IEC 61162-460:2018
(Main)Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
IEC 61162-460:2018 is an add-on to IEC 61162-450 where higher safety and security standards are needed, for example due to higher exposure to external threats or to improve network integrity. This document provides requirements and test methods for equipment to be used in an IEC 61162-460 compliant network as well as requirements for the network itself and requirements for interconnection from the network to other networks. This document also contains requirements for a redundant IEC 61162-460 compliant network.
This document does not introduce new application level protocol requirements to those that are defined in IEC 61162-450.
This second edition of IEC 61162-460 cancels and replaces the first edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) 460-Switches and 460-Forwarders are required to implement IGMP snooping;
b) connection between secure and non-secure areas requires a 460-Forwarder as an isolation element;
c) SFI collision detection added as function of network monitoring;
d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network monitoring;
e) all alerts from network monitoring have standardized alert identifiers.
Matériels et systèmes de navigation et de radiocommunication maritimes - Interfaces numériques - Partie 460: Émetteurs multiples et récepteurs multiples - Interconnexion Ethernet - Sûreté et sécurité
L'IEC 61162-460:2018 vient s'ajouter à la norme IEC 61162-450 lorsque des normes plus rigoureuses en matière de sûreté et de sécurité sont nécessaires, par exemple en raison d'une exposition plus importante aux menaces externes ou afin de renforcer l'intégrité du réseau. Le présent document spécifie des exigences et des méthodes d'essai pour les matériels à utiliser dans un réseau conforme à l'IEC 61162-460 ainsi que des exigences relatives au réseau proprement dit et des exigences relatives à l'interconnexion du réseau avec d'autres réseaux. Le présent document comprend également des exigences s'appliquant aux réseaux redondants conformes à l'IEC 61162-460. Le présent document n'introduit pas de nouvelles exigences relatives aux protocoles des niveaux d'application par rapport à celles définies dans l'IEC 61162-450. Cette deuxième édition de l'IEC 61162-460 annule et remplace la première édition parue en 2015. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente:
a) les commutateurs-460 et les redirecteurs-460 sont exigés pour la mise en œuvre de la surveillance du trafic des protocoles Internet de gestion de groupe (IGMP – Internet group management protocol);
b) le raccordement entre des zones protégées et des zones non protégées exige un redirecteur-460 en tant qu'élément isolant;
c) ajout de la détection de collision par ID de fonction du système (SFI – system function ID) comme fonction de surveillance du réseau;
d) la consignation de la passerelle-460 et de la passerelle sans fil-460 à la surveillance du réseau n'est plus exigée;
e) toutes les alertes issues de la surveillance du réseau ont des identificateurs d'alerte normalisés.
General Information
- Status
- Published
- Publication Date
- 19-Jan-2020
- Technical Committee
- TC 80 - Maritime navigation and radiocommunication equipment and systems
- Drafting Committee
- WG 6 - TC 80/WG 6
- Current Stage
- DELPUB - Deleted Publication
- Start Date
- 04-Apr-2024
- Completion Date
- 31-Jan-2022
Relations
- Effective Date
- 05-Sep-2023
- Effective Date
- 05-Sep-2023
- Effective Date
- 05-Sep-2023
Overview
IEC 61162-460:2018 is an international standard that extends IEC 61162-450 to address higher safety and security needs for maritime Ethernet interconnections supporting multiple talkers and multiple listeners. This 2018 (Edition 2.0) technical revision specifies requirements and test methods for equipment, network design, interconnection to other networks, and redundant network configurations. It does not change application-level protocols already defined in IEC 61162-450.
Key SEO keywords: IEC 61162-460, maritime navigation, Ethernet interconnection, multiple talkers multiple listeners, safety and security, IEC 61162-450, maritime network monitoring.
Key topics and technical requirements
- Scope and purpose
- Add-on to IEC 61162-450 for environments with higher exposure to external threats or where improved network integrity is required.
- Defines requirements for both devices and the network (including interconnections and redundancy).
- Network components (logical & physical)
- Definitions and requirements for 450-Nodes and 460-specific components: 460-Node, 460-Switch, 460-Forwarder, 460-Gateway, 460-Wireless gateway.
- Traffic management
- Resource allocation, loop prevention, traffic prioritization and separation to maintain deterministic behavior in maritime data distribution.
- Security
- Internal and external security requirements, firewall and access-control guidance, communication security for gateways and wireless access, and controls for connections between secure and non-secure areas.
- Redundancy
- Requirements for interface and device redundancy, and for redundant IEC 61162-460 network topologies to improve availability.
- Network monitoring
- Network status, load, topology and redundancy monitoring functions; standardized alert identifiers; syslog recording and alert management.
- Testing and conformity
- Detailed test methods and required results for devices, switches, forwarders, gateways and the controlled network, enabling verification of compliance.
Notable technical changes in Edition 2 (2018):
- IGMP snooping required for 460-Switches and 460-Forwarders.
- 460-Forwarder mandatory as isolation between secure and non-secure areas.
- SFI collision detection added to network monitoring.
- 460-Gateway and 460-Wireless gateway no longer required to report to network monitoring.
- Standardized alert identifiers for all network monitoring alerts.
Practical applications and who uses it
- Shipbuilders, maritime equipment manufacturers and system integrators implementing Ethernet-based bridge and bridge-adjacent networks.
- Marine electronics vendors producing 460-compliant switches, forwarders, gateways and wireless gateways.
- Naval architects, classification societies and ship operators specifying network safety, redundancy and cybersecurity controls.
- Maritime cybersecurity and IT teams responsible for secure interconnection between shipboard networks and external systems.
Related standards
- IEC 61162-450 (base standard for Ethernet multiple talkers/listeners) - IEC 61162-460 is a safety/security add-on and does not replace application-level protocol requirements in 61162-450.
IEC 61162-460:2018 RLV - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security Released:5/7/2018 Isbn:9782832256862
IEC 61162-460:2018 - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security
IEC 61162-460:2018+AMD1:2020 CSV - Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security Released:1/20/2020 Isbn:9782832277706
Frequently Asked Questions
IEC 61162-460:2018 is a standard published by the International Electrotechnical Commission (IEC). Its full title is "Maritime navigation and radiocommunication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners - Ethernet interconnection - Safety and security". This standard covers: IEC 61162-460:2018 is an add-on to IEC 61162-450 where higher safety and security standards are needed, for example due to higher exposure to external threats or to improve network integrity. This document provides requirements and test methods for equipment to be used in an IEC 61162-460 compliant network as well as requirements for the network itself and requirements for interconnection from the network to other networks. This document also contains requirements for a redundant IEC 61162-460 compliant network. This document does not introduce new application level protocol requirements to those that are defined in IEC 61162-450. This second edition of IEC 61162-460 cancels and replaces the first edition published in 2015. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) 460-Switches and 460-Forwarders are required to implement IGMP snooping; b) connection between secure and non-secure areas requires a 460-Forwarder as an isolation element; c) SFI collision detection added as function of network monitoring; d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network monitoring; e) all alerts from network monitoring have standardized alert identifiers.
IEC 61162-460:2018 is an add-on to IEC 61162-450 where higher safety and security standards are needed, for example due to higher exposure to external threats or to improve network integrity. This document provides requirements and test methods for equipment to be used in an IEC 61162-460 compliant network as well as requirements for the network itself and requirements for interconnection from the network to other networks. This document also contains requirements for a redundant IEC 61162-460 compliant network. This document does not introduce new application level protocol requirements to those that are defined in IEC 61162-450. This second edition of IEC 61162-460 cancels and replaces the first edition published in 2015. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) 460-Switches and 460-Forwarders are required to implement IGMP snooping; b) connection between secure and non-secure areas requires a 460-Forwarder as an isolation element; c) SFI collision detection added as function of network monitoring; d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network monitoring; e) all alerts from network monitoring have standardized alert identifiers.
IEC 61162-460:2018 is classified under the following ICS (International Classification for Standards) categories: 47.020.70 - Navigation and control equipment. The ICS classification helps identify the subject area and facilitates finding related standards.
IEC 61162-460:2018 has the following relationships with other standards: It is inter standard links to IEC 61162-460:2018/AMD1:2020, IEC 61162-460:2024, IEC 61162-460:2015. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
You can purchase IEC 61162-460:2018 directly from iTeh Standards. The document is available in PDF format and is delivered instantly after payment. Add the standard to your cart and complete the secure checkout process. iTeh Standards is an authorized distributor of IEC standards.
