Extended Operational and Trade Vocabulary

Maritime Cybersecurity, IACS Cyber Rules, and Incidents glossary

Terminology of shipboard cybersecurity under IACS rules: class notations and capability levels such as ABS CyberSafety, access control lists segmenting OT networks, Active Directory footholds in ransomware incidents, AIS spoofing of identity and position, and the cyber-resilience requirements and recorded attacks shaping merchant-fleet and offshore-unit defenses.

288 defined terms.

Showing 250 on this page (page 1 of 2).

A

ABS CyberSafety: ABS class notation framework for cyber resilience.
ABS CyberSafety Volume 2: The ABS guidance document on cybersecurity for the marine and offshore industries, defining capability levels CS1 through CS3.
Access Control List (ACL): Rule set on a router, switch or firewall that permits or denies traffic by source, destination, port or protocol.
Active Directory: Microsoft directory service occasionally deployed on larger ships and at shore offices to centralize authentication, encryption keys, and group policy for crew workstations.
Air gap: Vertical distance from the fuel surface to the top of the tank, used in ullage measurement.
AIS (Automatic Identification System): Class A/B transponder per ITU-R M.1371.
AIS Spoofing: Falsifying AIS data (MMSI, position, identity) to disguise vessel movements.
AIS-SART: AIS Search and Rescue Transmitter for survival craft.
Anomaly Detection: Security monitoring technique that flags deviations from a learned baseline of shipboard network or process behavior.
Anti-virus Whitelisting: An application allow-list approach favored for ECDIS, IBS, and PMS workstations where signature-based AV is unsuitable due to type-approval constraints.
APT (Advanced Persistent Threat): A long-running, well-resourced threat actor, several of which have targeted port authorities, shipping lines, and offshore operators.
Asset Inventory: Documented list of hardware, software and firmware required by NIST CSF Identify and IEC 62443 ZCR 1.
AutoChief: Kongsberg main engine remote control and safety system, current generation AutoChief 600.
Autonomous Surface Vessel (ASV): Self-operating surface craft.
Availability: Fraction of operating time a machinery item is ready to perform its function.

B

Backdoor: Hidden method of bypassing normal authentication, commonly planted by APT actors.
Backup Generator Control System: The PLC-driven controller for emergency diesel generators, an OT asset within IACS UR E26 scope.
Bastion Host: Hardened jump server placed in a DMZ to broker administrative access into a protected zone.
BeiDou: The Chinese global navigation satellite system, used as one of the constellations in a multi-GNSS receiver on autonomous vessels.
BIMCO: Baltic and International Maritime Council, drafter of standard maritime contracts.
BIMCO Cyber Clause 2019: The standard contract clause requiring parties to implement cybersecurity procedures and assign liability for cyber incidents.
BIMCO Cyber Security Onboard Ships v4 (2020): The fourth edition of the joint industry guidelines, aligned with NIST CSF Identify, Protect, Detect, Respond, Recover functions.
Black Sea GPS Spoofing (June 2017): An incident in which more than 20 vessels near Novorossiysk reported GPS positions placed onshore at Gelendzhik airport, widely cited as the first mass civilian GNSS spoofing event.
BNWAS (Bridge Navigational Watch Alarm System): Required by SOLAS V/19.2.2.3, a watchkeeping monitor whose alarm logic is a candidate target for tampering.
Boot Integrity: The verification of firmware and operating system load on ECDIS, GMDSS, and IBS components, addressed by UEFI Secure Boot or vendor-specific equivalents.
Bridge Equipment Network: The Ethernet or IEC 61162-450 network connecting ECDIS, radar, AIS, GPS, gyro, and conning displays, a high-impact OT segment.
Brute Force: Credential guessing attack; default credentials on VSAT terminals remain a common initial access vector.
BV Cyber Managed: Bureau Veritas cybersecurity notation for vessels with managed cyber risk programs.
BV NR 659: The Bureau Veritas rule note "Rules on Cyber Security for the Classification of Marine Units," providing cyber-secure and cyber-managed notations.

