimeng subscrip

use the DMTTPS.

62-460, theetwork andplication se

eception of Interactivworks.

de 460-net

m the Clouthe 460 neovable meded with currfer of data nvention to) found an

e, and not difficult to

always be a

to Cyber Seds to enabocks are thngst otherspport detec

means forred responcritical netw

o

rminal e Service Pptions to se

MZ inside 4

e maritime d 460 netwerver within

f data (e.gve commun

twork:

ud manualletwork. Thidia. It will wrent practicfrom the C

o organize d accesse

difficult to make it exavailable a

Security Bble functio

he (IEC611s, contain rcting breac

r respondinnses. Shortworks.


of 91

Portfolio Reervices of t

460-gatewa

cloud is aworks is pon the gatew

. chart updnication ne

y into the Ds can be d

work, but itces.

Cloud to thedata in thed from the

do if the dxtensible foas a fall-ba

Breaches ns to detec62-450, 20requiremeches, the a

ng to secut term resp


egistry the Maritim

ay, but the

n uncontrossible throway's dem

dates, MSI)eeds can p

DMZ, and done by net will not re

e DMZ throe DMZ such equipmen

ata to be tor new servack.

ct cyber se011) and thnts for equ

architecture

rity breachponses wou


me Cloud

ey could als

olled netwoough the 46ilitarized z

) and sendperhaps be

then accesetwork acceeduce the w

ough netwh that it ca

nt inside 46

transferredrvices. On t

ecurity breahe (IEC61uipment to e must the

hes. One culd e.g. inc

om

so use

ork. 60-one

ding of left to

ss them ess or workload

work. an be 60

d is well the other

aches. 162-460, provide n support

cannot clude

In many ccomponenrequired t In summaconfigurat

9.3.6 CyGiven, theneeds idethe availaThe Archimust cont This could

• Pla• De• De

elema

Making us

cases, the nts and eso update t

ary, the arction and so

yber Secure perspectentified in (able standatectural Catain sufficie

d be achiev

acing (IEC6escribing Gescribing stements andaritime clou

se of the N

long term rpecially thhe softwar

chitecture moftware/firm

rity Concluive “RequiE2-T3.1, A

ards for secandidates ent Securit

ved by:

61162-460Gateway funtandardized between ud.

NIST appro

responsese Firewall/re/firmware

must allow mware.

usion rement of

Analysis recurity risk mneeds to bty control m

0, 2015) Firnctionality d methodsarchitectu

oached des

o

s require co/Gateway ce of the co

w for efficien

an “open” port on comitigation, be validatemechanism

rewall/Gatethat enabl

s to encrypral elemen

scribed in c


of 91

onfiguratiocomponenmponents.

nt and safe

and harmommunicatisuch as (Id against C

ms to enab

eways at ses use of r

pt communnts and the

chapter 9.3


n updates ts. In other

e update of

onized archon and infrEC61162-Cyber Secle mitigatio

strategic plrole basedication bet

e off-board

3.2 in the v


of the netwr cases, it

of compone

hitecture” frastructure-460, 2015curity threaon of the ris

aces in thed access cotween archelements

validation.

om

work is

ent

, the user e, 2015), 5), ts and sks.

e topologyontrol hitectural in the

10 StaThis chaprequireme

10.1 WPAnalysingthat it con

keholdpter describents for the

P3 User Neg (E2-T3.1,ntains a set

er Concbes the rese recomme

eed analy Analysis rt of consol

cerns (Rsult of analended on-b

ysis report on cidated list

o

Requirelysis of Staboard arch

communicaof user ne


of 91

ments)akeholder iitecture.

ation and ineds. See


nput to dev

nfrastructu


velop a se

ure, 2015)

om

et of

reveals

Appendix The follow

• The• MC• T2• Arc

Se• Me

Me• Me

(Lo• Me• Arc

(sin• Arc

com

10.2 ReqThis chaprequiremeimplemenPlease nonot mean mark a re The segm

• • • •

In (Rødse17). The fdescriptioand the sesegmenta

A.

wing list is t

e ArchitectCC must be.3 Roaminchitecture mrvice

essage Traessaging Sessage Traoss of Servessage Trachitecture tngle point ochitecture mmmunicatio

quiremenpter analyseents that wntation of thote that thro

requiremequirement

mentation o

PrioritisatAvoidanceCyber SecAllowing d

eth, Christefollowing c

on of the layegmentatio

ation requir

the set of d

ture must be present ag must be must supp

ansport ProService) ansport Provice) ansport Protopology mof failure) amust suppon must no

ts deducees a typica

will enable phe requiredoughout th

ent originatfor the rec

of the on-bo

ion of traffie of congecurity risk different lev

ensen, & Lhapters anyered abston on eachrements.

deduced re

be able to as AE present asort distribu

otocol mus

otocol mus

otocol musmust not byareas. ort offline oot be affec

ed from Aal network proper cybd classes ohis chapterting from acommende

oard netwo

ic accordinestion (overmitigationsvels of sec

ee) layerednd networktraction. Hoh layer are

o

equiremen

support st

s AE ution of bro

st support r

st support c

st support ey method o

or "silent mcted by on-

Analysis ostructure o

ber securityof servicesr, when thea resolutioned architec

ork is steer

ng to imporrloading) s curity

d network k segmentaowever, thbeing disr


of 91

nts for the o

andardized

oadcasts m

reception o

compressio

encryptionor impleme

mode" requline/off-line

of typical non-board ay risk mitiga from the m

e term REQn or standacture to be

red by requ

rtance

architectuation, doeshe specific regarded d


on-board a

d encryptio

made by Ma

of acknowle

on and con

ntation cha

uired functie state

network ta ship, and ations as wmaritime seQUIREMENard, but a nproposed

uirements

re is beings not contrause of VPNue to abov


architecture

on protoco

aritime Me

edge (Mar

ntinue afte

ange state

ionality. I.e

topology proposes

well as alloervice portNT is notednotation usby this rep

for:

g presentedadict the geN and Gatve mention

om

e:

ls

essaging

ritime

r LOS

e of SPOF

e. Inter AE

ow for tfolio. d, it does

sed to port.

d (Figure eneral eways

ned

In this ana

• Acc• Ad• Sh

In (SINTEnot found The Navigcontrol of ensure thenavigationGateways

10.2.1 TraControllinthat e.g. sadministraAttacks. For the paable to disdecisionsas mitigatDenial of

Fig

alysis, the

commodatministratioip Operatio

EF, 2005), d.)

gation and each dome networksn system as – or by de

affic Segmg segment

safety relatative traffic

art of the trstinguish th. Separatintion. If VLAService At

gure 17 Layer

following d

tion (Crewon on

Security re

Automatiomain’s intern

s are not cand automaedicated s

mentation tation of trated traffic isc – or pass

raffic that ishe origin/dng the netwAN’s are usttacks with

red network a

domains w

, Passenge

equirement

on systemsnal networongested. ation systeerial lines

affic to/froms not suffe

senger traff

s to be rouestination

work domasing the saorigin from

o

architecture (

will be used

er and Info

ts are bein

s are requirk is cruciaTypically t

em (engine62162-1 a

m the diffeering from nfic and to r

uted to/fromof the traff

ains by usiname physicm e.g. Pas


of 91

(Rødset, Chri

d:

otainment)

ng discusse

red to be sl - both for there are in

e) sometimnd -2

rent domanetwork coreduce sec

m shore, thfic to be abng VLAN iscal connectsenger net


istensen, & L

ed (Error!

separate dsecurity re

nterconneces by usin

ins is vital ongestion dcurity risk o

he T2.3 roable to makes often mistion, it will t.


Lee)

Reference

omains wheasons anctions betwg -450 and

– both to edue to loweof Denial o

aming neede the right stakenly benot mitigat

om

e source

here full d to

ween e.g. d -460

ensure er priority f Service

ds to be roaming

eing used te risk of

Due to thiseparate p

• Acc• Ad• Sh

10.2.2 CoQuality of controlledChapter 7service reservices, quality of Today, theaccountinquotas forcommunicavailable transfer ofspecific ac To be ablescenariosVSAT covbandwidthT2.3 RoamService apgiven time An idea oService atcould be uIt could pausers). It might alimplemen It can be ccontrol of

s, there is physical po

commodatministrativip operatio

ontrol of Qf Service (Qd. 7.3 Link Reequirementin the domservice tha

e SatCom g, where mr users andcation linksquota, banf data and ccount in t

e to contros varying froverage andh constrainming functpplicationse, to be ab

riginating fttributes cautilized. artly be im

lso be anticntation in m

concluded Quality of

a REQUIRorts and ne

tion (Crewe networks

on network

Quality of SQoS) for co

equirements to the co

main of vesat can be p

providers managemed for M2M s, if we focndwidth anthen just g

the given c

ol and provom poor q

d all the wants with Witionality thas need to hle to make

from SatCoan be assig

plemented

cipated thamany of the

that it is RService.

REMENT tetwork seg

, Passenges

ks (Safety

Service ommunicat

nts and 7.4ommunicatsel monitoprovided by

offer servient can concommunic

cus on M2Md priority. Tget the actcommunica

vide the apuality in thay to excel-Fi and GSat can implhave knowle the right d

om providegned, acco

d by T2.3 R

at the MC/e MSP app

REQUIRED

o

that the Effgments for

er and Info

related)

tion to/from

4 Priority prtion links fooring and Vy the comm

ces that hantrol allocacations. In M accountsThe M2M tual qualityation scena

propriate qe arctic arelent quality

SM 3G/LTElement thisledge of thdecisions w

ers, havingompanied w

Roaming an

MCC couldplications in

D that the a


of 91

ficienSea2:

otainment)

m the MSP

rovide an ior the varioVTS servicemunication

ave user aation of banthis scena

s, are not pclients nee

y of serviceario.

quality of seas to highy with veryE, it is envis on its owhe availablewhen comm

g M2M accwith a QoS

nd partly b

d centralizen the M2M

architecture


Task 2.3 r

P services n

ndication oous servicees, adaption links, will

nd machinndwidth, prario, the clieprovided wed to atteme that can b

ervice in thh quality ary low latencsioned than. The eleme quality ofmunication

counts to wS managem

by the appli

e functionamode

e supports


roaming m

needs to b

of the quales. For somon to the acbe require

ne2machinriority and ents (users

with informampt connecbe provided

he commureas with gcy and lowat it is not oments of thf service an is require

which Qualiment funct

ications (M

ality that co

s implemen

om

must have

be

ity of me of the ctual

ed.

e data s) of the ation of ction and d for the

nication good

w only the he t any

ed.

ity of ionality,

M2M

ould ease

ntation of

10.2.3 ShThe ship o

• Aut• Na• Saf

10.2.3.1 There ma

• En• En• Ca

In many csuppliers connectedother systfollows (IE The operaGateway/Denial of Further it functional It is REQUIEC61162automatioThis is durequire all

10.2.3.2 The navigRevised P(MSC.86(and the IE Most navithe (IEC6Integrated The (MSC

ip Operatoperation n

tomation Navigation fety, Secu

Automatay be multip

gine Automergy Autom

argo Autom

cases, e.g. of the systd to that netems as thEC61162-4

ation netwoFirewalls, Service Atis REQUIRity specifie

UIRED tha2-460 Gateon networke to the pelowing end

Navigagation netwPerformanc(70), 1998)EC standar

gation netw1162-450,d Navigatio

C.252(83),

ion netwonetworks c

Networks

rity and Su

tion Netwople Automa

mation mation

mation

these autotems only getwork. The means o450, 2011)

orks are Rthus protettacks. RED to imped by the s

at the architeway, to avk. erspective dpoints for

tion Netwwork is govce Standar) rds coverin

works are 2011) form

on Systems

2007) requ

orks can be divid

upervision

orks ation Netw

omation neguarantee e supplier

of commun.

EQUIREDcting each

plement intstandard.

tecture allovoid direct

of easy intcommunic

work verned by trds for Inte

ng the Integ

proprietaryms the bass.

uire interfa

o

ded into cl

works on-bo

etworks arefunctionalmay speci

nicating wit

D to be seph network fr

terface to t

ows for usecommunic

tegration ocation to be

the IMO Reegrated Na

grated Nav

y solutionsse and dire

acing to the


of 91

asses, suc

oard a ves

e part of a ity with theify and delh the syste

arated usinrom unwan

the networ

e of proxy cation to en

of the recome inside the

esolution (avigation S

vigation Sy

s, normally ection for th

e Central A


ch as:

sel, such a

closed syse supplier diver Interfaem. Somet

ng IEC611nted acces

rk functions

services andpoints at

mmended e protected

MSC.252(8ystem, the

ystem.

based on he network

Alert Manag


as:

stem wherdelivered eaces (Gatetimes the n

62-460 ss and aga

s via the G

as part of tht entities in

architectud network.

83), 2007)e original

Ethernet. k used in n

gement sy

om

re the equipment eways) to network

ainst

Gateway

he nside the

re that will

) The

However, new

ystem.