Standards Content (Sample)
IEC 61162-460 ®
Edition 2.0 2018-05
REDLINE VERSION
INTERNATIONAL
STANDARD
colour
inside
Maritime navigation and radiocommunication equipment and systems –
Digital interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
he technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
T
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
IEC 61162-460 ®
Edition 2.0 2018-05
REDLINE VERSION
INTERNATIONAL
STANDARD
colour
inside
Maritime navigation and radiocommunication equipment and systems –
Digital interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
ICS 47.020.70 ISBN 978-2-8322-5686-2
– 2 – IEC 61162-460:2018 RLV © IEC 2018
CONTENTS
FOREWORD . 6
1 Scope . 8
2 Normative references . 8
3 Terms and definitions . 9
4 High-level requirements . 15
4.1 Overview. 15
4.2 Description . 15
4.3 General requirements . 16
4.3.1 Equipment and system requirements . 16
4.3.2 Physical composition requirements . 16
4.3.3 Logical composition requirements . 17
4.4 Physical component requirements . 17
4.4.1 450-Node. 17
4.4.2 460-Node. 17
4.4.3 460-Switch . 18
4.4.4 460-Forwarder . 18
4.4.5 460-Gateway and 460-Wireless gateway . 18
4.5 Logical component requirements . 18
4.5.1 Network monitoring function . 18
4.5.2 System management function . 19
4.6 System documentation requirements . 19
4.7 Secure area requirements . 19
5 Network traffic management requirements . 19
5.1 460-Node requirements. 19
5.2 460-Switch requirements. 20
5.2.1 Resource allocation . 20
5.2.2 Loop prevention . 20
5.3 460-Forwarder requirements . 21
5.3.1 Traffic separation . 21
5.3.2 Resource allocation . 21
5.3.3 Traffic prioritization . 21
5.4 System design requirements . 22
5.4.1 Documentation . 22
5.4.2 Traffic . 23
5.4.3 Connections between secure and non-secure areas . 23
6 Security requirements . 23
6.1 Security scenarios . 23
6.1.1 Threat scenarios . 23
6.1.2 Internal threats . 23
6.1.3 External threats . 23
6.2 Internal security requirements . 24
6.2.1 General . 24
6.2.2 Denial of service protection . 24
6.2.3 REDS security . 24
6.2.4 Access control . 25
6.3 External security requirements . 26
6.3.1 Overview . 26
6.3.2 Firewalls . 26
6.3.3 Direct communication . 27
Communication security .
6.3.4 460-Node. 27
6.3.5 460-Gateway . 28
6.3.6 460-Wireless gateway. 29
6.4 Additional security issues . 29
7 Redundancy requirements . 29
7.1 General requirements . 29
7.1.1 General . 30
7.1.2 Interface redundancy . 30
7.1.3 Device redundancy . 31
7.2 460-Node requirements. 31
7.3 460-Switch requirements. 31
7.4 460-Forwarder requirements . 31
7.5 460-Gateway and 460-Wireless gateway requirements . 31
7.6 Network monitoring function requirements . 31
7.7 System design requirements . 31
8 Network monitoring requirements . 32
8.1 Network status monitoring . 32
8.1.1 460-Network . 32
8.1.2 460-Node. 32
8.1.3 460-Switch . 32
8.1.4 460-Forwarder . 32
460-Gateway and 460-Wireless gateway .
8.2 Network monitoring function . 33
8.2.1 General . 33
8.2.2 Network load monitoring function . 34
8.2.3 Redundancy monitoring function . 34
8.2.4 Network topology monitoring function . 35
8.2.5 Syslog recording function . 36
8.2.6 Redundancy of network monitoring function . 36
8.2.7 Alert management . 37
9 Controlled network requirements . 38
10 Methods of testing and required test results . 38
10.1 Subject of tests . 38
10.2 Test site . 38
10.3 General requirements . 39
10.4 450-Node . 39
10.5 460-Node . 40
10.5.1 Network traffic management . 40
10.5.2 Security . 40
10.5.3 Redundancy . 42
10.5.4 Monitoring . 42
10.6 460-Switch . 43
10.6.1 Resource allocation . 43
10.6.2 Loop prevention . 43
– 4 – IEC 61162-460:2018 RLV © IEC 2018
10.6.3 Security . 44
10.6.4 Monitoring . 45
10.7 460-Forwarder . 45
10.7.1 Traffic separation . 45
10.7.2 Resource allocation . 46
10.7.3 Traffic prioritisation . 46
10.7.4 Security . 46
10.7.5 Monitoring . 47
10.8 460-Gateway . 48
10.8.1 Denial of service behaviour. 48
10.8.2 Access control to configuration setup. 48
10.8.3 Communication security . 49
10.8.4 Firewall . 49
10.8.5 Application server . 50
10.8.6 Interoperable access to file storage of DMZ . 50
10.8.7 Additional security . 50
Monitoring .
10.9 460-Wireless gateway . 51
10.9.1 General . 51
10.9.2 Security . 51
Monitoring .
10.10 Controlled network . 52
10.11 Network monitoring function . 52
10.11.1 General . 52
10.11.2 Network load monitoring function . 53
10.11.3 Redundancy monitoring function . 53
10.11.4 Network topology monitoring function . 53
10.11.5 Syslog recording function . 54
10.11.6 Alert management . 54
10.12 System level . 55
10.12.1 General . 55
10.12.2 System management function . 56
10.12.3 System design . 56
10.12.4 Network monitoring function . 58
10.12.5 Network load monitoring function . 58
10.12.6 Redundancy monitoring function . 58
10.12.7 Network topology monitoring function . 59
Annex A (informative) Communication scenarios between an IEC 61162-460 network
and uncontrolled networks . 60
A.1 General . 60
A.2 Routine off-ship . 60
A.3 Routine on-ship. 61
A.4 460-Gateway usage for direct connection with equipment . 61
Annex B (informative) Summary of redundancy protocols in IEC 62439 (all parts) . 62
B.1 Summary of redundancy protocols .
B.2 RSTP recovery time .
Annex C (informative) Guidance for testing . 64
C.1 Methods of test . 64
C.2 Observation . 64
C.3 Inspection of documented evidence . 64
C.4 Measurement . 64
C.5 Analytical evaluation . 65
Annex D (informative) Some examples to use this document . 66
Annex E (normative) IEC 61162 interfaces for the network monitoring function . 70
Annex F (informative) Distribution of functions around 460-Network . 71
Bibliography . 73
Figure 1 – Functional overview of IEC 61162-460 requirement applications . 16
Figure 2 – 460-Network with 460-Gateway . 26
Figure 3 –Example of redundancy . 30
Figure 4 – Example of network status recording information . 34
Figure A.1 – Usage model for communication between a IEC 61162-450 61162-460
network and shore networks . 60
Figure D.1 – 460-Forwarder used between two networks . 66
Figure D.2 – 460-Forwarder used between two networks . 66
Figure D.3 – 460-Gateway used for e-Navigation services . 67
Figure D.4 – 460-Gateway used for remote maintenance . 67
Figure D.5 – 460-Forwarder used to separate an INS system based on its own
controlled network from a network of -460 devices . 68
Figure D.6 – 460-Forwarder used to separate a radar system based on its own
controlled network from a network of -460 devices . 69
Figure E.1 – Network monitoring function logical interfaces . 70
Table 1 – Traffic prioritization with CoS and DSCP . 22
Table 2 – Summary of alert of network monitoring . 37
Table B.1 – Redundancy protocols and recovery times . 62
Table E.1 – Sentences received by the network monitoring function . 70
Table E.2 – Sentences transmitted by the network monitoring function . 70
Table F.1 – Distribution of functions around 460-Network . 71
Table F.2 – Equipment standards referencing IEC 61162-460 . 72
– 6 – IEC 61162-460:2018 RLV © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 460: Multiple talkers and multiple listeners –
Ethernet interconnection – Safety and security
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
This redline version of the official IEC Standard allows the user to identify the changes
made to the previous edition. A vertical bar appears in the margin wherever a change
has been made. Additions are in green text, deletions are in strikethrough red text.
International Standard IEC 61162-460 has been prepared by IEC technical committee 80:
Maritime navigation and radiocommunication equipment and systems.
This second edition of IEC 61162-460 cancels and replaces the first edition published in 2015.
