IEC 61162-460:2018/AMD1:2020
(Amendment)Amendment 1 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
Amendment 1 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
Amendement 1 - Matériels et systèmes de navigation et de radiocommunication maritimes - Interfaces numériques - Partie 460: Émetteurs multiples et récepteurs multiples - Interconnexion Ethernet - Sûreté et sécurité
General Information
- Status
- Published
- Publication Date
- 19-Jan-2020
- Technical Committee
- TC 80 - Maritime navigation and radiocommunication equipment and systems
- Drafting Committee
- WG 6 - TC 80/WG 6
- Current Stage
- DELPUB - Deleted Publication
- Start Date
- 04-Apr-2024
- Completion Date
- 26-Oct-2025
Relations
- Effective Date
- 05-Sep-2023
- Effective Date
- 05-Sep-2023
Overview
IEC 61162-460:2018/AMD1:2020 is an important amendment to the international standard governing maritime navigation and radiocommunication equipment and systems. The standard specifically focuses on Part 460, which addresses digital interfaces that enable multiple talkers and multiple listeners to securely interconnect via Ethernet. This amendment emphasizes enhancements in safety and security, reflecting advancements in network firewall testing, alert management, and external security requirements for maritime digital communications.
Developed by IEC Technical Committee 80, this amendment clarifies external security protocols, updates bridge alert management requirements, and introduces improved methods to test firewalls for maritime networks. It ensures that maritime Ethernet interconnections are robust against unauthorized access and cyber threats, contributing to safer and more secure navigation and communication at sea.
Key Topics
Security Gateway Enhancements
All traffic from uncontrolled networks must pass through a 460-Gateway, which includes firewall protection and supports functions such as direct communication and demilitarized zone (DMZ) management for application servers and file storage. The amendment updates firewall rules for both external and internal interfaces, enforcing strict whitelisting and traffic block policies to minimize attack vectors.Firewalls and Network Access Control
- External firewalls block all traffic unless pre-registered and only allow communication destined to devices in the DMZ.
- Internal firewalls regulate traffic between the controlled 460-Network and DMZ, preventing unauthorized data flow.
- Firewall configurations specify source/destination IPs, protocols, and ports, in line with industry best practices for network security.
Alert Management Compliance
Updates bridge alert management (BAM) protocols to conform with IEC 62923-1 and IEC 62923-2, ensuring consistent handling of alerts related to network security. Remote acknowledgment of alerts is limited to Category B, improving operator response workflows.Firewall Testing Procedures
The amendment provides clear methodologies for firewall testing, including use of network scanning tools like Nmap for comprehensive TCP and UDP port scanning across various network zones (460-Network, DMZ, and uncontrolled networks). This ensures that firewalls effectively block unauthorized packets.Updated Normative References
New references replace older standards to maintain alignment with current maritime navigation and radiocommunication requirements:- IEC 62923-1 and IEC 62923-2 for bridge alert management
- Removal of older normative references to IEC 61924-2:2012 and IEC 62288:2014
Applications
Maritime Navigation Systems
Ensuring that multiple communication devices on board ships interconnect over Ethernet with rigorous security controls, preventing unauthorized access and communication conflicts.Shipboard Radiocommunication Equipment
Protecting radios and digital communication hardware from cyber threats originating from uncontrolled networks, such as unsecured onboard Wi-Fi or satellite links.Bridge Alert Management (BAM) Systems
Improving situational awareness on the bridge by integrating alerts from network components compliant with BAM standards, allowing for timely and structured response to potential security incidents.Network Security Testing for Vessels
Maritime operators and system integrators can use the specified firewall testing methods to validate the security robustness of their Ethernet interconnections, ensuring compliance with international standards before deployment.Maritime Cybersecurity Compliance
Assisting shipbuilders, equipment manufacturers, and flag states to meet industry cybersecurity regulations and best practices, thus enhancing overall safety at sea.
Related Standards
IEC 62923-1 & IEC 62923-2 – Bridge alert management standards that define operational, performance, and communication requirements for alert systems onboard ships.