C

C-FRAME: The cyber resilience framework cited in various class society guidance, referencing NIST CSF functions tailored to shipboard environments.
CAN Bus: A controller area network commonly used as a low level bus between onboard sensors and actuators in smaller autonomous craft.
CANopen: A higher-layer protocol on CAN often used on Kongsberg, MAN, and Wartsila marine equipment.
Cargo Stowage System: The cargo planning software (for example StowMan, MACS3, CASP) that has been targeted in ransomware events against terminals and lines.
CASP: Container Acceleration and Stowage Program, a lashing calculation tool used by some operators and class societies.
CCTV (Closed-Circuit Television): Shipboard surveillance often running on dedicated NVRs with weak default credentials, used as a pivot point in red-team exercises.
Chart Update Vector: The mechanism (CD, USB, email, or satcom download) by which ENC permits and updates reach ECDIS, a recognized malware delivery path.
CIRT (Computer Incident Response Team): The shore-based or fleet team handling cyber incident triage, escalation, and recovery.
CISA Maritime Bulk Liquids Transfer Cybersecurity Voluntary Guidelines: The 2020 US Cybersecurity and Infrastructure Security Agency guidance for tanker-to-shore transfers.
Class Notation: Class society designation reflecting compliance with construction and equipment rules incorporated into SOLAS by reference.
ClassNK Cyber Resilience: Nippon Kaiji Kyokai notation covering cyber resilience for ships and shipboard systems.
CMA CGM Ransomware (September 2020): The Ragnar Locker ransomware attack that disabled CMA CGM booking systems for roughly two weeks beginning 28 September 2020.
Command and Control (C2): Channel used by attackers to issue instructions to compromised systems.
Compensating Control: Alternate safeguard used when a required control is not feasible.
Conning Display: Bridge display aggregating navigation data, often part of IBS.
COSCO Ransomware (July 2018): The 24 July 2018 ransomware incident that crippled COSCO Shipping Lines' US operations, requiring fallback to phone and email for weeks.
CSO (Company Security Officer): The shore-based officer designated under the ISPS Code whose responsibilities PSC examines during security inspections.
CVE (Common Vulnerabilities and Exposures): The MITRE-administered identifier system used to track specific vulnerabilities in maritime products such as VSAT modems.
CVE-2017-3216: A Cobham SAILOR 900 VSAT default credential issue tracked by ICS-CERT.
CVE-2018-5728: A Cobham EXPLORER 710 BGAN terminal vulnerability disclosed in 2018, illustrating satcom risk.
CVSS: Common Vulnerability Scoring System for rating the severity of disclosed vulnerabilities.
Cyber Hygiene: Routine practices (patching, passwords, segmentation) reducing OT/IT risk.
Cyber Risk Management: Process required by IMO Resolution MSC.428(98) to be addressed in the Safety Management System.

D

Default Credentials: Unchanged factory passwords, the leading cause of compromise in satcom and bridge equipment as documented by Pen Test Partners' Maritime research.
Defense in Depth: Layered security strategy combining technical, procedural, and physical controls.
DGPS (Differential GPS): GPS augmentation using ground reference stations for corrections.
DHCP Snooping: Switch feature that blocks rogue DHCP servers, used to protect bridge LANs.
Digital Twin: Software model of a physical asset such as a Triple-E class container ship used for performance and predictive maintenance.
DMZ (Demilitarized Zone): A buffer network between IT and OT recommended by IEC 62443 and adopted in IACS UR E26 reference architectures.
DNV Cyber Secure: DNV class notation for cyber-secure ships.
DNV ShipManager Ransomware (January 2023): The 7 January 2023 cyber attack on DNV's ShipManager fleet management software, affecting around 70 customers and roughly 1,000 vessels.
DNV-RP-0496: The DNV recommended practice "Cyber security resilience management for ships and mobile offshore units in operation."
DOC, Document of Compliance: ISM Code certificate issued to a shipping company.
DPI (Deep Packet Inspection): A firewall feature used to police NMEA 0183, IEC 61162-450, and Modbus traffic on shipboard segmented networks.