This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) 460-Switches and 460-Forwarders are required to implement IGMP snooping;
b) connection between secure and non-secure areas requires a 460-Forwarder as an
isolation element;
c) SFI collision detection added as function of network monitoring;
d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network
monitoring;
e) all alerts from network monitoring have standardized alert identifiers.
The text of this International Standard is based on the following documents:
FDIS Report on voting
80/879/FDIS 80/884/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
This International Standard is to be used in conjunction with IEC 61162-450:2018.
A list of all parts in the IEC 61162 series, published under the general title Maritime
navigation and radiocommunication equipment and systems – Digital interfaces, can be found
on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 8 – IEC 61162-460:2018 RLV © IEC 2018
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 460: Multiple talkers and multiple listeners –
Ethernet interconnection – Safety and security
1 Scope
This part of IEC 61162 is an add-on to IEC 61162-450 where higher safety and security
standards are needed, for example due to higher exposure to external threats or to improve
network integrity. This document provides requirements and test methods for equipment to be
used in an IEC 61162-460 compliant network as well as requirements for the network itself
and requirements for interconnection from the network to other networks. This document also
contains requirements for a redundant IEC 61162-460 compliant network.
This standard extends the informative guidance given in Annex D of IEC 61162-450:2011.
This document does not introduce new application level protocol requirements to those that
are defined in IEC 61162-450.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60945, Maritime navigation and radiocommunication equipment and systems – General
requirements – Methods of testing and required test results
IEC 61162-450:2011 2018, Maritime navigation and radiocommunication equipment and
systems – Digital interfaces – Part 450: Multiple talkers and multiple listeners – Ethernet
interconnection
IEC 61924-2:2012, Maritime navigation and radiocommunication equipment and systems –
Integrated navigation systems – Part 2: Modular structure for INS – Operational and
performance requirements, methods of testing and required test results
IEC 62288:2014, Maritime navigation and radiocommunication equipment and systems –
Presentation of navigation-related information on shipborne navigational displays – General
requirements, methods of testing and required test results
IEEE 802.1D-2004, IEEE Standard for Local and metropolitan area networks: Media Access
Control (MAC) Bridges
IEEE 802.1Q-2005, IEEE Standard for Local and metropolitan area networks: Virtual Bridged
Local Area Networks
INTERNET SOCIETY (ISOC). RFC 792, Internet Control Message Protocol (ICMP), Standard
STD0005 (and updates) [online]. Edited by J. Postel. September 1981 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc792
INTERNET SOCIETY (ISOC). RFC 1112, Host Extensions for IP Multicasting [online]. Edited
by S. Deering. August 1989 [viewed 2018-01-08].
Available at https://www.ietf.org/rfc/rfc1112.txt
INTERNET SOCIETY (ISOC). RFC 1157, A Simple Network Management Protocol (SNMP)
[online]. Edited by J. Case et al. May 1990 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc1157
INTERNET SOCIETY (ISOC). RFC 2021, Remote Network Monitoring Management
Information Base [online]. Edited by S. Waldbusser. January 1997 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc2021
INTERNET SOCIETY (ISOC). RFC 2236, Internet Group Management Protocol, Version 2
[online]. Edited by W. Fenner. November 1997 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc2236
INTERNET SOCIETY (ISOC). RFC 2819, Remote Network Monitoring Management
Information Base [online]. Edited by S. Waldbusser. May 2000 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc2819
INTERNET SOCIETY (ISOC). RFC 3411, An Architecture for Describing Simple Network
Management Protocol (SNMP) Management Frameworks [online]. Edited by D. Harrington.
December 2002 [viewed 2018-01-08].
Available at https://www.ietf.org/rfc/rfc3411.txt
INTERNET SOCIETY (ISOC). RFC 3577, Introduction to the RMON family of MIB modules
[online]. Edited by S. Waldbusser. August 2003 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc3577
INTERNET SOCIETY (ISOC). RFC 4604, Using Internet Group Management Protocol Version
3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific
Multicast [online]. Edited by H. Holbrook et al. August 2006 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc4604
INTERNET SOCIETY (ISOC). RFC 5424, The Syslog Protocol [online]. Edited by R. Gerhards.
March 2009 [viewed 2018-01-08].
Available at https://tools.ietf.org/html/rfc5424
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 61162-450 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
450-Node
device compliant with IEC 61162-450 and which satisfies additional requirements specified in
this document
Note 1 to entry: This also includes nodes only implementing the ONF function block.
– 10 – IEC 61162-460:2018 RLV © IEC 2018
3.2
460-Forwarder
network infrastructure device that can safely exchange data streams between a 460-Network
and other controlled networks including other 460-Networks
3.3
460-Gateway
network infrastructure device that connects 460-Networks and uncontrolled networks and
which satisfies the safety and security requirements as specified in this document
3.4
460-Network
network which consists of only 460-Nodes, 460-Switches, 460-Forwarder, 460-Gateway and
460-Wireless gateway as well as 450-Nodes
3.5
460-Node
device compliant with the requirement of a 450-Node and which satisfies the safety and
security requirements as specified in this document
3.6
460-Switch
network infrastructure device used to interconnect nodes on a 460-Network and which
satisfies the safety and security requirements as specified in this document
3.7
460-Wireless gateway
network infrastructure device that connects a 460-Network and wireless networks and which
satisfies the safety and security requirements as specified in this document
3.8
advanced encryption standard
AES
symmetric-key block cipher algorithm which is based on a substitution-permutation network
(SPN) and does not use the data encryption standard (DES) Feistel network
Note 1 to entry: This note applies to the French language only.
3.9
alarm
highest priority of an alert, announcing a situation or condition requiring immediate attention,
decision and, if necessary, action by the bridge team, to maintain the safe navigation of the
ship
3.10
application level gateway
network infrastructure device that connects 460-Networks with other networks and which
satisfies the safety and security requirements as specified in this document
3.11
backdoor
installed program allowing remote access to a computer by providing a method of bypassing
normal authentication
3.12
controlled network
any network that has been designed to operate such that authorities are satisfied by
documented evidence that the network does not pose any security risks to any connected
network nodes
Note 1 to entry: For example, any IEC 61162-450 compliant network that is approved by classification society,
flag state or recognized organization (RO).
3.13
category B alert
alert where no additional information for decision support is necessary besides the
information which can be presented at the central alert management HMI
3.14
caution
lowest priority of an alert
Note 1 to entry: "Caution" raises a bridge team's awareness of a condition which does not warrant an alarm or
warning condition, but still requires attention out of the ordinary consideration of the situation or of given
information.
3.15
demilitarized zone
DMZ
physical or logical sub-network that contains and exposes an organization's external-facing
services to a larger and un-trusted network, usually Internet
Note 1 to entry: This note applies to the French language only.
3.16
denial of service
DoS
attempt to prevent legitimate users from accessing a machine or network resource
Note 1 to entry: This note applies to the French language only.
3.17
flow
combination of the following information: source and destination MAC address, source and
destination IP address, protocol, source and destination UDP/TCP port number
3.18
failure mode and effects analysis
FMEA
method as specified in IEC 60812 for the analysis of a system to identify the potential failure
modes, their causes and effects on system performance
3.19
failure mode, effects and criticality analysis
FMECA
analytic method as specified in IEC 60812 that includes a means of ranking the severity of the
failure modes
Note 1 to entry: FMECA extends FMEA by including a criticality analysis, which is used to chart the probability of
failure modes against the severity of their consequences.
3.20
internet control message protocol
ICMP
protocol according to ISOC RFC 792
Note 1 to entry: This note applies to the French language only.
– 12 – IEC 61162-460:2018 RLV © IEC 2018
3.21
internet group management protocol
IGMP
protocol according to ISOC RFC 1112 (version 1), ISOC RFC 2236 (version 2) and
ISOC RFC 4604 (version 3)
Note 1 to entry: This note applies to the French language only.
3.22
loss rate
amount of lost data by the receiving device of a flow as lost packets per total amount of
packets, measured at the input port of a device
Note 1 to entry: The loss rate is expressed in percent.
3.23
malware
malicious code
software used or created to disrupt computer operation
3.24
maximum network load
cumulative maximum amount of all traffic from all network nodes and network infrastructure
components of a single 460-Network
Note 1 to entry: The maximum network load is measured in bytes per second (B/s).
3.25
maximum transmission rate
maximum number of bytes per second that can be transmitted by a network node or network
infrastructure equipment
3.26
multiple spanning tree protocol
MSTP
protocol, according to IEEE 802.1Q, which is an extension of RSTP for VLANs
Note 1 to entry: This note applies to the French language only.