IEC 61924-2:2012 – Previously referenced standard for integrated navigation systems modular structures, now superseded in this context.
IEC 62288:2014 – Guidance on presentation of navigation-related information on shipborne displays, replaced here by updated alert management standards.
IEC 61162 Series – The broader set of standards covering digital interfaces for marine navigation and radiocommunication equipment, providing foundational protocols for equipment interoperability.
By implementing the amendments in IEC 61162-460:2018/AMD1:2020, maritime stakeholders can significantly improve the security posture of Ethernet-based communication networks on ships. This fosters safer navigation environments, reduces cyber risks, and ensures consistent compliance with evolving maritime technology standards.
IEC 61162-460:2018/AMD1:2020 - Amendment 1 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
Frequently Asked Questions
IEC 61162-460:2018/AMD1:2020 is a standard published by the International Electrotechnical Commission (IEC). Its full title is "Amendment 1 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security". This standard covers: Amendment 1 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
Amendment 1 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
IEC 61162-460:2018/AMD1:2020 is classified under the following ICS (International Classification for Standards) categories: 47.020.70 - Navigation and control equipment. The ICS classification helps identify the subject area and facilitates finding related standards.
IEC 61162-460:2018/AMD1:2020 has the following relationships with other standards: It is inter standard links to IEC 61162-460:2018, IEC 61162-460:2024. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
IEC 61162-460:2018/AMD1:2020 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
IEC 61162-460 ®
Edition 2.0 2020-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
A MENDMENT 1
AM ENDEMENT 1
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
IEC 61162-460:2018-05/AMD1:2020-01(en-fr)
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and definitions clause of
IEC publications issued between 2002 and 2015. Some
IEC Customer Service Centre - webstore.iec.ch/csc entries have been collected from earlier publications of IEC
If you wish to give us your feedback on this publication or TC 37, 77, 86 and CISPR.
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.
IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues entre 2002 et 2015. Plus certaines
entrées antérieures extraites des publications des CE 37, 77,
Service Clients - webstore.iec.ch/csc 86 et CISPR de l'IEC.
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 61162-460 ®
Edition 2.0 2020-01
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
A MENDMENT 1
AM ENDEMENT 1
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 47.020.70 ISBN 978-2-8322-7764-5
– 2 – IEC 61162-460:2018/AMD1:2020
© IEC 2020
FOREWORD
This amendment has been prepared by IEC technical committee 80: Maritime navigation and
radiocommunication equipment and systems.
The text of this amendment is based on the following documents:
FDIS Report on voting
80/943/FDIS 80/951/RVD
Full information on the voting for the approval of this amendment can be found in the report
on voting indicated in the above table.
The committee has decided that the contents of this amendment and the base publication will
remain unchanged until the stability date indicated on the IEC website under
"http://webstore.iec.ch" in the data related to the specific publication. At this date, the
publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
_____________
Introduction to the Amendment
This amendment provides greater clarity to the external security requirements in 6.3, updates
the alert management in 8.2.7 and associated tests in 10.11.6 to comply with bridge alert
management and provides an improved test of firewalls in 10.8.4.
_____________
2 Normative references
Delete the following existing normative references:
IEC 61924-2:2012, Maritime navigation and radiocommunication equipment and systems –
Integrated navigation systems – Part 2: Modular structure for INS – Operational and
performance requirements, methods of testing and required test results
IEC 62288:2014, Maritime navigation and radiocommunication equipment and systems –
Presentation of navigation-related information on shipborne navigational displays – General
requirements, methods of testing and required test results
© IEC 2020
Add the following new normative references:
IEC 62923-1, Maritime navigation and radiocommunication equipment and systems – Bridge
alert management – Part 1: Operational and performance requirements, methods of testing
and required test results
IEC 62923-2, Maritime navigation and radiocommunication equipment and systems – Bridge
alert management – Part 2: Alert and cluster identifiers and other additional features
6.3.1 Overview
Replace the existing first and second paragraphs with the following new text:
All traffic from uncontrolled networks is passed or processed through a 460-Gateway or 460-
Wireless gateway. A 460-Gateway consists of firewall(s) (see 6.3.2) and may include support
for one or any combination of the following functions:
• direct communication (see 6.3.3);
• DMZ with application servers (see 6.3.5.2);
• DMZ with interoperable access to file storage (see 6.3.5.3).