To protecSecurity TREQUIRE

10.2.3.3 Safety, Seobtain SafThese netlevel. Thisleading toThese netAccess to460, 2015(MSC.147

10.2.3.4 For type aUsually upthe appro For other It is REQUand firmwable to deallow for fOf courseencryption It is REQUautomated

10.2.4 AdThe ship aand passetypically husing dedremote off It is REQUinternet viThis prevecompany

t the NavigThreats, anED that the

Safety,ecurity andfety and Stworks ares means tho a very lowtworks are

o and from 5) Gateway7(77), 2003

Firmwaapproved epdate on thpriate verif

types of eUIRED tha

ware/softwaeploy Gatewfast reactioe, the connn, authoris

UIRED thad deploym

dministratiadministraenger interhas ability tdicated VPNffice to the

UIRED thaia VPN to sents need network.

gation Netwnd to ensure network i

Security d Supervisiecurity on-

e assumed hat any riskw level of re REQUIRE

these are y/Firewalls3) Revised

are/Softwaequipment,his type of fication of f

quipment, at the architare on certway/Firew

on to securections, anation and a

at the architment of conf

ive Netwotive networnet and froto connect N connectishore bas

at the on-boshore and to manage

work and thre conforms protected

and Supeion Networ-board the to be prote

k assessmisk for thesED to be keREQUIRE ensuring c Performa

are update, the standequipmenfunctionalit

various mtecture supain types oall configurity threatsnd the itemauthentica

tecture mufiguration/f

rks rk is REQUom Safety to shore o

ion and thaed networ

oard adminthrough sh

e a multitud

o

he Integramance to thd by (IEC6

ervision Nerks are impvessel.

ected froment of the se networkept separa

ED to be keconformannce Stand

e of equipdards definnt cannot bty after up

ethods of fpports easof equipmerations rap.

ms providedation using

ust allow fofirmware a

UIRED to brelated do

office netwat on-boardk.

nistrative nhore basedde of mobi


of 91

ted Navigahe performa61162-460,

etworks plementing

m cyber secship netwo

ks. ate from allept under snce to the Iards for a

ment on te the procee done witdate.

firmware/ssy and rapient. Especpidly and in

d in the updigital sign

or implemeand softwar

be a separomains. Thork. It is Rd administ

network ond companyile (on-boa


ation Systeance stand, 2015) Ga

g communi

curity threaork should

other netwstrict controMO ResolShip Secu

the operatedures andthout huma

oftware ded deploymially an orgn a comple

date must natures.

entation of re.

rate domaie administEQUIREDrative netw

ly has cony firewall. ard) firewal


em from Cydards, it is ateway(s).

ication nee

ats on the hresult in m

works. ol using (IElution urity System

tive netwod methodsan interact

eployment ment of conganisation etely safe m

be secure

services fo

n – both frtration netw

D that this bwork consid

nection to

l entries to

om

yber

eded to

highest mitigations

EC61162-

m.

orks s to follow. ion and

exist. figuration should be

manner, to

e using

or

rom crew work be done dered as

the public

o the

Few gatewmaintain a One can ton one veothers. In this casdedicated In cases wcollect infoIEC61162administra

10.2.5 AcInfotainmeprovide onnetworks priority. Since the network aon the vesSeen fromdomain of To protecAttacks orroaming dPassengestandard sAttacks. The Passoften therBYOD req450 netwo The Pass

10.3 DedFor compobvious re

ways/firewand contro

think of exaessel and e

se, the samd VPN conn

where it is ormation fr

2-460 Gateative netwo

ccommodaent, Passen-board seon a vesse

type of traare not conssel.

m other netf the public

t the T2.3 riginated frdevice imper network specifies th

enger/Crewre is a needquires DHCorks.

enger/Crew

duced, Asleteness oequiremen

walls betweol and thus

amples of each requir

me principlnections to

needed throm the Sheway/Firework.

ation (Infoenger and cervices sucel, the traff

affic that is ntrolled, it is

tworks on tc internet.

roaming arom the Palements deis isolatedhe requirem

w network d to allow fCP (Dynam

w network

ssumed aof the set ofnts.

en the secless prone

multiple opring an adm

e of separao respectiv

at equipmehip operatio

walls config

otainment,crew netwoch as e-mafic to/from

generateds REQUIR

the vessel

nd the restassenger/Cetection an using a IEments nee

cannot befor BYOD (

mic IP Addr

may be im

nd/or obvf requirem

o

cure and noe to risks d

perators (cministrative

ation and rve shore ne

ent on the on network

gured to all

, Passengork provide

ail and medthis netwo

d by the eqRED to be c

, the passe

t of the shiCrew netwond protectioEC 61162-4eded for pro

e implemen(Bring Youress alloca

mplemente

vious Reqents, this c


of 91

on-secure due to mist

companiese network

remote offietworks are

administrak. It is REQlow for con

er and Crees connectdia streamirk are requ

quipment ccompletely

enger netw

ip network ork, it is REon against 460 Gatewotection ag

nted as anur Own Devation) – wh

d as wirele

quirementchapter sta


domains aakes.

) with sepaon-board s

ice is requie required.

ative netwoQUIRED thntrolled con

ew networtion to the ng. Compauired to be

onnected ty separate f

work is to b

from DeniEQUIRED such attac

way / Firewgainst Den

IEC61162vice). ich is not a

ess 802.11

ts ates a set o


are easier

arate resposeparated

ired. I.e. m.

ork has abhat this is dnnections f

rk) internet anared to the

e given the

to the passfrom other

be conside

ial of Servithat eithercks, or the

wall. The -4nial of Serv

2-450 netw

allowed in

1 networks

of assume

om

to

onsibilities from the

multiple

ility to done usingfrom the

nd may e other lowest

senger r networks

red as the

ce r, the

460 vice

work, since

61162-

.

d and/or

• E2 • SA• E2

10.3.1 CoArchitectuconfiguredship.

10.3.2 OpRegulatiosystems aaccordingoperationa The functiand a com Imagine ifin place. today. The AIS fuservice) a Since the and data fAIS functiIt would ahappen vi With the cAIS would With the cexchangeand implerisks. It shuncertain Since the unit wouldWith connsystem wo

Task 2.1 VAT Broadba

Task 2.3 R

oncurrencyure must sud prioritisa

pening disn 19 of SOand equipmg to ship typal use of s

ion of the Ammunicatio

f the architThen imple

unction woand the oth

(RFC1122formats aronality wit

also very quia VHF cha

current sugd very quic

current suge on some ementing bhould be noand clarific

IP data exd be pronenections onould be in

VDES Comand must bRoaming m

y upport contion and al

scussion oOLAS Chapment - setspe. Resoluhipborne a

AIS can beon of AIS d

tecture andementation

ould quicklyher would b

2, 1989) is e being sph the standuickly becoannels, but

ggestions ockly be func

ggestions iVHF chanoth parts inoted that, acation cou

xchange pa to cyber s

n the AIS prisk.

mmunicatiobe present must be pre

ncurrent prollocated ba

on how AIpter V - Cas out navigaution A.917automatic i

e split in sedata part. T

d network in AIS func

y be split inbe the func

already inpecified as dards, toolome obviout also via b

of the MC actionality im

n the standnels and An one physat this timeld change

art would hsecurity thrpart, directl

o

on Functioas AE esent as A

ovision of sandwidth fo

IS functioarriage reqational equ7(22) providentificatio

everal partsThis chapte

infrastructuctionality wo

n two partsction of com

n place andWEB servls and metus that combroadband

and the MCmplemente

dardisationAIS and ASsical unit lee of writingabove sta

have somereats originly into the


of 91

nality mus

AE

services acor the asso

nality is imuirements uipment tovide guidelion systems

s. One wayer provides

ure, as purould be dif

s. One the mmunicatio

d most of thvices, it wohods availmmunicatiosatellite c

CC messaed using M

n work of VSM data exeads to a c (April 201tement.

e connectionating fromBridge nav


t be presen

ccording toociated com

mplementfor shipbobe carriednes for thes (AIS)

y is to haves the ration

rely TCP/Ufferent from

transpondon of AIS d

he worlds iuld be natuable in thaon of AIS dhannels.

ging servicCC messa

VDES, comxchange onconcern for6), the role

on to the pum the internvigation sy


nt as AE

o SLA givemmunicatio

ted orne navigad on boarde on-board

e a transponale for doi

UDP/IP basm what we

der functiondata.

internet seural to defi

at domain. data could

ce, the ASaging servi

mbining IP n other char cyber sece of VDES

ublic internnet domainystem, the

om

en by on to/from

ational ships,

d

onder parting that.

sed, was see

nality (or

ervices ine the

not only

M part of ices.

data annels, curity is

net, the . navigation

t

Thereforehandled th In the sugand the TAIS traffic This discuAIS/ASM available tVDES mo The E2 T2Figure 18

Figure 18

With the dService, thFigure 19 Hence, th

e one wouldhe same w

ggested arc2.3 roamin

c.

ussion andfunction istoday and

odem.

2.3 has de.

The E2 T2.3 a

discussion he NetworNetwork Pis model h

d implemeway as othe

chitecture, ng is expec

the archits kept the w

then imple

eveloped a

architecture

opened herk protocol Protocol Mhas no “No

nt the AIS er traffic, e

the AIS fucted to han

ecture proway that leementing th

model as

of the Maritim

ere and themodel simodel. n TCP/UD

o

function sensuring se

unction hasndle the ap

posal, doeegacy provhe VHF da

shown in

me Cloud clie

e suggestimplifies as s

DP/IP” path


of 91

o that AIS ecurity usin

s been splippropriate r

es not prevides – namata exchan

ent connected

ons in 7.6.shown in

.


data woulng -460 gat

t in the aborouting and

vent implemmely using nge (of IP b

d with the com

3 Broadca


d be routeteways.

ove mentiod prioritisa

mentationsthe produc

based data

mponents of

ast Messag

om

ed and

oned partstion of

where cts a) using a

f the hybrid

ge

s

AIS Transpon

der

T2.1 V

ECDISECDISECDIS A

VDESSA

(InmaIrridium

Figure 19 N

o

TCP/IP/UD

Application

Roaming

ATarsat, m, VSAT)

WW

Network Prot


of 91

P

s

2GWiFi,WiMax

tocol Model


MCC

G, 3G, LTE

ECDISECDISOther


C

om

11 ArcThis chapwork of T2To ease thbefore impnetwork to

11.1 Sim Figure 20 Figure 21 with respeship, befoelements The automthe same IEC61162 In this exaimplemenECDIS an

hitectupter describ2.4 until thhe readingplementatiopology.

mplest Imp

and illustrate b

ect to on-bore implemlike ECDIS

mation sysnetwork se

2-1 and -2.

ample, it isnt e-navigand VDR.

ural Canbes one aris moment

g, the chapion and aft

plementa

before andoard netwoentation haS attached

tems are cegment. T

s imagined tion and V

ndidateschitecturalt of writing

pter starts tter impleme

ation

after implork and shas one Eth

d to it.

connected he rest of o

that the arVessel mon

o

s l candidate. to describeentation ex

ementationhip/shore dhernet netw

to bridge con-board c

rgumentatnitoring, he


of 91

e that has b

e the most xample an

n done e.gata comm

work segm

control pancommunica

ion for doinnce IEC61


been deve

simple impd then a de

g. on a shipunication. ent that m

nels via eithation is don

ng the insta162-450 c


eloped duri

plementatiescription

p with low In this exaay not eve

her serial lne via seri

allation is tconnectivity

om

ng the

on as a of the full

maturity ample, the en have

lines or onal lines

to y to

B

S

Automation Syste

Bridge and Navigation

GMDSS

Safety, Security & Sup

ECDIS RADA

VDR

Figure 2

ems

System

AIS

ervision

AR

20 Simplest S

o

Situation – Be


of 91

Switch / F

(InIrridi

A

efore Implem


Firewall / VPN

SATmarsat, um, VSAT)

dministration

entation


om

B

S

11.2 Net Figure 22 architectu The MCCthat it is sgateway. work togecommunic It is uncerThereforeonly.

Bridge and Navigation Syst

Automation Systems

AISTransp

der

afety, Security & Supervis

GMDSS

ECDISRADAR

VDR

twork Top

Network Ture. The re

C is in the fitill a discusIt is, at this

ether and hcation chan

rtain, at thise the VDES

tem

Sponr

sion

Figure

pology

Topology squired arch

igure, placssion if MCs point in ti

how to avoinnels.

s point in tS, as used

T2.1 VDModem

21 Simplest

shows the thitectural e

ed as a paCC exist onime (April 2id duplicate

time (2016in the arch

o

DESm

T2.3 Roaming

SAT(Inmarsat,

Irridium, VSA

‐460 Gateway

Situation – A

top level nelements a

art of the mn-board in 2016), unce informat

-04), what hitecture, is


of 91

AT)

DMZ

‐460GW

After Impleme

etwork topare include

main -460 Gmultiple in

clear how mion to be c

VDES is gs assumed


Administration Network

Public Netw

MCC

Maritime Messaging

Local Data Service

entation

pology of thd in the dr

Gateway. Itstances. I.

multiple MCcommunica

going to prd to provide


k VPN

work

C

Almanac

Local Lookup Service

he suggestrawing.

t should be.e. in everyCC instancated over th

rovide on IPe IP conne

om

ted

e noted y -460 ces would he sparse

P side. ectivity

Automatio

Bridge and Navig

Novel E‐Na

GMDSS

Safety, Security

11.3 InteThe shipbexternal cfunctions The desigIMO perforelevant IMsolution is450. The ICS isare used ato and accEach subssubsystemsubsystem

n Systems

gation System

avigation

AISTranspon

der

& Supervision

egrated Cborne integcommunicaof onboard

gn requiremormance stMO resolus based on

s a systemas subsystcepting inpsystem is im where apms.

