In this documentary developed by HIMA we will learn about the study of responsibility for the sinking of the Titanic. It was many years after the fatal incident that security specialists revealed important findings. The sinking of the Titanic is one of the most iconic catastrophes in history. Even today, the interest in knowing details of its history does not wane. There are many lessons to be learned from the disastrous fate of the gigantic vessel, known as the safest in the world.
We invite you to view the following video. The importance of robust design is key for safety, the same as it is for security and cybersecurity. Functional safety develops around the study to failures. Industrial cybersecurity develops around the study of incidents. Both ending into the same potential consequences.
In the sinking of the Titanic, the failure originated in the upper management, avoiding investing in safety as they should have done. Senior management is not always aware of this responsibility. Safety & Security starts at the top. If upper management is not aware, it won’t work.
Knowledge has all the answers. Many people wrongly believe that technology alone has all the answers. Sound processes and procedures needs to be established. The same happens in safety, security, and cybersecurity. In industrial cybersecurity I witness since 2006 that there is a competition from many organizations to impose their best practices, regulations, standards. There is a huge inertia into OT coming from IT security wrongly doing. This competition is, wasting valuable resources, delaying adoption of international standards developed by consensus of the global industry, ISA/IEC-62243 series.
The operators don’t know the standards, or they fail to implement them correctly due to lack of appropriate knowledge and experience. I observe that operators are highly influenced and biased to spend instead of really investing in safety & security as they should be doing. Or the organizations does not consider international standards reasonable, too difficult or too expensive, which is false. Is the lack of knowledge and experience what makes the international standards expensive or impossible.
Good security is good business. It is not just the to prevent an incident. If the factory doesn’t run, doesn’t earn money. Catastrophe is not just the lost of life and harm to the environment. It can affect the production capacity of the plant. It affects the culture of the company. Investing in security early in the projects, new projects, saves a substantial amount of investment, extra costs, and risks.
Majority of the global organizations coming from It security into OT, are placing all their efforts to prevent cyber-incidents instead of influencing the design of the systems and the design of the plants to prevent potentials consequences, instead of just incidents.
How Functional Safety Helps Modern Ships
1. Prevents Catastrophic Failures
- Automatically detects unsafe conditions (e.g. excessive engine temperature, overpressure in fuel systems) and triggers automated shutdowns or control actions.
- Reduces risk of explosions, fires, or mechanical failures in critical subsystems.
2. Protects Propulsion and Navigation Systems
- Implements Safety Instrumented Functions (SIFs) to manage propulsion reliability, steering control integrity, and power supply failovers.
- Ensures critical maneuvering components operate within safe tolerances, even under fault conditions.
3. Integrates with Fire Detection and Suppression
- Monitors flammable material leaks, engine room temperatures, or smoke detectors to activate fire suppression or close ventilation dampers automatically.
- Enables preemptive control actions before human intervention is possible.
4. Supports Cyber-Physical Resilience
- Complements industrial cybersecurity by ensuring that malicious or erroneous commands (e.g. falsified sensor signals) don’t propagate unsafe conditions.
- Ensures that even in the event of cyber disruption, critical shutdown pathways remain available and fail-safe.
5. Complies with Maritime Safety Standards
- Aligns with standards like IEC 61508, IEC 62061, and emerging applications of IEC 61511 in marine-specific contexts.
- Supports classification and approval processes by bodies like DNV, ABS, or Lloyd’s Register.
6. Improves Lifecycle Risk Management
- Applied during the design, commissioning, and maintenance phases of onboard safety systems—like ballast control, fuel handling, or cargo management.
- Helps shipbuilders and operators meet SIL (Safety Integrity Level) requirements for fail-safe functionality.
Use Case Examples
| System | Functional Safety Role |
|---|---|
| Engine cooling system | Triggers trip if flow or temp exceeds safe limits |
| Emergency generators | Auto-start during grid loss or main engine failure |
| Steering control unit | Redundancy logic ensures course stability |
| Fire doors / ventilation | Auto-close on fire alarm to contain risk |
| Fuel transfer pumps | Shut off when overfill or vapor leak is detected |
Functional safety makes ships not just smarter but safer—especially as digital integration brings new complexity. If you’re mapping these principles to a real vessel or retrofitting systems, I can help design SIL-compliant safety logic or validate it against maritime safety standards.
How ISA/IEC-62443 Can Help Secure Modern Ships
1. Defense-in-Depth Architecture
- Apply Zone and Conduit segmentation to isolate bridge systems, propulsion, navigation, and cargo automation.
- Prevents threats from moving laterally if one subsystem is compromised.
2. Cyber Risk Assessment (62443-3-2)
- Identify and prioritize cybersecurity threats to critical systems (e.g., GPS spoofing, ECDIS manipulation, engine shutdown).
- Guides allocation of Security Levels (SL1–SL4) to onboard assets based on risk tolerance.
3. Component Hardening (62443-4-2)
- Ensures marine PLCs, HMIs, VDRs, and satellite modems include:
- Role-based access control (RBAC)
- Secure boot and signed firmware
- Audit logging and anomaly alerts
4. Secure Development Practices (62443-4-1)
- Helps OEMs build shipboard systems with cybersecurity-by-design.
- Reduces embedded flaws in navigation or control software before they sail.
5. Lifecycle Protection (62443-2-1)
- Promotes policies for secure configuration, patch management, and staff training.
- Covers ship-to-shore comms, crew bring-your-own-device (BYOD) management, and remote diagnostics.
6. Remote Access Safeguards (62443-2-3)
- Controls and encrypts vendor remote sessions (e.g., engine diagnostics via satellite).
- Logs all third-party activity and applies session isolation and MFA.
Use Case Example: Engine Control Isolation
| System | Zone | Security Measure |
|---|---|---|
| Engine Control Unit | Critical Zone | Authenticated access, anomaly detection |
| Navigation Sensors | Trusted Zone | Read-only data into bridge systems |
| Entertainment Network | Untrusted | Fully segmented, no access to OT systems |
The result? A more resilient, traceable, and fail-safe vessel, capable of withstanding both targeted cyberattacks and software supply chain incidents (like those affecting Johnson Controls or CrowdStrike).
Get Involved & Participate!
Comments