3.27
neighbour MAC address
MAC (media access control) address of connected 450-Node or 460-Node as seen by
460 Switch and as reported by SNMP (simple network management protocol)
3.28
network infrastructure component
device that connect at least two nodes in a 460-Network and two different networks, such as
460-Switch, 460-Forwarder, 460-Gateway and 460-Wireless gateway
3.29
nominal network capacity
network capacity as a byte rate which is based on the configuration
Note 1 to entry: The capacity is the lowest capacity of any switch in the network to route all traffic.
Note 2 to entry: This is used for specifying capabilities of equipment.
3.30
other network function
ONF
function block that interfaces to the network as specified in IEC 61162-450
Note 1 to entry: The ONF represents a function that is allowed to share the infrastructure of an IEC 61162-450
network but does not use the protocols defined in IEC 61162-450.
Note 2 to entry: This note applies to the French language only.
3.31
rapid spanning tree protocol
RSTP
protocol according to IEEE 802.1D for calculating and configuring the active topology of a
network
Note 1 to entry: This note applies to the French language only.
3.32
removable external data source
REDS
user removable non-network data source, including, but not limited to, compact discs, memory
sticks and Bluetooth devices
Note 1 to entry: This note applies to the French language only.
3.33
remote network monitoring
RMON
standard monitoring specification as described in ISOC RFC 3577
Note 1 to entry: This note applies to the French language only.
3.34
ring topology
topology where each node is connected in series to two other nodes
3.35
RSA
public-key cryptosystem as described in IEEE 1363
3.36
safety
protection of networks from unintentional threats such as system malfunctioning,
misconfiguration and misoperation
3.37
secure area
area with defined physical perimeters and barriers, with physical entry controls or access
point protection or access point observation
Note 1 to entry: A ship's navigation bridge with closed consoles and access observation by the master or officer
of the watch is an example of a secure area.
3.38
security
protection of networks from intentional threats such as virus, worm, denial-of-service attacks,
illicit access, etc.
__________
Bluetooth is the trademark of a product supplied by Bluetooth Special Interest Group. This information is given
for the convenience of users of this document and does not constitute an endorsement by IEC of the product
named. Equivalent products may be used if they can be shown to lead to the same results.
– 14 – IEC 61162-460:2018 RLV © IEC 2018
3.39
simple network management protocol
SNMP
protocol according to ISOC RFC 3411 used to convey management information
Note 1 to entry: This note applies to the French language only.
3.40
SNMP-Trap
method to collect events and statistical information from switches, according to
ISOC RFC 1157, ISOC RFC 2021 and ISOC RFC 2819
3.41
shipborne network
data network infrastructure on board a ship to exchange data between equipment on board
Note 1 to entry: This may or may not be connected to shore by satellites or other means.
3.42
sniffing
monitoring and analysis of the network traffic
3.43
stream
co
...
IEC 61162-460 ®
Edition 2.0 2018-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.
IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 21 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 16 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.
IEC publications search - webstore.iec.ch/advsearchform IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 67 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and
CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 21 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 16
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.
Recherche de publications IEC -
Glossaire IEC - std.iec.ch/glossary
webstore.iec.ch/advsearchform
67 000 entrées terminologiques électrotechniques, en anglais
La recherche avancée permet de trouver des publications IEC et en français, extraites des articles Termes et Définitions des
en utilisant différents critères (numéro de référence, texte, publications IEC parues depuis 2002. Plus certaines entrées
comité d’études,…). Elle donne aussi des informations sur les antérieures extraites des publications des CE 37, 77, 86 et
projets et les publications remplacées ou retirées. CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just Si vous désirez nous donner des commentaires sur cette
Published détaille les nouvelles publications parues. publication ou si vous avez des questions contactez-nous:
Disponible en ligne et aussi une fois par mois par email. sales@iec.ch.
IEC 61162-460 ®
Edition 2.0 2018-05
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 47.020.70 ISBN 978-2-8322-5522-3
– 2 – IEC 61162-460:2018 © IEC 2018
CONTENTS
FOREWORD . 6
1 Scope . 8
2 Normative references . 8
3 Terms and definitions . 9
4 High-level requirements . 15
4.1 Overview. 15
4.2 Description . 15
4.3 General requirements . 16
4.3.1 Equipment and system requirements . 16
4.3.2 Physical composition requirements . 16
4.3.3 Logical composition requirements . 17
4.4 Physical component requirements . 17
4.4.1 450-Node. 17
4.4.2 460-Node. 17
4.4.3 460-Switch . 18
4.4.4 460-Forwarder . 18
4.4.5 460-Gateway and 460-Wireless gateway . 18
4.5 Logical component requirements . 18
4.5.1 Network monitoring function . 18
4.5.2 System management function . 18
4.6 System documentation requirements . 19
4.7 Secure area requirements . 19
5 Network traffic management requirements . 19
5.1 460-Node requirements. 19
5.2 460-Switch requirements. 20
5.2.1 Resource allocation . 20
5.2.2 Loop prevention . 20
5.3 460-Forwarder requirements . 20
5.3.1 Traffic separation . 20
5.3.2 Resource allocation . 21
5.3.3 Traffic prioritization . 21
5.4 System design requirements . 22
5.4.1 Documentation . 22
5.4.2 Traffic . 22
5.4.3 Connections between secure and non-secure areas . 22
6 Security requirements . 23
6.1 Security scenarios . 23
6.1.1 Threat scenarios . 23
6.1.2 Internal threats . 23
6.1.3 External threats . 23
6.2 Internal security requirements . 24
6.2.1 General . 24
6.2.2 Denial of service protection . 24
6.2.3 REDS security . 24
6.2.4 Access control . 25
6.3 External security requirements . 26
6.3.1 Overview . 26
6.3.2 Firewalls . 26
6.3.3 Direct communication . 26
6.3.4 460-Node. 27
6.3.5 460-Gateway . 27
6.3.6 460-Wireless gateway. 28
6.4 Additional security issues . 29
7 Redundancy requirements . 29
7.1 General requirements . 29
7.1.1 General . 29
7.1.2 Interface redundancy . 30
7.1.3 Device redundancy . 30
7.2 460-Node requirements. 30
7.3 460-Switch requirements. 31
7.4 460-Forwarder requirements . 31
7.5 460-Gateway and 460-Wireless gateway requirements . 31
7.6 Network monitoring function requirements . 31
7.7 System design requirements . 31
8 Network monitoring requirements . 31
8.1 Network status monitoring . 31
8.1.1 460-Network . 31
8.1.2 460-Node. 31
8.1.3 460-Switch . 32
8.1.4 460-Forwarder . 32
8.2 Network monitoring function . 32
8.2.1 General . 32
8.2.2 Network load monitoring function . 33
8.2.3 Redundancy monitoring function . 34
8.2.4 Network topology monitoring function . 34
8.2.5 Syslog recording function . 35
8.2.6 Redundancy of network monitoring function . 36
8.2.7 Alert management . 36
9 Controlled network requirements . 37
10 Methods of testing and required test results . 38
10.1 Subject of tests . 38
10.2 Test site . 38
10.3 General requirements . 38
10.4 450-Node . 39
10.5 460-Node . 39
10.5.1 Network traffic management . 39
10.5.2 Security . 40
10.5.3 Redundancy . 41
10.5.4 Monitoring . 42
10.6 460-Switch . 42
10.6.1 Resource allocation . 42
10.6.2 Loop prevention . 42
10.6.3 Security . 43
10.6.4 Monitoring . 44
– 4 – IEC 61162-460:2018 © IEC 2018
10.7 460-Forwarder . 44
10.7.1 Traffic separation . 44
10.7.2 Resource allocation . 45
10.7.3 Traffic prioritisation . 45
10.7.4 Security . 46
10.7.5 Monitoring . 47
10.8 460-Gateway . 47
10.8.1 Denial of service behaviour. 47
10.8.2 Access control to configuration setup. 47
10.8.3 Communication security . 47
10.8.4 Firewall . 48
10.8.5 Application server . 49
10.8.6 Interoperable access to file storage of DMZ . 49
10.8.7 Additional security . 49
10.9 460-Wireless gateway . 49
10.9.1 General . 49
10.9.2 Security . 49
10.10 Controlled network . 50
10.11 Network monitoring function . 50
10.11.1 General . 50
10.11.2 Network load monitoring function . 51
10.11.3 Redundancy monitoring function . 51
10.11.4 Network topology monitoring function . 51
10.11.5 Syslog recording function . 52
10.11.6 Alert management . 52
10.12 System level . 53
10.12.1 General . 53
10.12.2 System management function . 54
10.12.3 System design . 54
10.12.4 Network monitoring function . 56
10.12.5 Network load monitoring function . 56
10.12.6 Redundancy monitoring function . 56
10.12.7 Network topology monitoring function . 56
Annex A (informative) Communication scenarios between an IEC 61162-460 network
and uncontrolled networks . 57
A.1 General . 57
A.2 Routine off-ship . 57
A.3 Routine on-ship. 58
A.4 460-Gateway usage for direct connection with equipment . 58