T2.1 VD

‐460 Gateway

‐460 Gateway

‐460 Gateway

‐460 Gateway‐460

Gateway

‐460 Gateway

Communicgrated comation and dd routeing ments to antandards fotions and c

n applicable

m in which items, i.e. wputs from ain complianpplicable, A

DES

T2.3

SAT(Inmarsat,

Irridium, VSAT)

Ga

Figure 2

cation Symmunicationdistress andof this comn Integrateor integratecirculars. Fe requirem

individual rwithout thea communince with thAn ICS con

o

3 Roaming

WiFi,WiMax

‐460 ateway DMZ

Secu

re Network

‐460 Gateway

22 Network T

ystem n system (d safety co

mmunicatioed Commued RadiocoFor interco

ments for E

radiocomme need for tications huhe IMO typnsists of a


of 91

2G, 3G, LTE

Maritime Messaging

Local Data Service

Adminy

‐460GW

Topology

(ICS) is desommunicaton. nication Syommunicannection othernet inte

munication their own c

uman machpe approvat least two


MCC

Alm

LoLoSe

nistration Network

Public Net

signed to ptions (GMD

ystem are tion System

of the elemerconnecti

equipmencontrol unithine interfal requiremindividual


Accom(Infotaiment ,

manac

Local ookup ervice

VPN

twork

perform shDSS) and t

based on ms, and otents of theion in IEC

nt and instats, providinace (COM ents for thGMDSS

om

mmodation, Passenger & Crew)

hip the

the of the ther e ICS, the 61162-

allations ng outputs HMI). at

The COMdedicated Figure 23 Communi The domashows howThe “yellorisk, the im

M-HMI is ded to commu

illustratescation Sys

ain of the ICw the gate

ow” integramplementa

Bridge and Navigatio

Automation Sys

Safety, Security & Su

Novel E‐Naviga

GMDSS

T

esigned so unications

the relatiostem (IEC6

CS has beeway and Mation needsation shoul

on System

‐460 Gatewastems‐460

Gatewa

‐460 Gatewaupervision‐460

Gatewa

‐460 Gatew

ation

AISTranspon

der

‐460 Gatewa

Figur

that it canor as part

on to this u62940-ICS

een markedMCC can bs to be amed be done

T2.1 VDES

ay

S(Inm

Irridiu

ay

ayay

ay

ay

re 23 The inte

o

n be made of a multi-f

up-coming , 2016).

d with red abe includedended with on separa

T2.3 Roaming

SATmarsat, um, VSAT)

WiFi,WiMax

‐460 Gateway DMZ

Secu

re Network

‐460Gatew

egrated Comm


of 91

available ofunction di

IEC standa

and yellowd in the ICSh a note thaate autono

2G, 3G, LTE

Maritime Messaging

Local Data Service

Administr

Z

0 way

‐460GW

munication S


on a bridgesplay.

ard on Inte

w dashed linS. at to mitigamous units

MCC

Almanac


ration Network V

Public Network

ystem


e workstati

egrated

nes. The y

ate cyber ss.

Accommodation(Infotaiment, Passenger & Crew)

VPN

om

ion either

yellow one

security

11.4 InteIn case wconforms Gateway needed. HFigure 24

egrated Ghere the Ato the Seris simplifie

Hence the .

GatewaysAutomationrvice standed by the fgateways

System aards offerefact that nocan be inte

Figure 24

o

nd the Brided by the Mo translatioegrated int

4 Integrated G


of 91

dge and NaMC and MCon betweento one. Se

Gateways


avigation SCC, the roln proprietaree


System cole of the -4ry protoco

om

mponents 460 ls is

11.5 QuaTo allow tquality of that servicQoS serve Figure 25

QoClie

ality of Sethe serviceservice thace clients her impleme

illustrates

T2.1 VDES

S

Service ClientService ClientService Client

oS ent

ervice e clients to at the comhave the oented in th

suggested

T2

SAT(Inmarsat

Irridium, VS

QoS Server

Applications

F

make intemunicationption of ime T2.3 roa

d architect

2.3 Roaming

, AT)

WiFi ,WiMax

Maritime Messaging

QoS Client

Figure 25 QoS

o

lligent decn links allo

mplementinaming.

ture for Qo

2G, 3G, LTx

MCC

Almanac

S Client/Serve


of 91

cisions on hw in certaig a QoS c

S impleme

TE

C

Local Data Service

(Q‐460GW

er Architectu


how to usen situationlient that c

entation.


Public NetworQuota based Acco

re


e the availans, it is sugcan interfac

Accomm(Infotaiment, Pas

rkounts)

om

able ggested ce with a

modationssenger & Crew)

12 ArcIt is suggechapter 9

13 IdenThis chap During thepotential a

• Inc201

• Dacan

• Qu

14 ConProposedSince the proposed stakeholdphase of t Based on is believedmitigationuse of (IECyber Secchoices of Considerabeen discfor graduacan be do The perspit is suggeOne of theship (excebased on

hitectuested that tPerspectiv

ntificatpter is inclu

e work of Tareas for s

clusion and16)

ata formatsn be extenuality of Se

nclusion architectustakeholdarchitectuers, the arthe E2 Tas

Cyber Secd that the p, partly in t

EC61162-46curity Persf communi

ations on thcussed andal implemeone with ins

pective of pested that te consequept GMDSstandardiz

ural Canthe proposves and ch

tion of puded to pro

T2.4 produstandardiza

d standardi

and protosions in thrvice Cont

n ure is believer input is

ure is not brchitecture sk 2.4 work

curity Persproposed athe structu60, 2015) spective neication pro

he impact d it is suggeentation. Astallation o

providing athe proposences is thS), is centrzed networ

ndidate sed architehapter 10

potentiaovide input

cing this dation.

isation of M

cols used e S100 fra

trol for the

ved to fulfidescribed ased on a is, therefo

k.

spectives, aarchitectur

ure and suggateways.

eeds to be tocols to b

when implested that

Also it is suof few com

an open ansed architehe fact thatralized thrork, using st

o

Test Reecture fulfilsStakehold

al Areasto E2 WP

document,

MCC as ex

for the defamework.ship/ship a

il the user as user nefull and re

ore, likely to

a set of reqre providesggestions f included in

be used are

lementing tthe archite

uggested thponents in

nd harmonecture is det it is propoough the Ttandardize


of 91

esults s the requier Concern

s for sta1.

the followi

xtension/ad

fined servic

and ship/sh

needs as deeds on a

eviewed seo be modif

quirementss sufficient for network

n the furthee to be don

the recomecture provhat “transfon existing o

ized architelivering thosed that a

T2.3 Roamed protocol


irements ans (Requir

andardi

ng have be

ddition to th

ces in MSP

hore comm

described brather hight of require

fied or exte

s have beemeans for

k separatio

er work forne there.

mended arvides a framormation” ton-board in

ecture hase basis forall communing functios and data


as describerements).

ization

een identif

he (IEC629

P, several

munication

by WP3. h level, theements froended in th

en developr security ron, and pa

r T2.4, sinc

rchitecturemework thto the archnfrastructur

s been defir exactly thnication to/

on and thata formats.

om

ed in

fied as

940-ICS,

of these

e om the he next

ped and it risk rtly by the

ce the

e have at allows itecture res.

ined, and hat. /from the t it is to be

BibliogABS. (201

ope

ACCSEASMa

ACCSEAS

ACCSEASMa

ATOMOShttp

ATOMOShttp

ATOMOShttp

BIMCO. (2INT

DISC. (19The

DISC. (20http

DISC II. (nPopra

E2-T2.2. (tec

E2-T3.1. (DM

E2-T3.1. (

ENISA. (2SE

IACS. (n.dhttp_E_

graphy 16). The Aperations. H

S. (2015). ariners Ser

S. (2015).

S. (2015). ariners Ser

S. (1994). Rp://cordis.e

S II. (2000).p://cordis.e

S IV. (2002p://cordis.e

2016). TheTERCARG

997). Brief e DISC Co

001). Retriep://cordis.e

n.d.). Retrirtal: http://w

actical-dem

(2016). E2chnologies.

(2015). AnMA - Peter

(2015). D3

2011). ANAECTOR. Eu

d.). IACS. p://www.ia_pdf150.P

pplication

Houston: A

S-100 Prorvice. ACC

Service De

Service Dervice. ACC

Retrieved 0europa.eu/

. Retrievedeuropa.eu/

). Retrieveeuropa.eu/

e GuidelineGO, INTER

Summary onsortium.

eved 01 16europa.eu/

ieved 01 1www.trans

monstration

2 Task 2.2 A. EfficienSe

nalysis repoPetersen,

3.2 Concep

ALYSIS OFuropean Ne

Retrieved cs.org.uk/d

PDF

of Cybersemerican B

oduct DescSEAS.

escription:

escription: SEAS.

01 22, 2016/project/rcn

d 01 16, 20/result/rcn/2

ed 01 16, 2/project/rcn

es on CybeTANKO.

of Final Re

6, 2016, fro/project/rcn

6, 2016, frsport-resean

Analysis reea2.

ort on comGateHous

ptual Mode

F CYBER Setwork and

01 29, 201document/

o

ecurity prinureau of S

cription: Ma

Maritime

Maritime S

6, from COn/17378_en

016, from C23723_en

2016, from n/52030_en

er Security

eport, DIS

om CORDIn/44674_en

rom TRIP -arch.info/pr

eport on av

mmunicationse.

el. EfficienS

SECURITYd Informati

16, from IA/public/Pub


of 91

nciples to mShipping.

aritime Saf

Cloud. AC

Safety Info

ORDIS: n.html

CORDIS: .html

CORDIS: n.html

y Onboard

C Docume

IS: n.html

- Transportroject/integ

vailable an

n and infra

Sea2.

Y ASPECTon Securit

ACS: blications/U


marine and

fety Informa

CSEAS.

ormation an

Ships. BIM

ent ID D10

t Researchgrated-ship

nd emergin

astructure.

TS IN THE y Agency (

Unified_req


d offshore

ation / Not

nd Notice

MCO, CLIA

1.00.01.04

h and Innovp-control-sy

ng commun

Jens K. Je

E MARITIM(ENISA).

quirements

om

tice to

to

A, ICS,

47.005B.

vation ystem-

nications

ensen,

ME

s/PDF/UR

IEC 60945andRe

IEC61162

IEC61162Sa

IEC62940

IHO. (200AN

ISO/IEC4

MARINTEfrie

MSC.147(SE

MSC.252(ST

MSC.86(7nav

NSCR-1/2

RFC1122

Rødseth, new

Rozanski,Sta

SINTEF. (

The MiTSforu

5. (2002). d Systems

eaults. Gen

2-450. (201

2-460. (201fety and S

0-ICS. (201

09). S100 -ND INFORM

2010. (201

ECH. (2009endly, D-D1

(77), I. (20ECURITY A

(83), I. R. (TANDARDS

70), I. (199vigation eq

28. (n.d.). E

. (1989). R

Ø. J., Chriw ship data

, N., & Wooakeholders

(2005). Ma

S Forum. (2um.org/

IEC 60945s - Generalneva: IEC.

11). Multipl

15). MultiplSecurity.

16). IEC62

- HYDROGMATION. I

11). System

9). Europe1.3 Ship-sh

003). REVISALERT SY

(2007). ADS FOR INT

98). Adoptioquipment. I

E-NAVIGA

Requireme

istensen, Ma network.

ods, E. (20s Using Vie

arnis, WP2

2015). Retr

5 - Maritimel Requirem

le talkers a

le talkers a

2940 - Integ

GRAPHIC Gnternation

ms and So

an Framewhore comm

SED PERFYSTEM. IMO

DOPTION OTEGRATED

on of new IMO.

ATION STR

nts for Inte

M. J., & Le

013). Softwewpoints an

2.2 Broadba

rieved 01 1

o

e Navigatioments - Met

and multipl

and multipl

grated Com

GEOSPATal Hydrogr

oftware Eng

work for Samunication.

FORMANCO.

OF THE RD NAVIGA

and amen

RATEGY IM

ernet Hosts

e, K. (n.d.)

ware Systend Perspe

and Comm

16, 2016, f


of 91

on and Rathods of Te

le listeners

le listeners

mmunicatio

TIAL STANraphic Bure

gineering -

afe, Efficie. FLAGSH

CE STAND

REVISED PATION SYS

ded perfor

MPLEMEN

s -- Comm

). Design C

ems Architeectives. ISB

munication

from The M


diocommuesting and

s - Etherne

s - Etherne

on System

NDARD FOeau.

- Architectu

nt and EnvIP.

DARDS FO

PERFORMSTEMS (IN

rmance sta

NTATION P

unication L

Challenges

ecture, WoBN-13> 987

- State of

MiTS Forum


unication Ed Required

et interconn

et interconn

m. IEC.

OR MARINE

ural Descri

vironmenta

OR A SHIP

MANCE NS). IMO.

andards for

PLAN. IMO

Layers. IET

s and decis

orking with 7-0-321-71

the Art.

m: http://ww

om

Equipment Test

nection.

nection -

E DATA

iption.

ally-

P

r

O.