E

ECDIS (Electronic Chart Display and Information System): SOLAS-mandated electronic chart system.
ECDIS Chart Load Attack: A malware delivery technique that hides a payload in S-57 or S-63 chart update files or accompanying installers.
ECDIS Type Approval: The compliance status under IMO MSC.232(82) performance standards, which historically constrained operators from applying OS patches.
ECoS (Engine Control System) MAN: The MAN Energy Solutions two-stroke engine control system, in scope as OT under IACS UR E26.
EGNOS: European SBAS augmentation system.
Emergency Shutdown System (ESD): Fail-safe system halting cargo flow; ESD-1 stops pumps and valves, ESD-2 also activates ERS to disconnect arms.
ENC Electronic Navigational Chart: S-57 and S-101 vector charts distributed via authorized services such as Primar and IC-ENC.
Endpoint Detection and Response (EDR): Cyber tooling for shipboard endpoints.
Engine Room LAN: The Ethernet network linking AMS, alarm, and propulsion HMIs, regarded as a critical OT zone.
ESD (Electronic Sailing Directions): Digital nautical publications, another USB-mediated update vector.
Ethernet to Serial Converter: A bridge between IEC 61162-1 NMEA 0183 devices and Ethernet, often unauthenticated and exposed to layer-2 attacks.
EU NIS1 Directive: Directive (EU) 2016/1148, the predecessor that first designated maritime transport as a critical sector.
EU NIS2 Directive: 2022 EU cyber directive covering critical infrastructure including ports.

F

Fail to Manual: The bridge procedure for reverting from integrated to manual control if cyber compromise of ECDIS, autopilot, or thruster control is suspected.
Fail-Safe: Design principle ensuring failure of one element does not cause progressive collapse.
FAL.1/Circ.3/Rev.2: See MSC-FAL.1/Circ.3/Rev.2.
Federal Maritime Cybersecurity Executive Order: US Executive Order 14116 of 21 February 2024 strengthening maritime cybersecurity at US ports, including USCG authority to set minimum standards.
FIPS 140-3: NIST cryptographic module standard, superseding FIPS 140-2 from April 2022.
Firewall: Network device enforcing traffic policy between zones.
Firmware Signing: Cryptographic verification of firmware before installation on shipboard equipment.
FleetBroadband: Inmarsat L-band IP service in 150, 250 and 500 kbps classes (e.g., FB150, FB250, FB500).
FleetXpress: The Inmarsat combined Ka-band and L-band service, a primary external connectivity path on many merchant vessels.
FMEA (Failure Modes and Effects Analysis): A structured analysis extended to cyber failure modes during IACS UR E26 design reviews.
Forensic Readiness: The pre-incident capability (log retention, time sync, chain-of-custody) needed for credible post-incident investigation onboard.
FortiGate, Palo Alto, Cisco ASA: Enterprise firewall platforms commonly deployed in shipowner fleet networks and bridging shore to ship VPNs.

G

Galileo: EU GNSS constellation.
Gap Analysis: The required step in implementing MSC.428(98) to compare current SMS controls against recognized cyber frameworks.
GLONASS: Russian GNSS constellation.
GMDSS (Global Maritime Distress and Safety System): SOLAS communications framework.
GNSS Jamming: Deliberate radio interference blocking satellite navigation.
GNSS Spoofing: Transmission of false signals to mislead PNT receivers.
GPS L1 C/A: Civilian GPS signal on 1575.42 MHz.
GPS Week Number Rollover: The 6 April 2019 GPS epoch rollover that affected some shipboard receivers, illustrating dependence on vendor firmware updates.
Guidelines on Cyber Security Onboard Ships: The full title of the BIMCO-led industry guidelines, currently in version 4.

H

Hardening: Cumulative physical and procedural measures making a vessel a less attractive target.
HMI (Human Machine Interface): The operator panel on PMS, AMS, ECoS, and similar OT systems, a frequent target of unauthorized access.
HMM: HMM Co., Korean container line in the Premier Alliance.
Honeypot: Decoy system used to attract attackers and learn their techniques.
Hostage Crew Risk: The operational concern that ransomware on bridge or engine systems may strand a vessel or trigger emergency response.

