Reference Architecture · v1.0 · Purdue-Aligned

Meridian Ship-to-Shore Cybersecurity Reference Architecture

Re-stratification of the Meridian systems-integration model along Purdue Model zones, with explicit Active Directory segregation per level, zero-trust crossings, code-signed broker patterns, and an emergency event-management overlay (ServiceNow · Everbridge · Ekatra). Click any component for control posture and maritime impact.

View Filter

PRINCIPLE 01

Shore observes & governs — never controls

Corporate / cloud platforms read telemetry and orchestrate work, but cannot reach into safety-critical OT zones.

PRINCIPLE 02

Identity is segmented by Purdue level

No two-way AD trust between corporate and OT domains. Identity terminates at the DMZ — never inside L2 or L0/1.

PRINCIPLE 03

Every cross-zone agent is code-signed

MID Servers, OT collectors, and brokers run only signed binaries with certificate-based device identity and TLS 1.3.

PRINCIPLE 04

Vessels remain operational without shore

Loss of satellite, cloud identity, or shore platforms must never degrade propulsion, navigation, or safety systems.

LEVEL 5 Cloud · SaaS · Enterprise Platforms — shore-side governance, analytics, AI, identity

LEVEL 4 · SHORE Corporate IT — managed productivity, EDR-protected, Entra-joined

LEVEL 4 · SHIP Shipboard IT (per vessel) — hotel, crew workstations, guest services, autonomous

LEVEL 3.5 OT DMZ · Brokered Cross-Zone Integration — code-signed agents, jump hosts, reverse proxies, PAM gateway

LEVEL 3 Shipboard OT Operations — historian, OT app servers, isolated OT identity

LEVEL 2 Supervisory · HMI · Engineering — SCADA, DCS, engineering workstations, passive IDS

LEVEL 0/1 Physical Process & Control — sensors, actuators, PLCs, propulsion, HVAC, safety

SHORE Cloud · Fleet Ops · Corporate

SHIP Vessel — bandwidth-constrained, safety-critical

⟁ SHIP↔SHORE WAN BOUNDARY

TLS 1.3 mTLS SD-WAN STORE & FWD

⟁ IT / OT TRUST BOUNDARY

ZTA PAM GATEWAY CODE-SIGNED ONLY

⟁ OT DMZ ↘ SHIP OT OPS

BROKERED ONE-WAY TRUST ↓

⟁ OPS ↘ SUPERVISORY · CONTROL

PASSIVE MONITOR ONLY

⟁ SUPERVISORY ↘ PROCESS · SAFETY

DETERMINISTIC NO ENT. AUTH

Cloud Identity Plane

SOC · Security Tooling

Emergency Event Management

Domains

ServiceNow Now Platform

Identity & Active Directory

SIEM & Security Tooling

Armis Asset Intelligence

OT & Industrial Control

Meridian Operations

Third-Party Platforms

Emergency Event Mgmt

Cybersecurity Boundaries

Ship↔Shore WAN — TLS 1.3 / mTLS

IT / OT trust boundary — brokered only

Safety-critical — passive monitor only

Control Badges

MFA Multi-factor authentication enforced

PAM CyberArk vaulted & session-recorded

TLS Encrypted transport, mTLS where applicable

SIGNED Binary & agent code-signing required

ZTA Zero-trust policy enforcement

PASSIVE Read-only / out-of-band observation

SEGREGATED No enterprise auth dependency

Active Directory by Purdue Level

L5 — Entra ID (cloud, SSO+MFA, CA)

L4 Shore — Corporate AD

L4 Ship — Shipboard IT AD (per vessel)

L3 — OT AD (per vessel, isolated)

L2 / L0-1 — Local device auth only