Firewall(s) provide network-access security for the uncontrolled network and the 460-Network.
Firewalls for external and internal interfaces may be provided by the same application.
The 460-Gateway components may be implemented in one device or in different devices.
Figure 2 shows an example of a 460-Network with a 460-Gateway.
6.3.2.1 External firewall
Replace the existing paragraph with the following new paragraph:
An external firewall blocks all traffic unless it is registered (i.e. whitelisted) and destined only
to equipment in the DMZ. This means that, in principle, all direct communication to or from a
460-Network is not allowed.
6.3.2.2 Internal firewall
Replace the existing paragraph with the following new paragraph:
An internal firewall blocks all traffic unless it is either destined to equipment in a 460-Network
and it originates from equipment in the DMZ or it is destined to equipment in the DMZ and it
originates from equipment in a 460-Network. All traffic passing through the internal firewall is
registered (i.e. whitelisted) in advance.
6.3.5.1 Firewall
Replace the existing title with the following new title:
6.3.5.1 General
Replace the existing second and third bullets with the following new bullets:
• firewall(s) shall be provided which are configured with the combination of source and
destination IP address, protocol and destination port number (see 6.3.2);
• all connections between uncontrolled networks and a 460-Network shall be registered (i.e.
all network traffic that does not match a set firewall rule shall be blocked by the firewall);
– 4 – IEC 61162-460:2018/AMD1:2020
© IEC 2020
6.3.5.2 Application server
Replace the existing second paragraph with the following new paragraph:
If provided, the application server shall provide an application level authentication
mechanism, such as password, smartcard, digital signature, dongle, etc., of clients from
uncontrolled networks.
8.2.7.1 Alerts and indication
Replace, in the existing first paragraph, the existing reference "IEC 62288" with
"IEC 62923-1".
Table 2 – Summary of alert of network monitoring
Replace the existing title of the second column "Cause" with "Purpose".
Replace, in the last column, the existing unique identifiers at alert source corresponding to the
alerts listed below with the following new identifiers:
Direct connection to uncontrolled network as a caution (see 6.3.4) 3159
Direct connection to uncontrolled network as a warning (see 6.3.4) 3158
Connected to uncontrolled network (see 6.3.5.1) 3163
Network traffic capacity may be exceeded (see 8.2.2) 3166
Network traffic capacity exceeded (see 8.2.2) 3168
Network redundancy lost for xxxx (see 8.2.3) 3173
8.2.7.2 Alert management interface
Replace the existing second paragraph with the following new paragraph:
The alert management interface, if provided, shall be compliant with the sentences of Annex E
and comply with the communication requirements of IEC 62923-1 and IEC 62923-2. In the
BAM concept, the network components act as alert sources.
8.2.7.4 Remote acknowledgement and silencing of alerts
Replace the existing first paragraph with the following new paragraph:
Remote acknowledgement shall only be possible for category B alerts.
10.8.4 Firewall
Replace the existing second paragraph with the following new paragraph:
Set an EUT in accordance with the manufacturer’s instructions between a 460-Network and
an uncontrolled network. Using a network scanner with port scan function, set it to scan the
entire address range for the 460-Network, DMZ and uncontrolled network. Use packet capture
software running in promiscuous mode and confirm by analytical evaluation that packets do
not pass through the EUT from the uncontrolled network to the 460-Network and vice-versa as
follows:
• port scan UDP and TCP test for all ports 1-65535 to the internal address range of the
460-Network;
• if DMZ is provided, port scan UDP and TCP test for all ports 1-65535 to the address range
of the DMZ;
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...