I

IACS (International Association of Classification Societies): Coordinating body whose members (ABS, BV, CCS, ClassNK, CRS, DNV, IRS, KR, LR, PRS, RINA, RS) provide most HKC SoC and IHM verification services.
IACS Recommendation No. 166: The earlier IACS guidance "Recommendation on Cyber Resilience," consolidating 12 prior recommendations and effectively superseded for newbuildings by URs E26/E27.
IACS UR E26: Cyber resilience of ships (new builds 1 Jul 2024+).
IACS UR E27: Cyber resilience of on-board systems and equipment (new builds 1 Jul 2024+).
ICS Pilot Card: A pilot information document, originally paper, now sometimes a tablet-based application introducing additional cyber risk.
ICS-CERT: Former US ICS computer emergency response team, now part of CISA as Industrial Control Systems.
IEC 61162-1: NMEA 0183 standard for navigation data interconnection.
IEC 61162-450: Ethernet-based marine network standard.
IEC 61162-460: Part of the IEC 61162 series specifying additional requirements for safe and secure data transmission on shipboard Ethernet networks.
IEC 62443: Industrial automation security standard, applied in OT shipboard networks.
IEC 62443-3-3: System security requirements and security levels SL1 to SL4.
IEC 62443-4-2: Technical security requirements for IACS components.
IMO Resolution MSC.428(98): 2017 resolution requiring cyber risks to be addressed in the SMS from the first DOC annual verification after 1 January 2021.
Incident Response Plan: Documented procedures for detecting, containing and recovering from cyber incidents.
Inmarsat C: Polling/EGC/SafetyNET service in GMDSS.
Inmarsat Fleet One, FleetBroadband, FleetXpress, NexusWave: Successive Inmarsat maritime services, all of which present management interfaces requiring hardening.
Insider Threat: Cyber/security risk from authorized personnel.
Integrated Bridge System (IBS): SOLAS V/15 governed system combining ECDIS, radar, conning, and autopilot; a Cat III CBS under IACS UR E26.
Integrated Navigation System (INS): An IEC 61924-2 system aggregating sensors, again increasing cyber attack surface.
Intrusion Detection System (IDS): Sensor that detects malicious activity, OT specialists include Nozomi, Dragos, Claroty and Defender for IoT.
ION Markets (January 2023): The 31 January 2023 LockBit ransomware attack on ION Cleared Derivatives, disrupting commodities and shipping derivatives trading.
IoT Sensors: Container tracking, reefer monitoring, and engine telemetry devices that bring new cellular and LPWAN attack surfaces.
IPMI / iLO / iDRAC: Out-of-band server management interfaces aboard ship and at terminals, frequently mismanaged.
IRClass Cyber Managed: The Indian Register of Shipping notation for vessels meeting IRClass cybersecurity requirements.
IRS Cyber: The Indian Register of Shipping cyber risk management notation aligned with IACS Rec. 166 and now URs E26/E27.
ISM Code: International Safety Management Code, mandatory under SOLAS IX.
ISO/IEC 27001: Information security management standard widely adopted in shipping.
ISO/IEC 27005: Guidance on information security risk management.

J

Jamming Detector: A receiver feature (AGC monitoring, C/N0 anomaly detection) used to flag GNSS denial events at sea.
Jump Box: See Bastion Host.
Just-in-time Access: A privileged-access model used by managed service providers to limit exposure of OT credentials.