Annex B (informative) Summary of redundancy protocols in IEC 62439 (all parts) . 59
Annex C (informative) Guidance for testing . 60
C.1 Methods of test . 60
C.2 Observation . 60
C.3 Inspection of documented evidence . 60
C.4 Measurement . 60
C.5 Analytical evaluation . 61
Annex D (informative) Some examples to use this document . 62
Annex E (normative) IEC 61162 interfaces for the network monitoring function . 66
Annex F (informative) Distribution of functions around 460-Network . 67
Bibliography . 69
Figure 1 – Functional overview of IEC 61162-460 requirement applications . 16
Figure 2 – 460-Network with 460-Gateway . 26
Figure 3 –Example of redundancy . 30
Figure 4 – Example of network status recording information . 33
Figure A.1 – Usage model for communication between a IEC 61162-460 network and
shore networks . 57
Figure D.1 – 460-Forwarder used between two networks . 62
Figure D.2 – 460-Forwarder used between two networks . 62
Figure D.3 – 460-Gateway used for e-Navigation services . 63
Figure D.4 – 460-Gateway used for remote maintenance . 63
Figure D.5 – 460-Forwarder used to separate an INS system based on its own
controlled network from a network of -460 devices . 64
Figure D.6 – 460-Forwarder used to separate a radar system based on its own
controlled network from a network of -460 devices . 65
Figure E.1 – Network monitoring function logical interfaces . 66
Table 1 – Traffic prioritization with CoS and DSCP . 21
Table 2 – Summary of alert of network monitoring . 36
Table B.1 – Redundancy protocols and recovery times . 59
Table E.1 – Sentences received by the network monitoring function . 66
Table E.2 – Sentences transmitted by the network monitoring function . 66
Table F.1 – Distribution of functions around 460-Network . 67
Table F.2 – Equipment standards referencing IEC 61162-460 . 68
– 6 – IEC 61162-460:2018 © IEC 2018
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 460: Multiple talkers and multiple listeners –
Ethernet interconnection – Safety and security
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 61162-460 has been prepared by IEC technical committee 80:
Maritime navigation and radiocommunication equipment and systems.
This second edition of IEC 61162-460 cancels and replaces the first edition published in 2015.
This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) 460-Switches and 460-Forwarders are required to implement IGMP snooping;
b) connection between secure and non-secure areas requires a 460-Forwarder as an
isolation element;
c) SFI collision detection added as function of network monitoring;
d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network
monitoring;
e) all alerts from network monitoring have standardized alert identifiers.
The text of this International Standard is based on the following documents:
FDIS Report on voting
80/879/FDIS 80/884/RVD
Full information on the voting for the approval of this International Standard can be found in
the report on voting indicated in the above table.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
This International Standard is to be used in conjunction with IEC 61162-450:2018.
A list of all parts in the IEC 61162 series, published under the general title Maritime
navigation and radiocommunication equipment and systems – Digital interfaces, can be found
on the IEC website.
The committee has decided that the contents of this document will remain unchanged until the
stability date indicated on the IEC website under "http://webstore.iec.ch" in the data related to
the specific document. At this date, the document will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 8 – IEC 61162-460:2018 © IEC 2018
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 460: Multiple talkers and multiple listeners –
Ethernet interconnection – Safety and security
1 Scope
This part of IEC 61162 is an add-on to IEC 61162-450 where higher safety and security
standards are needed, for example due to higher exposure to external threats or to improve
network integrity. This document provides requirements and test methods for equipment to be
used in an IEC 61162-460 compliant network as well as requirements for the network itself
and requirements for interconnection from the network to other networks. This document also
contains requirements for a redundant IEC 61162-460 compliant network.
This document does not introduce new application level protocol requirements to those that
are defined in IEC 61162-450.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60945, Maritime navigation and radiocommunication equipment and systems – General
requirements – Methods of testing and required test results
IEC 61162-450:2018, Maritime navigation and radiocommunication equipment and systems –
Digital interfaces – Part 450: Multiple talkers and multiple listeners – Ethernet interconnection
IEC 61924-2:2012, Maritime navigation and radiocommunication equipment and systems –
Integrated navigation systems – Part 2: Modular structure for INS – Operational and
performance requirements, methods of testing and required test results
IEC 62288:2014, Maritime navigation and radiocommunication equipment and systems –
Presentation of navigation-related information on shipborne navigational displays – General
requirements, methods of testing and required test results
IEEE 802.1D-2004, IEEE Standard for Local and metropolitan area networks: Media Access
Control (MAC) Bridges
IEEE 802.1Q, IEEE Standard for Local and metropolitan area networks: Virtual Bridged Local
Area Networks
INTERNET SOCIETY (ISOC). RFC 792, Internet Control Message Protocol (ICMP), Standard
STD0005 (and updates) [online]. Edited by J. Postel. September 1981 [viewed 2018-01-08].
Available at
https://tools.ietf.org/html/rfc792
INTERNET SOCIETY (ISOC). RFC 1112, Host Extensions for IP Multicasting [online]. Edited
by S. Deering. August 1989 [viewed 2018-01-08]. Available at
https://www.ietf.org/rfc/rfc1112.txt
INTERNET SOCIETY (ISOC). RFC 1157, A Simple Network Management Protocol (SNMP)
[online]. Edited by J. Case et al. May 1990 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc1157
INTERNET SOCIETY (ISOC). RFC 2021, Remote Network Monitoring Management
Information Base [online]. Edited by S. Waldbusser. January 1997 [viewed 2018-01-08].
Available at
https://tools.ietf.org/html/rfc2021
INTERNET SOCIETY (ISOC). RFC 2236, Internet Group Management Protocol, Version 2
[online]. Edited by W. Fenner. November 1997 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc2236
INTERNET SOCIETY (ISOC). RFC 2819, Remote Network Monitoring Management
Information Base [online]. Edited by S. Waldbusser. May 2000 [viewed 2018-01-08]. Available
at
https://tools.ietf.org/html/rfc2819
INTERNET SOCIETY (ISOC). RFC 3411, An Architecture for Describing Simple Network
Management Protocol (SNMP) Management Frameworks [online]. Edited by D. Harrington.
December 2002 [viewed 2018-01-08]. Available at
https://www.ietf.org/rfc/rfc3411.txt
INTERNET SOCIETY (ISOC). RFC 3577, Introduction to the RMON family of MIB modules
[online]. Edited by S. Waldbusser. August 2003 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc3577
INTERNET SOCIETY (ISOC). RFC 4604, Using Internet Group Management Protocol Version
3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific
Multicast [online]. Edited by H. Holbrook et al. August 2006 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc4604
INTERNET SOCIETY (ISOC). RFC 5424, The Syslog Protocol [online]. Edited by R. Gerhards.
March 2009 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc5424
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 61162-450 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
3.1
450-Node
device compliant with IEC 61162-450 and which satisfies additional requirements specified in
this document
Note 1 to entry: This also includes nodes only implementing the ONF function block.
– 10 – IEC 61162-460:2018 © IEC 2018
3.2
460-Forwarder
network infrastructure device that can safely exchange data streams between a 460-Network
and other controlled networks including other 460-Networks
3.3
460-Gateway
network infrastructure device that connects 460-Networks and uncontrolled networks and
which satisfies the safety and security requirements as specified in this document
3.4
460-Network
network which consists of only 460-Nodes, 460-Switches, 460-Forwarder, 460-Gateway and
460-Wireless gateway as well as 450-Nodes
3.5
460-Node
device compliant with the requirement of a 450-Node and which satisfies the safety and
security requirements as specified in this document
3.6
460-Switch
network infrastructure device used to interconnect nodes on a 460-Network and which
satisfies the safety and security requirements as specified in this document
3.7
460-Wireless gateway
network infrastructure device that connects a 460-Network and wireless networks and which
satisfies the safety and security requirements as specified in this document
3.8
advanced encryption standard
AES
symmetric-key block cipher algorithm which is based on a substitution-permutation network
(SPN) and does not use the data encryption standard (DES) Feistel network
Note 1 to entry: This note applies to the French language only.
