Since Peplink products getting more and more popular in merchant marine market, I am wondering if Peplink have plan to apply Marine Type Approvals.
Ship’s classifications has published guidelines and pushing Type Approval for IT equipment on board, some maker already done that. Once those regulations fully enforced, we may have to use “type approved” products only.
Hi Jiang_Lin,
This is a great topic to raise and generate some discussions about.
While the UR E26 & 27 talks about IT systems they only revolve around OT systems (Operational Systems) which are required in most, if not all, cases to be type of class approved (Depending on Class, ClassNK, DNV, BV etc…).
There’s also the whole ISM Cyber Security regulation to consider - and we could perhaps generate some information around this and include best practice guides for implementation of Peplink to abide by these standards.
These regulations also came into effect from the 1st of January 2024 - so already in place.
If we wish to be more embedded in these solutions from an OT or Cybcer Security POV we should consider this.
Here’s some information to consider for the Peplink Team:
Hull Classification Surveys
IACS UR E26/27 | ClassNK - English
IACS unified requirements for cyber security mandatory from 1 January 2024
What are your thoughts Jiang_Lin?
Yes, absolutely. Since I am a Peplink share holder now 
First thing I think they should have one of the major class’ approval, like what Moxa, Fortinet did.
E26/27, one of them applied to new ships, which already in force from Jul, another for service ships, where we still have some time. But what information I get from those kind of forum/meetings is every device with data connections should be type approved (even your coffee machine if it has a Bluetooth).
Captain Nik, seems we are in same business? I am here mainly working on merchant ships in Singapore, you mainly do yachts?
Hi Jiang_Lin,
I agree with you - and this is majorly of interest if we think of commercial vessels where I think Peplink could be stronger.
My focus is primarily Yachts, but we do Commercial and Government too (Globally).
As for E26/E27, we should indeed consider what other providers have done and as per my previous comment, should we want to be more involved like others (i.e. Moxa & Fortinet) we should consider getting the right certifications.
For example, Moxa has an excellent Marine Certified product list we use as a reference,
moxa-marine-certification-2019.pdf
Marine Focus | Moxa
@Giedrius - What are your thoughts on Certification here? Or is this for someone else to get onboard with?
+1 on this!
Looking forward to get some more information on this
Hi Nik, Jiang Lin,
it looks more like E26 is related to ship’s overall network architecture while E27 is for IT system (e.g. Peplink equipment). In other words to check if the ship’s overall network architecture is E26-compliant, its IT/OT network components should be E27 compliant, is that right?
Can you also explain in more details what is “major class approval”? ("First thing I think they should have one of the major class’ approval, like what Moxa, Fortinet did.)
Lastly, which are the most important Peplink products which need this sort of certification?
hmm, this is another marine practice, most ships (if not all) should register under a class, they will certify the ship for trading, if your product approved by one of the class, it will be accepted by others as well.
Major class: IACS Members - Shaping Maritime Safety & Sustainability - IACS, but normally we consider ABCD LRK (ABS, BV, CCS, DNV, LR, RINA, CLASS NK).
Ship will normally use switch, router, AP. You may apply approval per product lines (Like B One, Max). — Its more of following a procedure and spend some money, then they will give you a certificate. Ship’s class used to ensure ships structure strong enough in the old days, but now they are expert on everything.
Follow up on Jiang_Lin’s reply here.
You are correct.
As for products seeking approval I believe it is used on a product class as mentioned,
Most important products,
There might be more we can do here - but let us know what else you need here.
Thanks
Product to add Balance 20X.
@Giedrius - Do you think this year we could focus on this?
We see a lot of new builds being specified with other companies products because of non-certifications for Peplink.
Not only for this purpose, but also for general Cyber Security Requirements.
Hi Nik,
sure we can do and we are always open to for discussion. As we spoke previously we need guidance which products we should be aiming to get certified and reference from partners to better understand the demand.
OK - well I’ll reiterate what I wrote earlier then.
As for products seeking approval I believe it is used on a product class as mentioned,
Most important products,
There’s also the concern about Cyber Security Compliance which is obviously more software features than Hardware approval, nontheless, should be considered for this as well.
Multiple clients reporting Peplink routers don’t meet maritime cyber security compliance requirements in Europe and globally.
Key Regulatory Requirements:
What Regulations Mandate:
Competitor Positioning:
Business Impact:
Request: Does Peplink have plans to add active threat protection (IPS/antivirus) capabilities, or should we position Peplink as connectivity/SD-WAN layer with separate UTM devices for compliance?
Reference Documentation:
Yes, as Peplink has achieved such good presence in marine market, it is a shame not to work further and bespoke per marine needs like cyber security and type approval.
Cyber security: it is either you may completely give up, and leave to others like Fortinet etc. However, fortinet can do same multi-wan and failover, which you will lose market eventually.
Or you may just buy or work with a smaller UTM provider and integrate this into your product.
Type approval: typically you can go a class and they will guide you the procedure, it is usually no difference if you have 1 or all your product to be type approved, for example, if you need, I can introduce BV Hong Kong to you.
+1 this requirement.
It’s getting more essential in this world of certified requirements… for better or worse!
@Jiang_Lin & @tgorter
Please suggest models you’d want to see certified.
@JoeyJanssen What are your thoughts here? You get lots of this in Europe, so must start to get pushed about certification as well, and feature sets for commercial vessels.
Cheers
The new B310 should definitely be added to this list! This is the more rugged/industrial/powerfull workhorse compared to the B One for more demanding data-intensive marine environments and still affordable.
Yes, I agree with you Nik!
Over the past few years, it has become increasingly common for Peplink routers to be evaluated directly against dedicated cybersecurity measurement tools, rather than being assessed solely as connectivity platforms supported by third-party security solutions.
Few devices I’d like to be adding to the list:
Entry segment:
New Balance 310 HW revision
BR1 Mini 5G
Middle segment:
New Balance 580x HW revision
High end solutions:
Blance 1350 EC
AP & Switches defenitly a plus! (also including any future SD Rugged Switches!)
Historically, Peplink devices have often been positioned as SD-WAN routers, with third-party firewalls, security services, or other specialized tools. However, It’s not uncommon to get questions about the Peplink routers mesured against modern cybersecurity standards and best practices.
Because of this shift, it’s important that cybersecurity measurements evolve to reflect today’s threat landscape and expectations. Baseline protections that were once considered sufficient may now be tested against more advanced criteria such as:
But also Maritime specific standards like you mentioned earlier.
It’s about the evaluation landscape has changed and ensuring that cybersecurity measurements reflect current operational realities and risk models.
@Captain_Nik @JoeyJanssen I would like clarify about the purpose for the internet connectivity. Is it for crew internet only or is it used for other purposes as well. Additional details would be helpful as it affects certification.
ps. I think I know the answer, but I do not want to make any assumptions.
Great question - the answer is not a straight yes or no and the requirements put on equipment is not just “deliver” internet and a firewall.
But…
Yes - The purpose of the devices is to provide internet for Crew under requirements by seafarers contracts. They must have a way to contact their families and friends whilst onboard.
The requirements are also entangled with the need for updates of Charts, Emails for operations and many other things. Remote Access to systems onboard and so on.
These last set of requirements are what drives the Cyber Security Compliance part of this - and hence why products with active protection like Kerio, Cisco, Ubiquitui and so on are compliant whilst Peplink is not.
Along with the Wheelmark Certification as well.