TF.

sions for a

1833-4.

ww.mits-

15 App This chapcommunicthe deducThe user

• ID • SD• SR• MS

pendix A

pter list the cation and ced requireneed “No”

is about IdD is about SR is about SS is Miscell

A – Con

consolidatinfrastruct

ements to tcolumn ta

dentity manService defSeamless rlaneous

solidate

ted user neture, 2015)the T2.4 on

ags are sho

nagement finition androaming

o

ed User

eeds, extra). The list in-board arortcuts:

and role bd discovera


of 91

r Needs

acted froms amendedchitecture.

ased acceability


s

m (E2-T3.1,d with an e

ss control


, Analysis rextra colum

om

report on mn stating

No. Need

It must be

The role cocompatibleresponsibil

ID#8The infrastrencryption

ID#10Vetting of iand facilitatrelationship

ID#3A UID regisand facilitat

ID#4

ID#1All types ofShore entitinteracting

ID#2

A digital UIthe Maritimforward comactors.

ID#5Unique Idenobjects) areconsidered

ID#6 Standardizneeded

ID#7Standardizintegrity of

ID#9 Ownership on must be

possible to associate

oncept should be flexie, allowing unique roleity domains

ructure must provide sof data

dentities would increate a higher degree of ps or sharing of inform

stry is needed, which te lookup of seconda

f Ships as well as a mties must be able to inactors must be mana

ID (Universal Identifierme Domain, which is fmpatible, yet provide

ntifiers for virtual objee paramount for some

d in relation to develop

ed function(s) for Aut

ed function(s) for validtransferred informatio

of information elemene managed

e identities with roles

ble, decentralized ane definitions for differe

standardized means

ase the credibility of itrust in online busine

mation within the indu

can uniquely identifyry identifying attribute

multitude of shore basnteract, and Digital Idageable

r) concept must be deflexible, decentralizedunique identifiers for d

cts (such as informate use cases and shouping a maritime UID c

hentication of identitie

dation of authenticity on are needed

nts, and authorization

NotesSee Wikdigital Id

https://

In the mauthoritieoperatorships’ caidentifiabAn IdentidentifierThe ideof the Uhttps://ntifier

Not all anumbersand ded

In other mail addThe UID existing It must bassigninAs suchlookup opossibleStandardgroups tcertain raccess

nd forward nt

In using to a respbelongs ‘Flagstatauthorityassign sthose re

EU couldto inform

An actorExamplea particuAid to N

IdentitiesauthenticIdentity

The abiliaccess tby manyCommonavoid all function,systemsIt must bway, thainformat

Certifica

to support In order

The infraunauthoPrivacy oaddresserequiremA digitalbe explicauthorizaStandardcollaborato accesmany inf

identities ess stry

Vetting: digital idrelationsidentity (etc.)

y an actor, es

sed or Off dentity of

efined for d and different

tion uld be

concept

es is

and

n to pass it

o

kipedia for an overviewdentity Management.

/en.wikipedia.org/w

aritime domain entitiees, ports, ships as wrs with assigned rolesaptain, VTS operator ble. tity concept that can r that can cover the Mntifier concept coulURI (Universal Resou/en.wikipedia.org/w

actors have MMSI nums play a significant roicated maritime comm

cases identifiers sucdresses could be used

registry must enableidentifiers and a uniq

be possible to decentng identitiesh, the UID registry maof identities and assoce across the Maritimedized roles may be deo manage which iden

responsibilities and en

role based access mponsibility domain, whto one role, eg. IMO te’, ‘Coaststate’ or ‘Py to competent authosuch roles to identitiesesponsibilities

d most likely reuse romation sharing within t

r/identity may be asse: A Voyage_IDs idenular ship, or a Persistavigation

s related to objects thcation may belong toregister related to act

ity to validate the idento restricted informatiy use cases to facilitan authentication functservices implementin

, requiring actors to ms they need to accessbe possible to ‘sign’ aat the recipient can vaion and detect if it ha

tes may need to be p

to support transfer of

astructure must not parized parties of confidential informaed – technically as w

ments for legal interce service provided bascit about ownership oation to pass on infordized functions suppoators (roles or specificss my information) coformation servicesValidation of relations

dentity – for instance aship between a ship a(identified by UID, IM


of 91

w of definitions related

wiki/Identity_manag

es such as companiewell as employees or s/responsibilities (sucor harbour master) m

provide one binding, uMaritime Domain mustd be a maritime adource Identifier) wiki/Uniform_Resou

mbers, however MMSle in several existing munication systems

h as terminal numberd to identify an actor

e binding (lookup) betwque UIDtralize the process of

ay be decentralized, bciated identifiers mus

e Domain.efined by certain stak

ntities are associated ntitled to which level o

management, a role behere a specific responcould define the roles

Portstate’, and delegatrities of its member ss executing tasks rel

oles already defined rthe e-maritime conce

igned more than one ntifying a particular voent Universal Identifie

hat are not actors ando other registers, thantors that need authen

ntity of an actor requeion or a resource is nate access controltion(s) is(are) neededng their own authenticmaintain password lists.a digital document in alidate the origin of thas been modified

part of some data tran

f confidential informati

ass on information to

ation transfer must bewell as legally, includineption (law enforcemeed on this infrastructu

of information and rmationorting Nomination of c identities who are e

ould ease implementa

ship between legal ena flag state validating

and an associated digO number or MMSI n


Task 2.4 Red to

gement

es,

ch as must be

unique t be option

rce_Ide

SI GMDSS

rs, or e-

ween

but st be

keholder with

of

elongs nsibility s of a te

states to ated to

relevant ept

roleoyage of er for an

d need the

ntication.

esting eeded

, to cation ts for all

such a e

nsfers.

ionThe Architestandardiz

o

e ng nt).ure must

entitled ation of

ntity and the

gital umber,

N/A

N/A


equirement

ecture must be ableed encryption proto

om

e to support ocols

No. NeedSD#1

The infrastrfunction

SD#2A standardfunctional doperational

SD#3A standardservice imp

SD#4A standardhow privacyis exchang

SD#6Standardizshould be d

SR#3Support forinformationrequested

SR#4

Although nbe designeGMDSS (Dqueues of i

SR#5A Messagiinformation

SR#6Legal implimust be cointernationa

SR#7A Messagimessages

SR#9A Messagitransfer of dA MessagistandardiseThe text-chstandardisechanged tim

MS#1 Introductionmodificatio

MS#2Introductionpoints of famaritime st

MS#3A businessshould be i

MS#4Legal implishould be a

MS#5

The roadmashould inclwhere techfor agile ad

MS#6The level ofdefined

SR#10

SR#2A Messagiinformationinformation

SR#8 A Messagiefficient tra

SR#1Actors shopoint radio roaming)

ructure should provide

dized description of a description, user pres context and definitio

dized service descriptiplementation dized description of a y of information is ens

ged with the serviceed methods for settindeveloped

r setting up dynamic mn only to actors relate

ot part of the GMDSSed to support the operDistress, Urgency, Sanformation transfer

ng Service should sun delivery

cations of the compoonsidered – including al law related to lawfu

ng Service should su to ships outside ran

ng Service should sudatang Service should sued contenthat function could be ed information exchanme of arrival

n of the infrastructure ns of existing system

n of the infrastructure ailure, which may prevtakeholders due to d

s case for operating thdentifiedcations of establishinanalysed and addressap towards establishiude establishing test

hnologies can be testedaptation of technologf criticality of the infra

ng Service should sun to actors inside an an in an area or along a

ng Service should suansfer of data

ould be able to interaclink or the same sate

e a Service Registry /

digital service shouldsentation issues (wheon of data formatsion language could fa

digital service must dsured, if confidential i

ng up subscriptions to

multicast groups for md to a particular opera

S, any roaming capabrational priorities definafety, Routine) in exec

pport requesting ackn

onents of a Messagingrequirements in natio

ul interception.

pport the ability to disge of stable connecti

pport encryption for c

pport text messages

used to clarify other nge e.g. explain reaso

should not require mms

should not introducevent interactions betwdisrupted operation

he infrastructure funct

ng the infrastructure fusedng infrastructure funcbeds and developer f

ed and validated, andgy developmentsastructure functions m

pport the capability toarea (or actors subscra route)

pport methods for ban

ct without using the saellite system (seamle

Notes/ lookup

d include a ere relevant), Geograp

could be

acilitate

describe nformation

Technicaincludingregime c

o a service

SeamlescommunproposedThis will can offershore baswitchinlinks, baGeocastroaming the ‘liste

Precisiolocation

multicasting ation is (like sub

operatio

bility should ned for cuting

Based oinfrastrucsupportidesign sat a latebecome

nowledge of Acknowa commdelivery,received

g Service onal or

stribute vity

May reqability tostatusesacknowlEfficient should bIn case otransfer to contintransfer

confidential

with non-

on for

major

The infratransitioimprovedenablingattention

e single ween

Infrastrucrequire obe able tdecentra

tions Supporte

unctions Supporte

ctions forums, allow room HLUG a

must be

StandardPhrases

o broadcast ribing to

ndwidth

ame point-2-ess

o

phic context and levele part of the operation

al as well as legal asg stating which nationcover the provider of th

ss roaming - i.e. a canication service - shoud Maritime Messaginrequire a shipboard m

r other shipboard appased messaging servig between a number

ased on availability, cating (broadcasting to service to be aware o

ening area’ of fixed ac

on and timing requiremof mobile actors has

bscribing to a chat roonal information related

on advice from the Higcture functions shouldng safety critical app

should not prevent upger stage, if the function

widely used. ledge mechanisms counication link level ac an application level a at a relevant applicat

uire store-and-forwardo provide ‘delivery delas in relation to requireedge. methods for encodin

be appliedof a temporarily lost cof a large data block,

nue after a reconnect,over.

astructure functions sn towards better servd and unified access g automation of interacn

cture functions shouldonline access to centto be replicated and falized manner

ed by comments from

ed by comments from

lso requested a roadm

dized expressions, sus, could be supported


of 91

of criticality of a servnal context

pects must be coverenal (or international) lehe service

arrier agnostic or crossuld be available (The g Service)messaging applicatio

plications a connectioice, while automaticaof different communicapacity, cost or otheran area) will require tof mobile actors locat

ctors

ments for updating thenot been determined

om for sharing certaind to an operation)

gh Level User Group, d not initially aim for lications, but its inhegrading the operationns prove successful a

ould exist at different cknowledge of informaacknowledge of informtion, or a user acknow

d queuing capabilitiesayed’ or ‘not connecteement for delivery

g or compression of d

connection during an the process should , rather than starting t

hould rather allow a gvice designs, providingcontrol mechanisms,ctions with minimal u

d as far as possible nralized systems, but function offline or in a

m HLUG

m HLUG

map

uch as Maritime Stan.


Task 2.4 Re

MCC must

vice

ed egislative

MCC must s carrier

n, which n to a

ally cation rthe tion or

e d

n

MCC must the

rent al status and Covered by

Perspectivlevels -

ation mation wledge

Message Treception a

s, and ed’

data

ongoing be able the

Message Tencryption

gradual g , user Covered by

existing in

not should

ArchitectuimplementArchitectumode" reqcommunicline/off‐lin

Roaming m

ndard

MCC must Architectubroacasts

Message TcompressioService)


equirement

be present as AE

be present as AE

be present as AE

y the Open and Harmve

ransport Protocol macknowledge

ransport Protocol mn

y the Low Impact Intfrastructure perspecre topology must notation change state re must support offquired functionality.ation must not be afne state

must be present as A

be present as AEre must support dist

ransport Protocol mon and continue afte

om

monized

must support

must support

tegration with ctiveot by method or of SPOF areas.line or "silent I.e. Inter AE ffected by on‐

AE

tribution of

must support er LOS (Loss of

16 AppeThis chapter

N° Re- viewer Initials

1 NIT

2 NIT

ndix B – Filist the review

Reference in doc. (General or Paragraph, Figure …)

Typ(editostrucformuerror

page 42, par.10.2.1

form

page 42, Par. 10.2.2

form

inal Reviewcomments rec

pe orial,

ctural, ulation )

Review

mulation The seEfficienand neoutcom The roawith seNetwor

mulation Commapplicaany givcommu The sewhere EfficientransmThe infbe logimodifieMaritim

w Report ceived and acti

wer's Comments

entence: „Due to thnSea2 Task 2.3 roetwork segments fme of Task 2.3.

aming device fromeveral separate phrk segments will bent refers to the s

ations need to havven time, to be abunication is requir

ervices are performthe required QoS

nSea 2 Task 2.3 rmission link which w

formation about thcally distributed toed by them – sucme Cloud.

D2.10 O

of 91

on on commen

s, Question and P

his, there is a REoaming device mufor (…)” is not com

m the EfficienSea hysical ports – thebe separated logicsentence: „The eleve knowledge of thble to make the rigred.”

med via Maritime S and necessary eroaming device wiwill depend on thehe QoS that is curo relevant network

ch a modification c

Onboard system

nts from the fina

Proposals

QUIREMENT thatust have separatempliant with the re

2 Task 2.3 will noere will be only oncally. ements of the Serhe available quali

ght decisions when

Cloud and it is in ndpoints are deteill select the most e required QoS anrrently available ink components butcan only be perfor

m integration a

“This project hathe European research and under grant agre

al review of thi

t the e physical ports esults and

ot be equipped e physical port.

rvice ity of service at n

Maritime Cloud ermined. The

suitable nd endpoint. n the link may t cannot be rmed by the

rchitecture – F

as received funding froUnion’s Horizon 20innovation programm

eement No 636329”.

s report.

Editor’s action comment.