3.9
alarm
highest priority of an alert, announcing a situation or condition requiring immediate attention,
decision and, if necessary, action by the bridge team, to maintain the safe navigation of the
ship
3.10
application level gateway
network infrastructure device that connects 460-Networks with other networks and which
satisfies the safety and security requirements as specified in this document
3.11
backdoor
installed program allowing remote access to a computer by providing a method of bypassing
normal authentication
3.12
controlled network
any network that has been designed to operate such that authorities are satisfied by
documented evidence that the network does not pose any security risks to any connected
network nodes
Note 1 to entry: For example, any IEC 61162-450 compliant network that is approved by classification society,
flag state or recognized organization (RO).
3.13
category B alert
alert where no additional information for decision support is necessary besides the
information which can be presented at the central alert management HMI
3.14
caution
lowest priority of an alert
Note 1 to entry: "Caution" raises a bridge team's awareness of a condition which does not warrant an alarm or
warning condition, but still requires attention out of the ordinary consideration of the situation or of given
information.
3.15
demilitarized zone
DMZ
physical or logical sub-network that contains and exposes an organization's external-facing
services to a larger and un-trusted network, usually Internet
Note 1 to entry: This note applies to the French language only.
3.16
denial of service
DoS
attempt to prevent legitimate users from accessing a machine or network resource
Note 1 to entry: This note applies to the French language only.
3.17
flow
combination of the following information: source and destination MAC address, source and
destination IP address, protocol, source and destination port number
3.18
failure mode and effects analysis
FMEA
method as specified in IEC 60812 for the analysis of a system to identify the potential failure
modes, their causes and effects on system performance
3.19
failure mode, effects and criticality analysis
FMECA
analytic method as specified in IEC 60812 that includes a means of ranking the severity of the
failure modes
Note 1 to entry: FMECA extends FMEA by including a criticality analysis, which is used to chart the probability of
failure modes against the severity of their consequences.
3.20
internet control message protocol
ICMP
protocol according to ISOC RFC 792
Note 1 to entry: This note applies to the French language only.
– 12 – IEC 61162-460:2018 © IEC 2018
3.21
internet group management protocol
IGMP
protocol according to ISOC RFC 1112 (version 1), ISOC RFC 2236 (version 2) and
ISOC RFC 4604 (version 3)
Note 1 to entry: This note applies to the French language only.
3.22
loss rate
amount of lost data by the receiving device of a flow as lost packets per total amount of
packets, measured at the input port of a device
Note 1 to entry: The loss rate is expressed in percent.
3.23
malware
malicious code
software used or created to disrupt computer operation
3.24
maximum network load
cumulative maximum amount of all traffic from all network nodes and network infrastructure
components of a single 460-Network
Note 1 to entry: The maximum network load is measured in bytes per second (B/s).
3.25
maximum transmission rate
maximum number of bytes per second that can be transmitted by a network node or network
infrastructure equipment
3.26
multiple spanning tree protocol
MSTP
protocol, according to IEEE 802.1Q, which is an extension of RSTP for VLANs
Note 1 to entry: This note applies to the French language only.
3.27
neighbour MAC address
MAC (media access control) address of connected 450-Node or 460-Node as seen by
460 Switch and as reported by SNMP (simple network management protocol)
3.28
network infrastructure component
device that connect at least two nodes in a 460-Network and two different networks, such as
460-Switch, 460-Forwarder, 460-Gateway and 460-Wireless gateway
3.29
nominal network capacity
network capacity as a byte rate which is based on the configuration
Note 1 to entry: The capacity is the lowest capacity of any switch in the network to route all traffic.
Note 2 to entry: This is used for specifying capabilities of equipment.
3.30
other network function
ONF
function block that interfaces to the network as specified in IEC 61162-450
Note 1 to entry: The ONF represents a function that is allowed to share the infrastructure of an IEC 61162-450
network but does not use the protocols defined in IEC 61162-450.
Note 2 to entry: This note applies to the French language only.
3.31
rapid spanning tree protocol
RSTP
protocol according to IEEE 802.1D for calculating and configuring the active topology of a
network
Note 1 to entry: This note applies to the French language only.
3.32
removable external data source
REDS
user removable non-network data source, including, but not limited to, compact discs, memory
sticks and Bluetooth devices
Note 1 to entry: This note applies to the French language only.
3.33
remote network monitorin
...
IEC 61162-460 ®
Edition 2.1 2020-01
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.
Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.
IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé info@iec.ch
CH-1211 Geneva 20 www.iec.ch
Switzerland
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.
About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigendum or an amendment might have been published.
IEC publications search - webstore.iec.ch/advsearchform Electropedia - www.electropedia.org
The advanced search enables to find IEC publications by a The world's leading online dictionary on electrotechnology,
variety of criteria (reference number, text, technical containing more than 22 000 terminological entries in English
committee,…). It also gives information on projects, replaced and French, with equivalent terms in 16 additional languages.
and withdrawn publications. Also known as the International Electrotechnical Vocabulary
(IEV) online.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Glossary - std.iec.ch/glossary
details all new publications released. Available online and 67 000 electrotechnical terminology entries in English and
once a month by email. French extracted from the Terms and definitions clause of
IEC publications issued between 2002 and 2015. Some
IEC Customer Service Centre - webstore.iec.ch/csc entries have been collected from earlier publications of IEC
If you wish to give us your feedback on this publication or TC 37, 77, 86 and CISPR.
need further assistance, please contact the Customer Service
Centre: sales@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.
A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.
Recherche de publications IEC - Electropedia - www.electropedia.org
webstore.iec.ch/advsearchform Le premier dictionnaire d'électrotechnologie en ligne au
La recherche avancée permet de trouver des publications IEC monde, avec plus de 22 000 articles terminologiques en
en utilisant différents critères (numéro de référence, texte, anglais et en français, ainsi que les termes équivalents dans
comité d’études,…). Elle donne aussi des informations sur les 16 langues additionnelles. Egalement appelé Vocabulaire
projets et les publications remplacées ou retirées. Electrotechnique International (IEV) en ligne.
IEC Just Published - webstore.iec.ch/justpublished Glossaire IEC - std.iec.ch/glossary
Restez informé sur les nouvelles publications IEC. Just 67 000 entrées terminologiques électrotechniques, en anglais
Published détaille les nouvelles publications parues. et en français, extraites des articles Termes et définitions des
Disponible en ligne et une fois par mois par email. publications IEC parues entre 2002 et 2015. Plus certaines
entrées antérieures extraites des publications des CE 37, 77,
Service Clients - webstore.iec.ch/csc 86 et CISPR de l'IEC.
Si vous désirez nous donner des commentaires sur cette
publication ou si vous avez des questions contactez-nous:
sales@iec.ch.
