Demilitarized Zone (DMZ)

A demilitarized zone (DMZ) is a buffer network segment placed between two trust levels, exposing only controlled services while shielding the inner network. On a ship it separates the business IT network and the wider internet from the operational-technology systems that run navigation, propulsion, and cargo, so that a compromise of crew email or the satellite link does not reach the integrated bridge or engine controls directly. The DMZ is a core element of the network segmentation that IMO MSC-FAL.1/Circ.3 and BIMCO recommend, and it usually pairs with firewalls and deep packet inspection at each boundary.