K

K-Bridge: Kongsberg integrated bridge system.
K-Chief: Kongsberg integrated automation system family for merchant and offshore vessels.
K-Sat / Kongsberg Satellite Services: A satcom and earth observation provider whose services interact with vessel monitoring.
Kerch Strait Incidents: A series of reported GNSS disruption events in the Kerch Strait around the 2018 Ukrainian naval vessel seizure and subsequent operations.
Key Management: Lifecycle handling of cryptographic keys including generation, distribution, storage, rotation, and destruction.
Killware: A class of attack intended to cause physical harm, conceptually applicable to shipboard ESD, propulsion, or steering systems.
Kongsberg AutoChief: Propulsion remote control system from Kongsberg Maritime often paired with K-Chief PMS.
KR Cyber Safety: The Korean Register notation series "KR-CSP" for cyber safety on ships.
KVH TracPhone: A widely deployed VSAT terminal family whose AgilePlans service has had public security advisories.

L

Lateral Movement: Adversary technique of pivoting from an initial foothold to other hosts.
Least Privilege: Principle that users and processes have only the permissions necessary.
Legacy System: Equipment that has reached end of vendor support, common on board ships with long lifecycles.
Lloyd's Register ShipRight CSR-CR: The "Cyber Security and Cyber Resilience" descriptive note in Lloyd's Register ShipRight procedures.
Lockheed Cyber Kill Chain: A mental model occasionally applied to maritime intrusion analysis, though more commonly the MITRE ATT&CK ICS matrix is used.
LoRaWAN: A low-power wide-area network protocol used in some port asset tracking, with its own security caveats.
LR Cyber Security Capability Levels: Levels Mature, Performing, Secure, and Premium under the LR ShipRight framework.
LR Guidance Notes for Cyber Security: The Lloyd's Register procedure ShipRight CSR-CR set, encompassing accept, secure, and perform tiers.
LRIT Long Range Identification and Tracking: SOLAS V/19-1 mandatory long range tracking system.
LRR (Long Range Reporting): A category of telemetry whose integrity depends on satcom terminal security.

M

MAC Address Filtering: A weak control, often defeated, used on poorly hardened bridge Ethernet switches.
Maersk NotPetya June 2017: NotPetya wiper destroyed approximately 49,000 endpoints, 4,000 servers and 2,500 applications across Maersk; reported loss about USD 300 million.
MAN ECoS: See ECoS; the MAN B&W two-stroke engine control system.
MAR Sec USCG NVIC 01-20: See NVIC 01-20.
Maritime Bulk Liquids Transfer Cybersecurity Framework Profile: A US NIST/USCG profile providing CSF guidance for tanker-to-shore transfers.
Maritime Cyber Alliance: An informal coalition of shipping companies, ports, and class societies sharing cyber threat intelligence.
Maritime Cyber Risk Management: IMO defined process to identify, analyze, assess and communicate cyber related risks.
MARSEC Directive 105-6: The USCG cybersecurity-related Maritime Security directive whose details remain Sensitive Security Information.
MARSEC Levels 1, 2, 3: The US Maritime Security threat levels, into which cyber threat indicators feed under USCG policy.
MaXAR / MarTrust / Maritime Authority Bulletins: Various advisory channels disseminating cyber and GNSS warnings to mariners.
Mediterranean GNSS Interference: Recurrent jamming reported by shipping near Libya, Cyprus, and the Levant.
Microsoft Windows XP Embedded: A common ECDIS underlying OS that contributed to the WannaCry exposure on some vessels in May 2017.
MITRE ATT and CK for ICS: ATT and CK matrix for industrial control systems.
Modbus TCP: An industrial protocol used between PLCs and HMIs, unauthenticated by default, frequently found on engine room networks.
MSC (Mediterranean Shipping Company) Ransomware (April 2020): The cyber attack against MSC headquarters in Geneva announced on 10 April 2020, taking myMSC down for several days.
MSC-FAL.1/Circ.3/Rev.2: 2022 joint guidelines on maritime cyber risk management.
MSC.1/Circ.1638: The IMO Maritime Safety Committee Interim Guidelines for MASS Trials issued in June 2021.