IEC 61162-460 ®
Edition 2.1 2020-01
CONSOLIDATED VERSION
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 47.020.70 ISBN 978-2-8322-7770-6
IEC 61162-460 ®
Edition 2.1 2020-01
CONSOLIDATED VERSION
REDLINE VERSION
VERSION REDLINE
colour
inside
Maritime navigation and radiocommunication equipmentand systems – Digital
interfaces –
Part 460: Multiple talkers and multiple listeners – Ethernet interconnection –
Safety and security
Matériels et systèmes de navigation et de radiocommunication maritimes –
Interfaces numériques –
Partie 460: Émetteurs multiples et récepteurs multiples – Interconnexion
Ethernet – Sûreté et sécurité
– 2 – IEC 61162-460:2018+AMD1:2020 CSV
© IEC 2020
CONTENTS
FOREWORD . 6
Introduction to the Amendment . 8
1 Scope . 9
2 Normative references . 9
3 Terms and definitions . 10
4 High-level requirements . 16
4.1 Overview. 16
4.2 Description . 16
4.3 General requirements . 17
4.3.1 Equipment and system requirements . 17
4.3.2 Physical composition requirements . 17
4.3.3 Logical composition requirements . 18
4.4 Physical component requirements . 18
4.4.1 450-Node. 18
4.4.2 460-Node. 18
4.4.3 460-Switch . 19
4.4.4 460-Forwarder . 19
4.4.5 460-Gateway and 460-Wireless gateway . 19
4.5 Logical component requirements . 19
4.5.1 Network monitoring function . 19
4.5.2 System management function . 19
4.6 System documentation requirements . 20
4.7 Secure area requirements . 20
5 Network traffic management requirements . 20
5.1 460-Node requirements. 20
5.2 460-Switch requirements. 21
5.2.1 Resource allocation . 21
5.2.2 Loop prevention . 21
5.3 460-Forwarder requirements . 21
5.3.1 Traffic separation . 21
5.3.2 Resource allocation . 22
5.3.3 Traffic prioritization . 22
5.4 System design requirements . 23
5.4.1 Documentation . 23
5.4.2 Traffic . 23
5.4.3 Connections between secure and non-secure areas . 23
6 Security requirements . 24
6.1 Security scenarios . 24
6.1.1 Threat scenarios . 24
6.1.2 Internal threats . 24
6.1.3 External threats . 24
6.2 Internal security requirements . 25
6.2.1 General . 25
6.2.2 Denial of service protection . 25
6.2.3 REDS security . 25
6.2.4 Access control . 26
© IEC 2020
6.3 External security requirements . 27
6.3.1 Overview . 27
6.3.2 Firewalls . 27
6.3.3 Direct communication . 27
6.3.4 460-Node. 28
6.3.5 460-Gateway . 29
6.3.6 460-Wireless gateway. 30
6.4 Additional security issues . 30
7 Redundancy requirements . 30
7.1 General requirements . 30
7.1.1 General . 30
7.1.2 Interface redundancy . 31
7.1.3 Device redundancy . 31
7.2 460-Node requirements. 32
7.3 460-Switch requirements. 32
7.4 460-Forwarder requirements . 32
7.5 460-Gateway and 460-Wireless gateway requirements . 32
7.6 Network monitoring function requirements . 32
7.7 System design requirements . 32
8 Network monitoring requirements . 32
8.1 Network status monitoring . 32
8.1.1 460-Network . 32
8.1.2 460-Node. 32
8.1.3 460-Switch . 33
8.1.4 460-Forwarder . 33
8.2 Network monitoring function . 33
8.2.1 General . 33
8.2.2 Network load monitoring function . 34
8.2.3 Redundancy monitoring function . 35
8.2.4 Network topology monitoring function . 35
8.2.5 Syslog recording function . 37
8.2.6 Redundancy of network monitoring function . 37
8.2.7 Alert management . 37
9 Controlled network requirements . 39
10 Methods of testing and required test results . 39
10.1 Subject of tests . 39
10.2 Test site . 39
10.3 General requirements . 40
10.4 450-Node . 40
10.5 460-Node . 41
10.5.1 Network traffic management . 41
10.5.2 Security . 41
10.5.3 Redundancy . 43
10.5.4 Monitoring . 43
10.6 460-Switch . 43
10.6.1 Resource allocation . 43
10.6.2 Loop prevention . 44
10.6.3 Security . 44
– 4 – IEC 61162-460:2018+AMD1:2020 CSV
© IEC 2020
10.6.4 Monitoring . 45
10.7 460-Forwarder . 46
10.7.1 Traffic separation . 46
10.7.2 Resource allocation . 46
10.7.3 Traffic prioritisation . 47
10.7.4 Security . 47
10.7.5 Monitoring . 48
10.8 460-Gateway . 49
10.8.1 Denial of service behaviour. 49
10.8.2 Access control to configuration setup. 49
10.8.3 Communication security . 49
10.8.4 Firewall . 49
10.8.5 Application server . 51
10.8.6 Interoperable access to file storage of DMZ . 51
10.8.7 Additional security . 51
10.9 460-Wireless gateway . 52
10.9.1 General . 52
10.9.2 Security . 52
10.10 Controlled network . 52
10.11 Network monitoring function . 52
10.11.1 General . 52
10.11.2 Network load monitoring function . 53
10.11.3 Redundancy monitoring function . 53
10.11.4 Network topology monitoring function . 54
10.11.5 Syslog recording function . 54
10.11.6 Alert management . 54
10.12 System level . 56
10.12.1 General . 56
10.12.2 System management function . 56
10.12.3 System design . 57
10.12.4 Network monitoring function . 58
10.12.5 Network load monitoring function . 58
10.12.6 Redundancy monitoring function . 58
10.12.7 Network topology monitoring function . 59
Annex A (informative) Communication scenarios between an IEC 61162-460 network
and uncontrolled networks . 60
A.1 General . 60
A.2 Routine off-ship . 60
A.3 Routine on-ship. 61
A.4 460-Gateway usage for direct connection with equipment . 61
Annex B (informative) Summary of redundancy protocols in IEC 62439 (all parts) . 62
Annex C (informative) Guidance for testing . 63
C.1 Methods of test . 63
C.2 Observation . 63
C.3 Inspection of documented evidence . 63
C.4 Measurement . 63
C.5 Analytical evaluation . 64
Annex D (informative) Some examples to use this document . 65
Annex E (normative) IEC 61162 interfaces for the network monitoring function . 69
© IEC 2020
Annex F (informative) Distribution of functions around 460-Network . 70
Bibliography . 72
Figure 1 – Functional overview of IEC 61162-460 requirement applications . 17
Figure 2 – 460-Network with 460-Gateway . 27
Figure 3 –Example of redundancy . 31
Figure 4 – Example of network status recording information . 34
Figure A.1 – Usage model for communication between a IEC 61162-460 network and
shore networks . 60
Figure D.1 – 460-Forwarder used between two networks . 65
Figure D.2 – 460-Forwarder used between two networks . 65
Figure D.3 – 460-Gateway used for e-Navigation services . 66
Figure D.4 – 460-Gateway used for remote maintenance . 66
Figure D.5 – 460-Forwarder used to separate an INS system based on its own
controlled network from a network of -460 devices . 67
Figure D.6 – 460-Forwarder used to separate a radar system based on its own
controlled network from a network of -460 devices . 68
Figure E.1 – Network monitoring function logical interfaces . 69
Table 1 – Traffic prioritization with CoS and DSCP . 22
Table 2 – Summary of alert of network monitoring . 38
Table B.1 – Redundancy protocols and recovery times . 62
Table E.1 – Sentences received by the network monitoring function . 69
Table E.2 – Sentences transmitted by the network monitoring function . 69
Table F.1 – Distribution of functions around 460-Network . 70
Table F.2 – Equipment standards referencing IEC 61162-460 . 71
– 6 – IEC 61162-460:2018+AMD1:2020 CSV
© IEC 2020
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 460: Multiple talkers and multiple listeners –
Ethernet interconnection – Safety and security
FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
This consolidated version of the official IEC Standard and its amendment has been
prepared for user convenience.
IEC 61162-460 edition 2.1 contains the second edition (2018-05) [documents 80/879/FDIS
and 80/884/RVD] and its amendment 1 (2020-01) [documents 80/943/FDIS and 80/951/
RVD].
In this Redline version, a vertical line in the margin shows where the technical content is
modified by amendment 1. Additions are in green text, deletions are in strikethrough red
text. A separate Final version with all changes accepted is available in this publication.
© IEC 2020
International Standard IEC 61162-460 has been prepared by IEC technical committee
80: Maritime navigation and radiocommunication equipment and systems.
This second edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous
edition:
a) 460-Switches and 460-Forwarders are required to implement IGMP snooping;
b) connection between secure and non-secure areas requires a 460-Forwarder as an
isolation element;
c) SFI collision detection added as function of network monitoring;
d) 460-Gateway and 460-Wireless gateway are no longer required to report to the network
monitoring;
e) all alerts from network monitoring have standardized alert identifiers.
This document has been drafted in accordance with the ISO/IEC Directives, Part 2.
This International Standard is to be used in conjunction with IEC 61162-450:2018.
A list of all parts in the IEC 61162 series, published under the general title Maritime
navigation and radiocommunication equipment and systems – Digital interfaces, can be found
on the IEC website.
The committee has decided that the contents of the base publication and its amendment will
remain unchanged until the stability date indicated on the IEC web site under
"http://webstore.iec.ch" in the data related to the specific publication. At this date, the
publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
– 8 – IEC 61162-460:2018+AMD1:2020 CSV
© IEC 2020
Introduction to the Amendment
This amendment provides greater clarity to the external security requirements in 6.3, updates
the alert management in 8.2.7 and associated tests in 10.11.6 to comply with bridge alert
management and provides an improved test of firewalls in 10.8.4.