After correspondinput from review16, editor has derequirement for the report. The mis achieved are decided in the nT2.4 and T2.3 … stick to QoS w

Final review re

om 020 me

on review

dence with NIT anw meeting 2016-0ecided to stick wittwo physical portsmeans of witch thto be discussed aext phase of E2

way of drawing

eport

nd 04-th s in is

and


3 NIT

4 NIT

5 NIT

6 NIT

7 NIT

8 NIT

8a NIT



page 45, par. 10.2.5

form

Fig. 22/23/24/25/26

form

Fig. 26 form

Par. 7.1.3 struc

General edito

General edito

Page 49 edito

pe orial,

ctural, ulation )

Review

mulation Commrest of PassenimplemPassen To clarequippthem. PGatewaSo, outthe sec

mulation The EfseparaGatewa

mulation The Efinformaequipp

ctural In par. docum“broadcobservconfus7.1.3 a

orial To meninstead‘QOS’ http://w

orial There few exa

orial It is: “F

of 91

wer's Comments

ent refers to the sthe ship network nger/Crew networ

ments detection annger network is is

rify the matter: theped with ANY modPassenger netwoay / Firewall. t of the two possibcond one is true.

fficienSea2 Task 2ate physical ports.ay / Firewall. fficienSea2 Task 2ation logically to re

ped with the QoS S

7.1.3 a definition ents regarding thecast” are used int

ved by the authorsion, we believe a

as well. ntion Quality of Sed of the most comusually refers to „

www.acronymfindeis a relatively big amples below:

Figure 22 and Figu

“This project has recethe European Union’sresearch and innovatunder grant agreeme

s, Question and P

sentence: „ To profrom Denial of Serk, it is REQUIREDnd protection agaisolated using a IEC

e EfficienSea2 Tasdules detecting attrk must be isolate

bilities included in

2.3 roaming devic Public Network s

2.3 roaming devicelevant network cServer.

of broadcast come Maritime Cloud,terchangeably. Wes later in paragrapsimilar statement

ervice, the authormmon form – ‘QoS„Quality Operatinger.com/Quality-Opnumber of spellin

ure 22 illustrates…

eived funding from s Horizon 2020 tion programme nt No 636329”.

Proposals

otect the T2.3 roamervice Attacks origD that either, the rinst such attacks, C 61162-460 Gate

sk 2.3 roaming detacks and/or proteed using a IEC 61

the cited sentenc

ce will not be equipshould be separat

ce might send the components, but it

mmunication is giv, the terms “geocae acknowledge, th

ph 7.6.3, but to avot should be include

s use the acronym’. It should be cor

g System” - perating-System-(g and punctuation

…”

ming and the ginated from the roaming device or the eway / Firewall.”

evice will not be ecting against 162-460

ce from D.2.10,

pped with ted using the

QoS t will not be

en. In many ast” and hat this fact was oid possible ed in paragraph

m ‘QOS’, rrected, since

(QOS).html n mistakes. A


The sentence hanote that -460 grequired in E2.

Figures updated

Definition of the T2.3 roaming anare to be discusthe next phase oFormulation of dGeocast can bebroadcast. Geocdistributed using

Fixed.

Fixed (I hope)

Fixed

on review

as been extendedateway/firewall is

d to show GW

QoS functionalitynd the service cliessed and decided of E2 definition expande a special case ofcast could also beg multicast.

d to

y in ents in

ed. f e


8b NIT

8c NIT

8d NIT

8e NIT

8f NIT

8g NIT

8h KB (NIT)

9 AW

10 AW 11 AW



Par. 11.1 Fig. 8 edito

Fig. 8 edito

Fig. 9 edito

Fig. 13 edito

Fig. 13 edito

Page 40, 1st sent. in par. 10.2

edito

Page 43, Par. 10.2.2

edito

Ch 2 para 1 sentence 2

Edit

Ch 3 DittoCh 4 para 1

…

pe orial,

ctural, ulation )

Review

It shouorial It is: “S


It shouorial It is: “T



It shouorial It is: “T

and proIt shoua ship,

orial It is: “The idQualityIt shou“The idQuality

orial The sc

o … DefinitiPossibinfrastrpossibmaritim

of 91

wer's Comments

ld be: “Figure 21 Shios”

ld be: “Ships” Shpis” (x2)

ld be: “Ships” Tasl 2.4”

ld be: “Task 2.4”Shios”

ld be: “Ships” Shpis” (x2)

ld be: “Ships” This chapter analyopose requiremenld be “This chapte and proposes req

dea from the SatCy of Service attribuld be:

dea from the SatCy of Service attribucope of …[not for]

ion of MCC – Marble redraft: the conructure of a ship ale due to the rules

me domain. Howe


s, Question and P

and Figure 22 illu

yse a typical netwonts(…)” er analyses a typiquirements(…)”

Com providers, of hutes (…)”

Com providers, of hutes (…)”

ritime Cloud Clienncept of considerinas a sub-system os and regulations ever, a limited app


Proposals

ustrate…”

ork structures on-

ical network struct

having M2M acco

having M2M acco

t Component? ng the entire elect

of the maritime clothat apply to equi

plication of the con

board a ship,

tures on-board

ounts to witch

ounts to which

tronic oud is not pment in the ncept is


Fixed (I hope)

Fixed (I hope)

Fixed (I hope)

Fixed (I hope)

Fixed (I hope)

Fixed

The paragraph wIt has been Refo

Fixed

Fixed Found both formread, so stayed

on review

was confusing. ormulated.

mulations hard to on existing one.


12 AW

13 AW

14 AW

15 AW 16 AW

17 AW 18 AW 19 AW

20 AW



Ch 4 para 2

…

Ch 4 para 4

…

Ch 4 para 5.1

Form

Ch 5.1 EditCh 5.1 para 1 last sentence

…

Para 2 … … Ch 5.2.1 …

After Fig. 2, 3rd

…

pe orial,

ctural, ulation )

Review

possibbind thsystemRedrafboard ain this The proarchite

mulation Reviewfleet (oone frothose oships oMaritimICS weinterna The texis therealtogetthe fac

orial ….pote….and builds

On boaSugges….200infrastr While

of 91

wer's Comments

le on novel parts oe maritime cloud

ms. ft? ....on board Marchitecture a recreport. ocess to follow an

ecture is illustratedwer Comment: EQover 100 GT) of wom the other the nof over 500 GT noof over 300 GT) isme Transport 2015ebsite quotes a figationally.

xt referring to SOLefore a bit confusither and just makict that it will be 20 ential improveme in practical termsin order to fulfil its

ard [not on ship]st delete text: ….a0, two research pructure…. the two concepts


s, Question and P

of those parts of tclient component

CC and to identifycognized standard

nd the steps takend in Figure 1. QUASIS 2014 figuhich 31,240 were

number of SOLASotwithstanding thes 53,854 in 2014. 5 has a higher figugure of approx. 50

LAS ships and sming so I suggest ding a comment onto 30 years befor

ents… s the NC must apps potential.

and which it is conprojects in particula

….


Proposals

the shipboard arch(MCC) to existing

y and describe a s has been used (t

n to provide a reco

res are 85,094 shless than 500 GT ships (generally

e fact that some prThe UNCTAD Re

ure for the total of0,000 ships trading

mall ships and repeleting the secon

n the size of the cure the majority are

ply to the existing

nsidered to deservar focused on on-

hitecture that g type approved

suitable on-the ISO/IEC…)

ommended

hips in world T – so taking taken to be rovisions are for eview of f 89,464. The g

lacement rates d sentence urrent fleet and e replaced.

fleet and future

ve. -board


Paragraph refor

Suggested form Reformulated a “rough numbersof the text the sato make clear thon-board architeintended for new

Could not find, aUsed suggestionformulation.

Fixed Deleted. Used suggestion

Fixed

on review

rmulated.

ulation used.

bit and added a s” attribute. Left mame, since point i

hat the MC and theecture is not only w builds.

assume fixed n and simplified

n.

ost s e


21 AW 22 AW

23 AW

24 AW

25 AW

26 AW 27 AW 28 AW

29 AW

30 AW

31 AW 32 AW 33 AW

34 AW



sentence Last para … 5.2.2.1 First sentence

…

Para 4, 2nd sentence

…

3rd sentence

…

Ch 5.2.2.2 para 1

…

Para 2 … Para 3 … …

Ch 5.2.3 para 2 2nd sentence

…

Ch 5.2.3 para 3

…

StruPara 4 EditCh 5.3 …

pe orial,

ctural, ulation )

Review

…adopCommmodel,I suggeSOLAS…are a

…to be

…publ

…balla…tendThe firsor split The corules…

..comp

ucture There aorial …also

…..argon new…arch.1 supp.2 does

of 91

wer's Comments

pts the (…) five-laent: Actually owne spec, etc) so theest delete the firstS Convention estaalmost universally

e discussed below

ish… [not publish

ast water system…… [not tends] st sentence is verinto shorter sente

onsequence of not….

ponents… (s adde

are no referencesseem to involve…ument that it is ne

w ships but also thitecture must be sports… s not compromise


s, Question and P

yer AD, including ers do have a cho

e text is a bit odd, t 1.5 sentences anablishes the minimy used.

w, they do not allo

es]

….

ry long and complences. t meeting and rem

ed) …compromise

s in the text to figu… ecessary for the Mhe existing fleet…such that the MCC

e…


Proposals

the definition of ‘loice of equipment particularly the Cond start the rest wmum set of…….

w extraneous com

icated and might

maining in complia

…(s deleted)

ures 4 or 5

MC and MCC to be

C:

layer’ (manufacturer,

onversely bit so with: The

mmunications.

be better edited

ance with the

e fitted not only


Fixed Used suggestion

Used suggestion

Used suggestion

Fixed

Fixed Fixed Edited and split…

Used suggestion

Fixed

Fixed Fixed Used suggestion

Kept existing for

on review

n.

n

n

…

n.

n.

rmulation.


35 AW

36 AW

37 AW

38 AW 39 AW 40 AW

41 AW 42 AW 43 AW

44 AW 45 AW

46 AW

47 AW 48 AW 49 AW

50 AW



Ch 5.4 Gen

Ch 5.4 near end

Edit

Para 1 …

Para 3 … Para 4 … Ch 6 Gen

EditCh 6.1 … 2nd sentence

...

Ch 6.3 … Ch 7 1st sentence

…

2nd sentence

…

Para 2 … Para 2 2nd sentence

Edit

Para 2 3rd sentence

…

pe orial,

ctural, ulation )

Review

.3 ensu

.4 is in neral The lis

same iorial ..never

The MCbefore …VSA…..ma

neral Althougand its Font in

orial Experie…and ….cont

…infor…requ

….com

…via o….stra

orial ….mar

…othe

of 91

wer's Comments

ures that… compliance… t of items is in a dn other lists – thertheless have to b

CC….. [no need tin text]

AT, T2.1 VDES arey not need to be sgh Viewpoints is a concepts do not

n list is as in previoence… [no s]…fotheir environmentext viewpoint is c

rmational…[al addirements …[s add

mmunication soluti

operation and montegy has been de

ritime communicat

r projects and res


s, Question and P

different font to the font might be thebe known, ….

to spell out as abb

e clearly also AE.separate items…a part of the ISO/Iseem to add mucous general commr consideration…

nt considered to be f

ded] ded]

ons and enhance

nitoring to reportineveloped by IMO…tion needs, a set o

search including: [


Proposals

e rest of the text ae same throughou

breviation used ma

EC 42010 standach (for me at least)ment

fully relevant since

ed ability to integra

ng…. … of…

[list..] have further

and this is the t the text

any times

ard this chapter ).

e the….

ate…

r refined…


Fixed fonts

fixed

fixed

fixed fixed Kept chapter. Imwork. Font fixed. Fixed, used fixed Used suggestion

fixed fixed

Used suggestion

Used Used Fixed

Fixed

on review

mportant for furthe

n

n

er


51 AW

52 AW

53 AW

54 AW

55 AW

56 AW

57 AW

58 AW

59 AW

60 AW

61 AW

62 AW

63 AW



Para 3 …

Figure 8 …

Last sentence

…

Ch 7.1 …

…

Ch 7.1.1 …

Ch 7.1.2 …

Ch 7.1.3 …

Ch 7.2 …

…

Figure 10 Erro

Figures 8,10 & 11

Edit

pe orial,

ctural, ulation )

Review

….in p

At the t

This taTask 5….to bwriting Font in

There a

….destthat……Definedcommu…is alspoint…that theFont in

…..the

or??? Aren’t

orial The wo

of 91

wer's Comments

revious chapters

time of writing [en

able is basically or5.1 should be move made to make a[ enter a date]

n list as before…

are three interacti

tination end point ….providing acknod as a one-to-manunication is sure tso a one-to-many

….., no acknowledge information is tran list as before….

level of….

MSI and NM gene

ord chart has bee


s, Question and P

[ s added]

nter a date] the nu

rdered according tved accordingly a better estimate t

ion/comms types

is known and theowledgement of reny communicationhat acknowledgem

y communication bgement is given thansferred.

erally broadcast ra

en misspelt as car


Proposals

umbering of MSPs

to Task number s

than is possible a

[delete types of]

e source of commueception. n…..and the sourcment… but where the desherefore there is n

ather than P2P?

rt in the tables

s is confusing….

o on that basis

at the time of

unication is sure

ce of

tination end no guaranteed


Reference to theadded fixed

Table is orderedof use cases. KeFixed

fixed

fixed

fixed

fixed

reformulated

fixed

fixed

Good question. and came to theservice would be“client request aNM’s and serveHence P2P. This might chanof the service deFor now, no chaFixed

on review

e specific chapter

d from an original ept it that way.