N

National Risk Management Center (NRMC): A US CISA capability that includes maritime transportation systems analysis.
Network Segmentation: Division of a network into zones with controlled inter-zone communication.
NIST CSF 2.0: 2024 release of the Cybersecurity Framework adding the Govern function alongside Identify, Protect, Detect, Respond, and Recover.
NIST Cybersecurity Framework (CSF): The voluntary framework whose functions Identify, Protect, Detect, Respond, Recover (with Govern added in CSF 2.0, February 2024) underpin BIMCO and USCG guidance.
NIST SP 800-82: US guide to industrial control systems security, applicable to shipboard OT.
NMEA 0183: Marine electronics serial data standard.
NMEA 2000: CAN-based marine data network.
NMEA OneNet: Ethernet based marine networking standard developed by NMEA for IP based navigation networks.
NotPetya: June 2017 wiper malware that propagated through MeDoc Ukrainian tax software, impacting Maersk and others.
NVIC 01-20: USCG Navigation and Vessel Inspection Circular providing guidelines for addressing cyber risks at MTSA regulated facilities.
NVIC 02-24: USCG Navigation and Vessel Inspection Circular addressing cybersecurity-related guidance issued in 2024.
NVIC 09-02 Change 6: The USCG NVIC update enrolling cyber risk into MTSA Facility Security Assessments.

O

OCIMF: Oil Companies International Marine Forum, owner of SIRE.
OFAC Sanctions Advisory on Ransomware: The US Office of Foreign Assets Control 2021 advisory clarifying sanctions risk when paying ransoms, directly relevant to shipping victims.
One Way Data Diode: A hardware device permitting data flow in only one direction, used between OT and IT zones on advanced builds.
OT (Operational Technology): Shipboard control systems (engine, cargo, navigation).
OT/IT Convergence: Integration creating shared cyber attack surface.

P

Patch Management: Cyber-control practice for shipboard systems.
Pen Test Partners Maritime: A UK consultancy whose public research has documented satcom, ECDIS, and bridge equipment vulnerabilities since 2016.
Penetration Testing: Authorized simulated attack on a system to identify exploitable vulnerabilities.
PKI (Public Key Infrastructure): Cryptographic trust framework for eBL/SSAS.
PLC Programmable Logic Controller: Industrial controller used in engine room, cargo and ballast systems.
Port of Antwerp Drug Trafficking Cyber Intrusion (2011-2013): A multi-year intrusion in which traffickers compromised terminal IT to manipulate container release codes.
Port of Barcelona (September 2018): The 20 September 2018 cyber attack against Port of Barcelona IT systems, contemporaneous with the Port of San Diego incident.
Port of Houston Attempted Intrusion (August 2021): A confirmed but unsuccessful intrusion attempt against the Port of Houston Authority disclosed by CISA in September 2021.
Port of London Authority Website Attack (May 2022): A denial-of-service attack against PLA's public-facing website claimed by a pro-Iranian group.
Port of San Diego (September 2018): The 25 September 2018 ransomware attack against the Port of San Diego administrative systems.
Power management system (PMS): Generator load sharing and start/stop logic.
PPP-RTK: Precise GNSS augmentation services whose integrity is also threatened by jamming and spoofing.
Pratt & Whitney / Wartsila Genset Controllers: Examples of CAN-bus and Ethernet-connected engine controllers in OT scope.
Privileged Access Workstation (PAW): Hardened admin host used to manage OT systems, a NIST SP 800-82r3 recommendation.

Q

Qbot / Qakbot: A commodity banking trojan and loader used in 2020-2023 intrusion sets including some maritime sector victims.
QR Code Phishing: A delivery technique observed against seafarers using fake crewing portal codes.
QZSS (Quasi-Zenith Satellite System): The Japanese regional augmentation to GPS, providing some resilience in East Asian waters.

R

Ragnar Locker: Ransomware group linked to the September 2020 CMA CGM attack.
Ransomware: Malware encrypting systems and demanding payment; major shipping cyber threat.
Recovery Time Objective (RTO): Maximum acceptable downtime, often very short for safety-critical OT.
Red Sea GNSS Interference: Recurrent jamming reported by transiting vessels in 2023-2024 alongside Houthi missile and drone activity.
Remote Access: Network access to shipboard systems from outside the vessel, requiring strong authentication and segmentation.
RINA Cyber Resilience: RINA notation addressing cyber resilience of shipboard systems.
Risk assessment: Documented evaluation of hazards.
Royal Mail Ransomware (January 2023): The 10 January 2023 LockBit attack that suspended Royal Mail International export services for weeks.
RPMA: A long-range industrial wireless technology occasionally used at terminals.
RTCM SC-104: The Radio Technical Commission for Maritime Services special committee responsible for DGNSS standards.