© IEC 2020
MARITIME NAVIGATION AND RADIOCOMMUNICATION
EQUIPMENT AND SYSTEMS –
DIGITAL INTERFACES –
Part 460: Multiple talkers and multiple listeners –
Ethernet interconnection – Safety and security
1 Scope
This part of IEC 61162 is an add-on to IEC 61162-450 where higher safety and security
standards are needed, for example due to higher exposure to external threats or to improve
network integrity. This document provides requirements and test methods for equipment to be
used in an IEC 61162-460 compliant network as well as requirements for the network itself
and requirements for interconnection from the network to other networks. This document also
contains requirements for a redundant IEC 61162-460 compliant network.
This document does not introduce new application level protocol requirements to those that
are defined in IEC 61162-450.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60945, Maritime navigation and radiocommunication equipment and systems – General
requirements – Methods of testing and required test results
IEC 61162-450:2018, Maritime navigation and radiocommunication equipment and systems –
Digital interfaces – Part 450: Multiple talkers and multiple listeners – Ethernet interconnection
IEC 61924-2:2012, Maritime navigation and radiocommunication equipment and systems –
Integrated navigation systems – Part 2: Modular structure for INS – Operational and
performance requirements, methods of testing and required test results
IEC 62288:2014, Maritime navigation and radiocommunication equipment and systems –
Presentation of navigation-related information on shipborne navigational displays – General
requirements, methods of testing and required test results
IEC 62923-1, Maritime navigation and radiocommunication equipment and systems – Bridge
alert management – Part 1: Operational and performance requirements, methods of testing
and required test results
IEC 62923-2, Maritime navigation and radiocommunication equipment and systems – Bridge
alert management – Part 2: Alert and cluster identifiers and other additional features
IEEE 802.1D-2004, IEEE Standard for Local and metropolitan area networks: Media Access
Control (MAC) Bridges
IEEE 802.1Q, IEEE Standard for Local and metropolitan area networks: Virtual Bridged Local
Area Networks
– 10 – IEC 61162-460:2018+AMD1:2020 CSV
© IEC 2020
INTERNET SOCIETY (ISOC). RFC 792, Internet Control Message Protocol (ICMP), Standard
STD0005 (and updates) [online]. Edited by J. Postel. September 1981 [viewed 2018-01-08].
Available at
https://tools.ietf.org/html/rfc792
INTERNET SOCIETY (ISOC). RFC 1112, Host Extensions for IP Multicasting [online]. Edited
by S. Deering. August 1989 [viewed 2018-01-08]. Available at
https://www.ietf.org/rfc/rfc1112.txt
INTERNET SOCIETY (ISOC). RFC 1157, A Simple Network Management Protocol (SNMP)
[online]. Edited by J. Case et al. May 1990 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc1157
INTERNET SOCIETY (ISOC). RFC 2021, Remote Network Monitoring Management
Information Base [online]. Edited by S. Waldbusser. January 1997 [viewed 2018-01-08].
Available at
https://tools.ietf.org/html/rfc2021
INTERNET SOCIETY (ISOC). RFC 2236, Internet Group Management Protocol, Version 2
[online]. Edited by W. Fenner. November 1997 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc2236
INTERNET SOCIETY (ISOC). RFC 2819, Remote Network Monitoring Management
Information Base [online]. Edited by S. Waldbusser. May 2000 [viewed 2018-01-08]. Available
at
https://tools.ietf.org/html/rfc2819
INTERNET SOCIETY (ISOC). RFC 3411, An Architecture for Describing Simple Network
Management Protocol (SNMP) Management Frameworks [online]. Edited by D. Harrington.
December 2002 [viewed 2018-01-08]. Available at
https://www.ietf.org/rfc/rfc3411.txt
INTERNET SOCIETY (ISOC). RFC 3577, Introduction to the RMON family of MIB modules
[online]. Edited by S. Waldbusser. August 2003 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc3577
INTERNET SOCIETY (ISOC). RFC 4604, Using Internet Group Management Protocol Version
3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific
Multicast [online]. Edited by H. Holbrook et al. August 2006 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc4604
INTERNET SOCIETY (ISOC). RFC 5424, The Syslog Protocol [online]. Edited by R. Gerhards.
March 2009 [viewed 2018-01-08]. Available at
https://tools.ietf.org/html/rfc5424
3 Terms and definitions
For the purposes of this document, the terms and definitions given in IEC 61162-450 and the
following apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
© IEC 2020
3.1
450-Node
device compliant with IEC 61162-450 and which satisfies additional requirements specified in
this document
Note 1 to entry: This also includes nodes only implementing the ONF function block.
3.2
460-Forwarder
network infrastructure device that can safely exchange data streams between a 460-Network
and other controlled networks including other 460-Networks
3.3
460-Gateway
network infrastructure device that connects 460-Networks and uncontrolled networks and
which satisfies the safety and security requirements as specified in this document
3.4
460-Network
network which consists of only 460-Nodes, 460-Switches, 460-Forwarder, 460-Gateway and
460-Wireless gateway as well as 450-Nodes
3.5
460-Node
device compliant with the requirement of a 450-Node and which satisfies the safety and
security requirements as specified in this document
3.6
460-Switch
network infrastructure device used to interconnect nodes on a 460-Network and which
satisfies the safety and security requirements as specified in this document
3.7
460-Wireless gateway
network infrastructure device that connects a 460-Network and wireless networks and which
satisfies the safety and security requirements as specified in this document
3.8
advanced encryption standard
AES
symmetric-key block cipher algorithm which is based on a substitution-permutation network
(SPN) and does not use the data encryption standard (DES) Feistel network
Note 1 to entry: This note applies to the French language only.
3.9
alarm
highest priority of an alert, announcing a situation or condition requiring immediate attention,
decision and, if necessary, action by the bridge team, to maintain the safe navigation of the
ship
3.10
application level gateway
network infrastructure device that connects 460-Networks with other networks and which
satisfies the safety and security requirements as specified in this document
– 12 – IEC 61162-460:2018+AMD1:2020 CSV
© IEC 2020
3.11
backdoor
installed program allowing remote access to a computer by providing a method of bypassing
normal authentication
3.12
controlled network
any network that has been designed to operate such that authorities are satisfied by
documented evidence that the network does not pose any security risks to any connected
network nodes
Note 1 to entry: For example, any IEC 61162-450 compliant network that is approved by classification society,
flag state or recognized organization (RO).
3.13
category B alert
alert where no additional information for decision support is necessary besides the
information which can be presented at the central alert management HMI
3.14
caution
lowest priority of an alert
Note 1 to entry: "Caution" raises a bridge team's awareness of a condition which does not warrant an alarm or
warning condition, but still requires attention out of the ordinary consideration of the situation or of given
information.
3.15
demilitarized zone
DMZ
physical or logical sub-network that contains and exposes an organization's external-facing
services to a larger and un-trusted network, usually Internet
Note 1 to entry: This note applies to the French language only.
3.16
denial of service
DoS
attempt to prevent legitimate users from accessing a machine or network resource
Note 1 to entry: This note applies to the French language only.
3.17
flow
combination of the following information: source and destination MAC address, source and
destination IP address, protocol, source and destination port number
3.18
failure mode and effects analysis
FMEA
method as specified in IEC 60812 for the analysis of a system to identify the potential failure
modes, their causes and effects on system performance
3.19
failure mode, effects and criticality analysis
FMECA
analytic method as specified in IEC 60812 that includes a means of ranking the severity of the
failure modes
Note 1 to entry: FMECA extends FMEA by including a criticality analysis, which is used to chart the probability of
failure modes against the severity of their consequences.
© IEC 2020
3.20
internet control message protocol
ICMP
protocol according to ISOC RFC 792
Note 1 to entry: This note applies to the French language only.
3.21
internet group management protocol
IGMP
protocol according to ISOC RFC 1112 (version 1), ISOC RFC 2236 (version 2) and
ISOC RFC 4604 (version 3)
Note 1 to entry: This note applies to the French language only.
3.22
loss rate
amount of lost data by the receiving device of a flow as lost packets per total amount of
packets, measured at the input port of a device
Note 1 to entry: The loss rate is expressed in percent.
3.23
malware
malicious code
software used or created to disrupt computer operation
3.24
maximum network load
cumulative maximum amount of all traffic from all network nodes and network infrastructure
components of a single 460-Network
Note 1 to entry: The maximum network load is measured in bytes per second (B/s).
3.25
maximum transmission rate
maximum number of bytes per second that can be transmitted by a network node or network
infrastructure equi
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...