We discussed thie conclusion that te implemented as

available MSI and r will send to clien

ge with completioescription. ange made.

r

list

s the s a

nt”.

on


64 AW

65 AW

66 AW

67 AW

68 AW

69 AW

70 AW

71 AW

72 AW

73 AW

74 AW

75 AW

76 AW

77 AW

78 AW



Ch 7.3 …

…

Ch 7.4, 7.5, 7.6

…

Ch 7.6 para 3

…

Ch 7.6 para 4

Edit

Ch 7.6.1 …

Ch 7.6.2 …

Final para second sentence

…

Final para last sentence

…

Ch 7.6.3 …

…

…

…

2nd para …

Ch 7.7 …

pe orial,

ctural, ulation )

Review

Font in

….estim

Font in

…..it is

orial Figure make uA web

Both so

The va

Similarservice

…ackn

The neavailab…..the

With rebroadcRSS (W….also

…have

of 91

wer's Comments

n list as before…

mation of the…[no

n list….

s assumed that all

14 shows how thuse of the basic…service is the sta

ource and destina

alue-added that th

r methods should e, especially if it is

nowledgement…

ew element here isble data exchangey will have to ‘sub

espect to architectcast services that Web feeds) are a o be a solution her

e provided severa


s, Question and P

ot guesstimate]

l of the services a

e various services….

ndard defined by

ation end points th

ese…

be considered wis to work across V

s that it is the broae communicationsbscribe’….

tural design of a Bhave been developossible examplere.

al additions….


Proposals

re built on top of…

s in the MSP are a

the W3C….

hat support [s dele

th respect to the MVDES

adcast of data infos channels

Broadcast Messagoped for the W3Ce to follow.

….

anticipated to

eted] the….

MC data

ormation via

ge Service, the , particularly the


Fixed

Changed. However, we reathan estimated…Fixed

Used suggestion

fixed

Reformulated.

fixed

fixed

Used suggestion

fixed

Used suggestion

fixed

Reformulated.

fixed

fixed

on review

ally guessed more…

n

n

n

e


79 AW

80 AW

81 AW

82 AW

83 AW

84 AW

85 AW

86 AW

87 AW

88 AW

89 AW

90 AW

91 AW

92 AW

93 AW

94 AW

95 AW

96 AW



…

Ch 7.8 …

…

…

Ch 8 …

…

…

Ch 9 …

C 9.1 1st para

Edit

…

…

Ch 9.2 …

…

Para 2 …

Functional sub heading

…

Ch 9.3 Erro

Figure 15 Edit

…

pe orial,

ctural, ulation )

Review

In genealthougused o…set o

Font in

….as g

…..set in WP3Since W

…..will

Font in

orial …..sta

….serie

Delete

….mea

Font in

Delete

…requ

or??? ShouldComm

orial No refe

ENISA

of 91

wer's Comments

eral, the XML schgh formats such a

on the basis of claout in chapter 6

n list as before

given in chapter 10

up in such a way3 and the on-boarWP3…[delete: in

also provide requ

n list…s

ndardization of th

es of standards th

the ‘’ at the end

ans

n list…

it’s and replace w

irement for [ not o

d reference also bittee and the IEC erence in the text

A and ABS might b


s, Question and P

emas are the domas JSON and BISOimed enhanced e

0.

y that the communrd architecture… [the work]

uirements forming

e on-board data i

hat cover serial an

with its

of] standardization

e made to ETSI C62443 series to this figure

be better in ( ) and


Proposals

minant web servicON are becoming fficiency.

nication frameworkdelete: of..]

g the basis…

nfrastructure is…

nd network-based

n

Cyber Security Te

d the full name in

e data formats increasingly

k is developed

…

chnical

text – and the


Used suggestion

Fixed

fixed

fixed

reformulated

fixed

reformulated

fixed

fixed

fixed

fixed

Fixed

fixed

Fixed

fixed

Reference and d

fixed

Fixed

on review

n.

description made


97 AW

98 AW

99 AW

100 AW

101 AW

102 AW

103 AW

104 AW

105 AW

106 AW

107 AW

108 AW

109 AW

110 AW



Ch 9.1 and 9.2

Stru

Ch 9.3 2nd para

Edit

…

Last para …

General …

Ch 9.3.1 …

Ch 9.3.3 …

Ch 9.3.4 …

2) …

Penultimate para

…

Edit

…

Ch 9.3.5 …

Ch 9.3.6 …

pe orial,

ctural, ulation )

Review

same fucture These

apprecbe give

orial …types

…actio

…has

As a geformatsstandaFont in

Risk idimpact Such e

….it ma

…the 4

orial … resp

… reco

…to en

Given tthe usemitigatvalidate.1 plac

of 91

wer's Comments

format used throutwo chapters are

ciate that cyber seen (if possible) to

s..

on that can be take

emerged..

eneral comment…s: bullet points, nu

ardized. n list…

entification is the system operation

equipment is very

ay be preferable t

460 gateway is..

ponsibility for [not

ommendations for

nable [delete for] f

the perspective reer needs identifieding security risks ed…… of the risking…


s, Question and P

ghout (i.e. acronyvery brief compa

ecurity is a hot issuintegration and op

en.

…the various lists umbering, use of a

process of determns and data and thrare today…

to allow the conne

of]

r [not of]

functions that

equirement (para d in (E2-T3.1…etc(IEC…), any candks. This might be


Proposals

ym in ( ) to follow fred to 9.3 on cybeue but should morpen, harmonized a

in the report are ia), b) etc… they m

mining risks that che possible outco

ection of some…

9.2 above) for an c) and the availabdidate architecture achieved by:

full text) er security – I re elaboration architecture???

n various might be

could potentially mes.

open…… and ble standards for e needs to be


Input from review21: The level of and 9.2 is acceptime Could not find –fixed fixed

fixed

Fixed … only onnumbering.

fixed

Reformulated.

fixed

fixed

fixed

Fixed

fixed

fixed

Reformulated ansuggestion.

on review

w meeting 2016-0information in 9.1

pted at this point i

– hence assume

ne required

nd used part of

04- n


111 AW

112 AW

113 AW

114 AW

115 AW

116 AW

117 AW

118 AW

119 AW

120 AW

121 AW

122 AW

123 AW

124 AW

125 AW



Ch 10.1 …

Gen

Edit

Ch 10.2 …

…

…

Ch 10.2.1 …

Ch 10.2.2 …

…

…

Ch 10.2.3.1

…

Ch 10.2.4 …

…

Ch 10.3.2 …

Ch 11 …

pe orial,

ctural, ulation )

Review

.2 desc

.3 descMakingduplicaSome e(email

neral Is the l

orial Font in

…. anaclassesFont in

In (SIN

….is vVLAN ….7.4

Which

The texanticipaimplem…supp

Examp

In this

Delete

…up u

of 91

wer's Comments

cribing… cribing… g full use of the NIates 9.2.3] explanation of ID,exchange of 7 Apist here a summa

n list…

alyses a typical nes of services

n list…

NTEF)… each dom

ital…traffic is…adis… priority provide an

h at the top of pag

xt starting One coated that the MC/

mentation in manypliers of the system

ples can be envisa

case the same pr

: …one would ve

ntil the date of thi


s, Question and P

IST approach (pa

, SD, SR and MS pril refers) ary? If so it might

etwork structure…

main’s internal….t

dministrative or pa

n indication of..

e 43 ..not witch!

ould also imagine…/MCC could centray of the MSP applims….implement i

aged of multiple o

rinciple…. In case

ery quickly…

s report [date to a


Proposals

ra 9.3.2) [and dele

in the table in Ap

say so…

….and proposes…

there are intercon

assenger traffic an

…could say: It mialize functionality cations in the M2nterfaces…

perations

es…..

add]

ete the list as it

pendix required

. required

nections….

nd to reduce….

ght also be that could ease M mode.


Added into desc

Added descriptio

fixed

fixed

fixed

fixed

fixed

fixed

Used suggestion

fixed

Not changed, suchange meaningfixed

reformulated

Date on front pa

on review

cription in Append

on for list

n

uggestion would g.

age.

ix.


126 AW 127 AW 128 AW

129 AW

130 AW

131 AW

132 PAN

133 PAN

134 PAN

135 PAN

136 PAN



Ch 11 EditCh 11.3 … Ch 12 … Ch 14 …

…

Page 10 edit

Figure 6 struc

7-1-1 and 7.1.2

edit

10.2.3 struc

Figure 20 struc

pe orial,

ctural, ulation )

Review

orial Figures….illusIt is sugWP3. [

….is, th

While tChang

ctural With rethe inteshown Either aor adopAnd the And the

ctural Descrip Consid

ctural Figure In figur

of 91

wer's Comments

s should be 21 anstrates the relationggested that… [full stop to add]

herefore, likely….

to two concepts ae to to the

eference to the listelligent roaming din figure 19

add some text expt it into the drawie source of comm

e source of commption of the comm

der adding a desc

20 is in contradic

re 19 VDES is a n


s, Question and P

nd 22 n….

re quite similar in

ting on the previoevice described in

plaining the impleing.

munication are sur

munication is sure munication network

ription in this chap

ction to figure 19 in

non LAN item, in fi


Proposals

many respects

us page I miss ann T2.3. the parts I

ementation of intel

re that

that k based on IEC 62

pter

n relation to placin

igure 20 it is a LA

n indication of I miss are

lligent roaming,

2940

ng the VDES.

N item


fixed fixed Changed. fixed

fixed

fixed

List show the rofigure 6 does shdevice.

fixed

Rejected. The 6seen as a ship oTraditionally thecomponents arethe navigation asay that ICS is pNavigation netwhowever – it is sis binding it all toI think you hit thproblem in our wAs it looks, VDEAIS/ASM as non

on review

aming device andhow the roaming

62940 network is noperation networke communication e considered part and hence one coupart of the

work. Later in doc, shown how the ICogether. e spot of the main

work. ES is offering bothn lan and data

d

not k.

of uld

S

n


137 PAN

138 PAN

139 JKJ

140 JKJ 141 JKJ

142 JKJ 143 JKJ

144 JKJ 145 JKJ



11.3 edit

Figure 24 edit

P12,40 form

P13,5 formP13, 5.2.2.2

form

P14,13 editoP14,20 form

P14,37 editoFig. 4 struc

pe orial,

ctural, ulation )

Review

The lat I think It is noUpdate

mulation Unclea

mulation Replacmulation Should

orial Passenmulation ‘Never’

We fretake in

orial Proposctural I miss t

of 91

wer's Comments

tter “yellow” integr

the sentence shot possible to followe the figure to makar. I don’t see how

ce GPS-type with d BAM not be men

ngers are relevan’ is a strong wordquently need to sto account creativ

se to delete “entitithe administration


s, Question and P

ration needs to be

uld be, the latter “w the yellow line ake both yellow an

w this is discussed

GNSS ntioned in this con

t for Safety of Life… end test standardve solution which es and”

n (office) network


Proposals

e amended with a

“red” integration nall the way on the d red lines fully vi

d in the section be

ntext?

e At Sea as well…

ds into a maintenano one had imagi

– which is mentio

note

needs…. figure sible.

elow.

…

ance cycle, to ned.

oned in the text


exchange via thBy nature, VDESbetween VHF (nboard networks.As noted later, itmove away fromand move the coIP based. In the proposed assumed that Vnothing but IP coA note of that hachapter 11.2. Reformulated.

Fixed

Reformulated, resecurity fixed BAM is part of Ctype approval refixed Deleted last sen

fixed The figure showapproved equipm

on review

e IP network. S is an interface non-lan) and the o. t is suggested to

m the non-lan areaommunication to a

architecture, it is DES is providing onnectivity. as been added to

efer to cyber

CAM and part of IMegime

ntence.

w clusters of type ment.. .that is not

on-

a an

MO

in


146 JKJ 147 JKJ 148 JKJ

149 JKJ

150 JKJ

151 JKJ



P15,7 editoP15,8 strucFigure 5 struc

P16 form

Figure 6

Figure 10

pe orial,

ctural, ulation )

Review

orial Add ‘toctural Don’t uctural Miss th

associa

mulation I’m notthe serNAVIG

What isadmini

*Why a What isdata)? RE MSMulti- oConfidetypicall RE the‘route s

of 91

wer's Comments

o’ understand “betwehe admin networkated communicati

t sure what is mearvices (MSP’s) dis

GATION system?

s meant by the sestrative network?

are several Use C

s the difference be

SI&NM, I think theor broadcast are tentiality/encryptioly publicly availab

e broadcast of ROsegment’. It is unl


s, Question and P

een entities betwe. Administrative reion needs play a s

ant here. Is it admscussed in e-Navig

eparate network f

Cases duplicated –

etween MSI&NM

P2P interaction wthe typical – and I on for this use casble .

OUTE PLAN / activikely that the entir


Proposals

een layers”… eporting formalitiesignificant role

ministrative systemgation are related

for e-Navigation?

