Firewall (OT)

An operational-technology firewall enforces traffic rules at the boundary between a ship’s or terminal’s control networks (navigation, propulsion, cargo, automation) and its business IT network or external connections. Unlike a general IT firewall it must understand industrial protocols and tolerate the deterministic timing of control systems, often working with an industrial DMZ and deep packet inspection. It is the practical mechanism behind the IT/OT segmentation that IMO MSC-FAL.1/Circ.3 and BIMCO recommend, blocking a phishing-borne IT compromise from reaching the integrated bridge or engine controls. IEC 62443 defines the zone-and-conduit model these firewalls implement.