– Port Reporting fo

and the version w

would be an excepsee no need for e. These informat

ve route – I think ire route plan will b

es and

ms? Many of d to the

Where is the

or instance?

with (hydro

ption, while the

tions are

t should read be broadcast.


the office netwofixed Reformulated The figure showapproved equipmthe office/adminNo .. it is not adsystems. It is theidentifying architthat must presenarchitecture. Why e-navigatioincluded separanew. Separate netwobecause it is newAre reverting to administrative nreport. All very good ancomments. Will not change changes will notarchitecture. The list/overviewservice communrequirements nemuch more work

on review

rk.

w clusters of type ment.. .that is not network. ministrative e process of tectural elements nt in the proposed

on services are ately is because it

rk for e-navigationw. definition and useetwork later in

nd relevant

for this report sinct influence propos

w of MSP and nication eeds to undergo k during E2.

in

d

is

n is

e of

ce sed


152 JKJ

153 JKJ

154 JKJ



Figure 11

Figure 12

Page 28,

pe orial,

ctural, ulation )

Review

RE ROplan seor mult RE ICErequirinpublic RE Embe P2PMSI&N SeaCHoverlayexperie SMARTROUTI ICE CH EMISSto be ‘RI wouldwould dservicefunctio Re SnaCellulaMany AmanagVDES,

of 91

wer's Comments

OUTE EXCHANGEegment broadcastticast operation w

E CHARTS – I dong client authenticinformation just lik

mission monitoringP requiring encrypNM: I would expec

HARTS: The indicays only. Base chaence.

T BOUY MANAGINE (SAFETY on

HART service: I w

SION MONITORINROUTINE’. (No idd consider it unlikedisapprove of utilie. That would oven of AIS.

art bouy Managemar or even commeAtoN are today eqgement. NAVDAT, NBDP


s, Question and P

E I think the ‘broat. The EXCHANG

which would requir

n’t understand whcation is not mentke weather foreca

g I think the typicaption and client auct Priority to be ‘SA

ated information srt ENC data magn

EMENT SERVICEevent)

would expect Prior

NG: I would expecdea of the magnituely to fit much Seaization of AIS/ASMrload the AIS with

ment Service I seercial satellite serv

quipped with 3G o

P…?


Proposals

adcast’ is coveredE of route will type authentication a

hy a broadcast inteioned. ICE charts

asts.

l communication iuthentication AFETY (URGENT

sizes must be updnitudes are larger

E: I would conside

ity to be ‘SAFETY

ct latency to be ‘Dude or frequency).aChart data into AM for a commerciah data transfers irr

e no reason why Wvices are not candor similar for remo

d by the Route ically be a P2P

and encryption.

eraction without s are likely to be

interaction will

T on event)

dates or in my

er Priority to be

Y’

ays’ and priority .

AIS/ASM – and I al sea chart relevant to the

Wi-fi, WiMax, idate carriers. ve


All very good ancomments. Will not change changes will notarchitecture. The list/overviewservice communrequirements nemuch more work

All very good ancomments. Will not change changes will notarchitecture. The list/overviewservice communrequirements nemuch more workVDES not a serv

on review

nd relevant


w of MSP and nication eeds to undergo k during E2.

nd relevant


w of MSP and nication eeds to undergo k during E2. vice.

ce sed

ce sed


155 JKJ

156 JKJ

157 JKJ 158 JKJ 159 JKJ

160 JKJ

161 JKJ



27

Page 28, 13

9.1 2nd para

Figure 15 Page 36,5 P38,36

P39,7

Figure 17

pe orial,

ctural, ulation )

Review

I think figure 1Introduhaul. Ieasily, capabiuse ca Delete

IdenticAlso?Is it thesegregcontainstorageA foresisolatioor manobservIdentic An alteGMDSisolatioas an iwith IC

of 91

wer's Comments

Web services can13/14 seem to inducing a MCC with n the mean time, although not benlities provided by ses.

”

al to figure 18. Is

e primary role? I tgation of controlledn a DMZ area, ande of data made acseeable emergencon of safety criticanually disconnectinved anomaly from al to figure 3. Pro

ernative would be SS network. Althouon, this could be insolated network c

CS Workstations o


s, Question and P

n and will play a sdicate, for several MMS capabilitiesa lot of web serviefitting from the ethe MCC. I think

it needed twice?

thought the role od networks from ud functionality in tccessible by sevecy response proce

al networks – i.e. cng gateways to coaffecting safety c

opose to delete he

to extend the figuugh probably not indicated explicitlyconnecting radio con the process lay


Proposals

ignificant role – mreasons:

s, almanac, etc. wces may be expo

ease of authenticathe ‘web’ is a can

of the 460-gatewayuncontrolled. The hat zone could beral networks? edure might includconsider the effectontrolled networkscritical functions. ere and refer to fig

ure. In this figure I ncluded due to coby adding the GM

comms on the Inster.

much more than

ill be a long sed more

ation and other ndidate for most

y was Gateway may

e related to

de temporary ts of disabling s, to prevent an

gure 3.

lack the omplete MDSS network trument layer


NAVDAT and Nare … They are to be rservices in the MDon’t understanDoes this not unwork and idea bNo change madat next E2 conf.

fixed

It is included twiDeleted. Deleted paragra

Reformulated, hshort term respopart of gateway

Kept the figure t

on review

BDP stay as they

replaced by new MSP. d.

ndermine the whobehind MC ?

e .. to be discusse

ce for readability.

aph.

however I think theonse: isolation is re-configuration.

to ease readability

y

le

ed

e

y.


162 JKJ

163 JKJ 164 JKJ

165 JKJ

166 JKJ

167 JKJ

168 JKJ

169 HP



Figure 18

P45,27 P46,22

P46,39

P49,5

P49,10

11.3

Figure 3 struc

pe orial,

ctural, ulation )

Review

Identic reformInteresreal timRADARIP or oQoS anWould mean yto the p But agit is an networ VDES remain(shore MessaconneccapabiMMS oNOT GBefore Figure Don’t q

ctural The fig

of 91

wer's Comments

al to figure 15. Pr

ulate sting discussion. I me need of the AISR, which results inther protocol. Round a well known lait necessarily? J

you cannot createpublic internet.

reed – the VDES open radio netwo

rk, but it only allow

could be designen a strictly maritim

stations) could beging Service) – wctions via internetlity, based on prio

only allow traffic wGeneral.

and after what?

21

quite understand t

gure 3 might be a


s, Question and P

ropose to delete a

think this chapterS service in order n a requirement fouting via different atency would not ust because IP is

e a maritime radio

network must be ork – a bit like the ws certain data str

d to utilize the IP e professional rade allowed to conn

which in turn would, providing the croority. VDES stationwith priority Routin

this – please expla

"copy-paste" from


Proposals

and refer to figure

r should however to correlate well w

or Point-2-point cocommercial SATCbe useful. chosen as a protnetwork which is

treated as ‘dangeAIS is a door into

ructures to pass…

protocol, but I thindio network. VDESect to the MMS (M

d also be allowed oss network messns should howevee, Safety, Urgenc

ain.

m the declared sou

15 instead.

touch upon the with e.g. ommunication – COM without

ocol, it doesn’t not connected

erous’ because o the IEC 61162

…

nk VDES should S gateways Maritime to accept

saging er just like the cy or Distress –

urce (Rödseth,


Figure 18 deletefigure 15. Fixed. Uncertainty of Vhas been added

Uncertainty of Vhas been added

reformulated

fixed

Added descriptiowork. The figure is not

on review

ed and reference t

VDES role statemed to chapter.

VDES role statemed to chapter.

on of ICS standar

t supposed to

to

ent

ent

rd


170 HP

171 HP



Figure 3 struc

Clause 5.2.2.1 3rd para

struc

pe orial,

ctural, ulation )

Review

ChristeFor maNavigaarrangecharts ECHOthen a additiodocumUse cafor oveUse caroutingchart ause ca

ctural The figthe Effimplemused ashould IMO e-an admMSPs The boclear.See als

ctural The 3rd

living ininstalla Howev

of 91

wer's Comments

ensen & Lee), but any years there haation services. Maement, although tand updates was. I propose that thnew alternative final figure is in "pient).

ase "a)" in the picter 5 years by compase "b)" in the pictg, Ice-breaker assand updates. Thisse "a)".

gure 3 should be cicienSea2. The E

ment infrastructurealso for other purp be distinguished -Navigation includministrative task toare related to Nav

ody text and/or Fig

so picture 2 providd paragraph talks n isolation. I fully ation.

ver the wording giv


s, Question and P

it gives wrong imas been online deany of them are ofthere was a time w available by methhe figure 3 is modgure is added. Thcture 1" (see end

ture 1 has been ppanies such as Future 1 has been pistance, Route ex

s use case has ev

clearer about whaEfficienSea2 has fe for IMO e-Navigaoses than IMO e-clearly from the m

de 16 MSPs. MSPo fill and submit IMvigation. gure 3 should mak

ded in the end of about navigation agree this for the

ves reader wrong


Proposals

pression of the reelivery of many of ff course today bywhen online delivehods established

dified or if that is nhe new key pointsof this review com

rovided ENC charuruno, Transas, Nrovided weather, w

xchange, etc. in adven longer history

t is the scope or ffocus to provide pation. The platfor-Navigation, but sumain focus. P8 (Vessel Shore MO FAL-forms. A

ke the focus of the

this review documand communicatio most of the curre

impression abou

eality onboard. the IMO e-y private ery of ENC by EU-project

not acceptable, s of the new or mment

rt and updates Navtor, etc. weather ddition to ENC of use than the

focus area of latform to

rm might be uch things

Reporting) is ll other IMO

e EfficienSea2

ment on equipment

ent existing

t the real


illustrate reality oa view of how warchitecture intoFurther into the architecture modespecially arounEnd of report sudifferent topologlooking as you hpicture 1 and usEven though usehistory and will pquite some timewell, the purpospropose architecand connected sthat manual tranincluded. Figure 3 is not sscope of E2. It isand discussion, which illustrate tThe objective ofadvice infrastrucnavigation. Thatobjective.

3rd para deleted

on review

onboard, but merewe could organize o a layered model.document, this del is challenged,nd cyber security. uggest a slightly gy, much more have shown on secase a) ecase b) has a loprobably be used

e into the future ase of this project iscture for the on-linship. This means nsport of data is n

supposed to illustrs part of backgrouleading to figure 6

the scope. f E2 is not only to cture for e-t is only part of the

ely

.

ng

s s to ne

ot

rate und 6

e




pe orial,

ctural, ulation )

Review

situatioIMO - aintegraCommStandaneitherrequireslow to AnyhowNavigaNavigamandaFor IMOinteresmake ehand IMvoluntatype apimplem The 3rd

true thalimited strong PerformRadar meansThe resand IN About tcarriagvessel

of 91

wer's Comments

on. as rule setting orgation. IMO publishunication System

ard for Integrated r of these integrateement. We can clo understand bene

w IMO still strongation. One part ofation is to specify aatory integration beO the whole e-Na

sted parties to adoe-Navigation as mMO has a clear ruary instrument, thepproved. Conclus

ment the navigatio

d paragraph is talkat today such devand it is already lopinion about the

mance Standard oand ECDIS functi

s that such combinsult of this would S.

the legal side of uge requirement is c

+ ECDIS and his


s, Question and P

ganization - has behed Performance (IRCS) already inNavigation Systemed solution is partaim both manufacefits and proceedi

ly believes in the f the SIP (Strategyadditional moduleetween communic

avigation is a volunopt. IMO has cleamandatory carriageule that if an IMO Pen, if installed onbsion is that the INSn side of the IMO

king about combinvices exist, but thelooking like that their use. The basicof the INS, one unions is actually coned devices shoulbe that there can

use of "non-INS" cclear: 1 or 2 radarbackup arrangem


Proposals

een pro-active in sStandard for Integ

n 1995 and Perform (INS) in 1998. t of mandatory cacturers and ship ong into this direct

integration as pary Implementation es to the IMO INS cation and navigantary arrangemen

arly stated that thee requirement. OPerformance Stanboard, such instruS is seen to be thee-Navigation.

nation of Radar aneir legal use caseshe class societies c issue is that by rnderstand that a covered by the INSld be type approveexist "only Radar

combined Radar+rs depending of th

ment. A combined

specifying grated Radio rmance However rriage

owners being ion.

rt of IMO e-Plan) of IMO e-to provide

ation. nt available for ere is no plan to n the other ndard exist for a ment must be e instrument to

nd ECDIS. It is s are extremely will have a very

reading IMO combination of . Therefore this ed of being INS. r", "only ECDIS"

ECDIS. IMO he size of the d unit without


on review


172 HP



Clause 5.2.2.2

struc

pe orial,

ctural, ulation )

Review

being abe legarequiretougheapprov The pramanufaINS forin the mavailabprocestightenalreadyRadar+

ctural This clatheir "ArelevanIMO haand NaNavigaObviouoften thhas noBridgeSocietihas pu(BAM).My opiAMC. and thefor bridfor beloBasic i

of 91

wer's Comments

an INS does not fually used only as aement (although reer toward a directioved as INS).

actical reason for acturers have hadr the market. In pmarket before 201ble. But as insidess to type approveing of the followiny foreseen that wi+ECDIS will disapause explain that

Alert, Monitoring ant for the EfficienSas published Perfoavigation instrumeation instruments iusly vessels have hese outside the b

ot implemented sim. Below deck is mes. The AMC is fblished a Perform. nion is that for theMy opinion is thae text within it shodge this is specifieow deck this is spdea of BAM is tha


s, Question and P

ulfill the carriage ran additional deviecently interpretaton that any comb

still today existingd not enough interpractice there were12 and still today vr I know that all m

e their combined ung of the rules by tithin the project timppear as being leg

Classification Soand Control (ACMSea2 project? ormance Standardents. Typical for Ris that they are insa lot of system in

bridge devices aremilar type approvamainly controlled afor below deck pu

mance Standard c

e scope of Efficient the title of 5.2.2.

ould explain that ed by IMO BAM pecified largely indat either all alerts


Proposals

requirement. Thece in addition to ction of the authoriined equipment sh

g combined units rest to provide reae no type approvevery few manufac

major manufactureunits as a consequthe authorities. Tme of the EfficienSgal for SOLAS vescieties go beyond)" system. That is

d only for Radio CRadio Communicastalled in the bridgstalled outside thee called as "belowal regime to belowand polices by therposes. For bridgalled Bridge Alert

nSea2 the issue is2 should be "Aler

dividual Class Socare by individual e

erefore they can carriage ties are getting hall be type

is the fact that al type approved ed INS available cturer has it ers are now in a uence of

Therefore it is Sea2 combined ssels. d IMO rules for s true, but it that

Communication ation and ge of the vessel. e bridge. Very

w deck". IMO w deck than for e Classification ge purpose IMO Management

s BAM and not rt management"

ciety rules equipment only


Text updated to between IMO tyClassification ty

on review

clarify difference pe approval and pe approval.


173 HP

174 HP

175 HP

176 HP



Clause 5.2.3 Figure 4 Figure 5

struc

Clause 5.4

edito

Clause 5.4 Figure 6

struc

Clause struc

pe orial,

ctural, ulation )

Review

or all aConseqfrom beIEC ha61924-Furthein addi(IEC 61propriefor 201

ctural See pic

orial Typo.

ctural For Effwithin Ireplacedetail.Anotheapprovsimilar Last coFigure be trueInmarsnot par(enviroSee Pi

ctural Basic c

of 91

wer's Comments

alert are centralizequence is that maelow deck source

as already specifie-2 INS) r IEC is working otion to standardiz1162-450) explainetary, etc. and the8 publishing. ctures 3 and 4 in t

Change "IEC 621

ficienSea2 "eNaviIMO type approvae current paper ba

er confusion is aroval. They are subj

to the type approonfusing detail is t6 out of type app

e for the future. Ssat, very soon alsort of type approva

onmental rules, escture 5 in the end

component of cyb


s, Question and P

ed - partial implemany vessel have IMs

ed how to impleme

on a new standarded serial line (IECn a converter betw standardized inte

the end of this rev

162-460" as "IEC

gation" is IMO e-Nal. Otherwise e-Nased solution. Th

ound Automation Sject to class socie

oval required for ththe fact that all coroval domain. Thatellite terminal bo Iridium) are partl regime although

specially EMC ruled of this review co

ber security are: au


Proposals

mentation is not acMO BAM which al

ent the Alert comm

d for BAM (IEC 62C 61162-1) and staween historical legerfaces. The stan

view document

61162-460"

Navigation. IMO eavigation solutione figure 6 is not c

System being parety approvals, whihe rest. ommunication devhat is not true todaeing part of GMDSt type approved re it is covered part

es) by IMO resolutmment document

uthentication, inte

cceptable. lso show alerts

munication (IEC

2923), which will andardized LAN

gacy, ndard is planned

e-Navigation is ns cannot legally correct for this

rt of type ch are not

ices are in the ay and will not SS (today

egime - VSAT is tly tion A.694(17). t

egrity and


Agree to the profigures updated.

fixed

E2 is not only eNeNavigation is nbecome mandatWill it then be wapproved doma It should be noteusing the term Tequipment that irules. It will howhighlight that in report. Text updated to between IMO tyClassification tyHave tried to ma

on review

oposed changes, .

Navigation. not planned to tory. ithin the type in?

ed that Class is alType Approved foris fulfilling their

wever be useful to the text of the

clarify difference pe approval and pe approval. ake it more clear

lso r


177 HP

178 HP

179 HP



7.2 Figure 10

Clause 7.4 Figure 11

struc


struc


struc

pe orial,

ctural, ulation )

Review

confideToday Guidelbasic aAnotheIntegritSee Pi

ctural Some BiggesundereSee Pi

ctural Some cshould See Pi

ctural SeveraUse of as a mbut theact shaAlso onfulfill eqapplica

of 91

wer's Comments

entiality. in the second yeaine it is unrealistic

authentication. er detail which is tty check shall be acture 6 in the end

priority classificatst finding is that daestimated cture 7 in the end

classification shou be added. cture 8 in the end

al issues MMS for MSI. Maritime chat. I do

e use of MMS for mall be arranged to ne cannot use a cquipment rule to pable in addition to


s, Question and P

ar of establishing c to assume that a

totally missing in Fadded to every se

d of this review co

ion should be chaata volumes for S

d of this review co

uld be changed a

d of this review co

MMS is not very weo not say that use mandatory items fbe clearly disting

common history lopreserve history loMSI for all servic


Proposals

of the IMO Cyber any new service c

Figure 10 is "integervice. mment document

anged. ea Charts is totall

mment document

nd a column for In

mment document

ell defined. Someof MMS for MSI isfor which user hasuishable for nice t

og with all the otheog of MSI. This coes which have ide

Security could be without

grity". Obviously

t

y

t

nmarsat C

t

e understand it s impossible, s obligation to to know, etc. er MMS chat to omment is entified legal


that integrity is pauthentication.We see the two authentication ..(clients/servers/authentication osupposed to inc MSP tables reviAgree to commemore work on thand the MSP deused there. Howtime, it is not seehave effect on tharchitecture. MSP tables hasthe received inp Disclaimer of nutables added to Same action as

Same action as

on review

part of data

types of one is entities

/users) … anotherof data. The latter lude integrity.

ewed and updateents, we need to dhe MSP use-casesesign. Input will bewever, at this poinen that changes whe proposed

been updated wiput.

umbers in MSP report. HP-9

HP-9

r is is

ed. do s e t in will

th


180 HP

181 HP



Clause 7.7 1st para

struc

Clause 9.3

struc

pe orial,

ctural, ulation )

Review

status Route the Momandasee hoespeciabased unders"monkethe coo

ctural The listheir upcharts)

ctural Basicaalreadybe addadded) IHO haselectetwo wosecuritpublishpublishcyber sAuthensectionPublic Integritmethodis both Confideencryp

of 91

wer's Comments

and end user oblidata. IEC has sta

onalisa-project (avatory to implementow other formats oally as such formaon international s

stand how MMS coey interface" (= a ordinates into his t of data formats mpdates (both curre)

ally the existing coy going on in the ided at the end of e)

as created and maed by IMO to be thorkgroups (S100Wy to be included in

hing. The S-100 mhing to include plasecurity can be suntication: Will use n of dataset(s). RKey ty: Will share PKI d is such that he d authentication ofentiality: This is th

ption (note depend


s, Question and P

igation to act. andardized the Rovailable in IEC 611t for all new ECDI

or methods could ats should go throstandard. Therefoould be used for Rhuman operator rECDIS) miss ISO 8211, went S-57 ENC cha

ontent is good, butnternational stand

existing clause 9.3

aintains the baselhe baseline for all

WG and DPSWG) nto the S-100 bas

metadata will alreaaceholders for digiummarized PKI, digital signateceiver check dig

and digital signatdigital signature isf the source and inhe encryption. S-ding of service the


Proposals

oute Exchange for174 Ed4). This foS equipment. It ispenetrate to the m

ough the type appore it is difficult for Route data unlessread text of MMS

which is used by Earts and future S-1

t it miss one impodardization. This 3 (Below is propos

ine S-100 standarIMO e-Navigationare already drafti

seline most probaady amended for eital signatures. Ba

ture(s) are embedgital signature aga

ure used for authes calculated over tntegrity check of t100 will not requir

e data is either con

rmat used by ormat is s very difficult to

market roval process me to

s the idea is a and then enter

NC charts and 101 ENC

rtant element element could sal for text to be

rd which is n. Within IHO ng cyber bly for 2018 edition 2.1.0 asic concept of

dded in header ainst delivered

entication. The the data. Result he data. re mandatory nfidential or


Added.

Have added theparagraph. The chapter purmention ongoingdetail.

on review

e first suggested

rpose is here to g work, but not in


182 HP

183 HP



Clause 9.3.4

struc

Clause 9.3.4

Stru

pe orial,

ctural, ulation )

Review

intendemethodexampspecifyin use ISO 82Distribudistribumethodcertificaend of long laofferingand unin mari

cture The 2 fwritten equipmwhite v First is2015) aproducpassed Second460-Swcommucard slmemorBased -460 ba

ucture Within Basica

of 91

wer's Comments

ed for public availads and it is a task

ple S-101 for ENCy if encryption is u(Note: similar arra

211, S-102 use HDution of keys. IHOuted Public keys. d used by HTTPSates are checked chain). The pre-dtency times and dg file transfer to ovnder IHO S-63 it htime domain. first paragraphs a that there are 2 s

ment and b) unconview.

sue to note is thaand therefore man

cts available in thed type approval te

d issue is that onewitch(es) and 460unication devices ots, etc. for whichry/device/etc.. on what I said abased system. 9.3.4 there is "su

ally I agree. Mariti


s, Question and P

ability). S-100 wiof the S-100 bas chart, S-102 for Bsed and, if used,

angement as for eDF-5, etc.) O has already in uThis is different a

S (HTTPS use chauntil a Certificate

distributed public dropouts (see 7.6.vercome problemas a successful s

are about "Missionsubcategories: a) ntrolled legacy. I s

t IEC 61162-460 nufacturers have e market. Furtherest in Apr 2016.

e can build -460 c-Gateway(s), if thdo not include op

h user could insert

bove it is already p

b-section" "2) uncime Cloud itself w


Proposals

ll include multiple ed Product SpecifBathymetric chartwhich method of

encoding: for exam

use a PKI method arrangement than ain of trust in whic Authority (CA) is key method is not.2 and SATCOM ps with latency andervice history clos

n critical equipmenvery rare 61162-4strongly disagree

is just recently punot had enough tiI know that first e

compliant network e connected navig

pen UBS-ports, opt an uncontrolled

possible to build a

controlled equipmewill be seen as an "

encryption fication (for s, etc.) to the available is mple S-101 use

based on pre-the certificate h linked found in the

t vulnerable to providers d drop-outs) se to 20 years

nt" in which it is 460 compliant so black and

blished (Aug ime to make equipment has

by just utilizing gation or

pen SD-memory

a type approved

ent" "uncontrolled


Reformulated tois a range from conforming at al

Will use this inpservice design la

on review

o illustrate that thelegacy not ll, to full conformin

ut when we get toater in E2.

ere

ng.

o


184 ESP



Figure 20 Edit

pe orial,

ctural, ulation )

Review

networwithin tFurthecontrolMy firsSimplethe DMexampmethodexamploadingby manyou ca460 is historiealso unNetworThe cubetweeboth arprincipCloud have thincludemethodservicepull meansweside). etc. of securitinside t

orial no connaviga

of 91

wer's Comments

rk". Nice to know the "uncontrolled r I agree with the led Navigation net comment start fr

est method to makMZ of the 460-Gateple M:). This is ved to load ENC cha

ple drive D:), interng a mapped netwony companies althll it", etc. have nota new standard fr

es up to 5-10 yearnnecessary to sperk side.

urrent wording proen Maritime Cloudre possible. For aally different solut(push-method) orheir pros and conse an automatic loads of the Cloud toe(s) which the useethod is that the 4r to any external rIn the push methoevery 460-Gatewy con is that throuthe secure 460-Nnection between tion


s, Question and P

features like the 3part". idea that the Mar

etwork through 46rom "How to use tke files available ineway visible as mry handy as in praarts and updates. nal USB-port (for eork drive in DMZ. hough their "servict yet been type aprom Aug 2015 andrs already). This ecify/recommend

opose 1) manual od and DMZ. Off coautomatic transfertions. Automatic tr by the 460-Gatews. In case of the pading robot who iso find ports, URL aer have requested460-Gateway can request from the uod the Cloud need

way for which he nugh this path also etwork side. automation and n


Proposals

3 bullet points cou

itime Cloud is con0-Gateway. the files inside 460nside the 460-Net

mapped network dractice every ECDI Loading from intexample E:) is no This method is ace boxes", "gatewpproved as -460 (td the services hasmapped network port number, etc.

or 2) automatic traourse at this levelr there exists howetransfer could be way (pull method)pull method the 46s able to use the daddresses, etc. of . The big cyber sbe made stealth (uncontrolled netwod to know port nueed to push data.the cyber attacke

navigation and no

uld stay forever

nnected to a

0-network" twork is to make rive (for IS include a ernal DVD (for

ot different from lso field proven

ways", "what do this because -s operational drive makes at the 460-

ansfer of data l I agree that ever two initiated by the ). Both methods 60-gateway

discovery the available

security pro for (i.e. it do not ork / Internet mber, address . The big cyber er can penetrate

connection to


Changed

on review


185 ESP 186 ESP

187 ESP

188 ESP



Figure 21 EditFigure 22 Stru

Figure 22,23 and 24

Stru

Chapter 11

Gen

pe orial,

ctural, ulation )

Review

orial no conuctural “-450 s

uctural Novel E

-460 ga

neral MCC togatewa

of 91

wer's Comments

nection between secure network” to

E-navigation to beateway

o exist as multipleay


s, Question and P

automation and no be changed to “S

e separate entity o

e instances on-boa


Proposals

navigation Secure Network”

outside navigation

ard … i.e. one in e

n, and with own

each -460


Changed Changed

Changed

Notes on this disadded to report.discussed in theMSP design.

on review

scussion has bee This topic to be

e further work on

n

2016-04-25 - e2 task 2 4 d2 10 - recommended on … · ces specifi architectur on-board ecurity int...

Documents