S

S-100: IHO Universal Hydrographic Data Model framework.
S-63: IHO standard for ENC data protection.
S-VDR (Simplified Voyage Data Recorder): The reduced VDR variant for existing cargo ships under MSC.163(78), within cyber scope as a data source for incident reconstruction.
SafeSeaNet: EU ship reporting network whose data integrity supports STM and is in scope for NIS2 protection.
Safety Instrumented System (SIS): An IEC 61511 system whose integrity must be preserved against cyber compromise on tankers and offshore units.
SAILOR 900 VSAT: A Cobham (now Thrane & Thrane) VSAT antenna and control unit family whose web management interfaces have been a recurring research target.
SatCom Direct, Marlink, Speedcast, Navarino, Inmarsat: Major maritime satcom providers whose customer terminals and portals form part of the shipboard attack surface.
SBSA (Shipboard Security Assessment): The ISPS assessment, now commonly extended to cover cyber risks.
SCADA: Supervisory Control and Data Acquisition system for distributed industrial processes.
SCEF (Security Control Effectiveness Framework): A class society and BIMCO tool to assess maturity of cyber controls aboard.
Secure Boot: Mechanism that verifies firmware and operating system images before execution.
Security Information and Event Management (SIEM): Cyber correlation platform.
Segregated Network: A discrete physical or logical OT segment, foundational to BIMCO and IACS UR E26 architectures.
Shanghai 2019 GPS Anomalies: The 2019 pattern of GPS "circle" spoofing observed near the Huangpu River in Shanghai, documented by C4ADS and SkyTruth in November 2019.
Sigfox: A low-power wide-area protocol occasionally found in port asset tracking.
Singapore MPA Cyber Standard: Guidance issued by the Maritime and Port Authority of Singapore on cyber security for harbor craft and shipping.
SOC (Security Operations Center): 24x7 monitoring facility; maritime examples include Marlink's NOC and DNV's Cyber Operations Center.
SOLAS Chapter IX: Convention chapter incorporating the ISM Code through which IMO cyber requirements are enforced.
SSAS (Ship Security Alert System): SOLAS XI-2/6 alert system.
Starlink Maritime: SpaceX LEO maritime broadband service.
Steerprop / Rolls-Royce / Kongsberg Azimuth Thrusters: Modern thruster control systems whose CAN and Ethernet links are in OT scope.
Strait of Hormuz GNSS Interference: Recurrent jamming and spoofing reports in 2019 and beyond, contributing to several merchant ship navigation incidents.
Supply Chain Attack: Compromise via a trusted vendor or component, as in SolarWinds and MOVEit.
System Hardening Guide: A class society or vendor document specifying configuration baselines for OT equipment.

T

Tabletop Exercise: Discussion based exercise simulating an incident scenario.
TCS (Track Control System): A type-approved system under IMO MSC.74(69) Annex 2 that automates ECDIS-driven steering, with elevated cyber criticality.
Telecom Italia Sparkle / Singtel / NTT: Underlying telecom carriers behind some maritime VSAT services, included in supply chain risk assessments.
Threat Intelligence: Curated information on adversaries, their tools, techniques, and procedures used to inform defense.
Three Lines of Defense: A governance model adopted by many shipping companies for cyber risk, with operations, oversight, and audit roles.
Tianjin Port Cyber Incident: Various reports of localized IT disruption in 2020 affecting terminal operations.
TLP (Traffic Light Protocol): A standard for marking shared threat intelligence among shipping companies and authorities.
Token Theft: A modern attacker technique against shoreside Microsoft 365 and other SaaS tenants used by shipping companies.
Toll Group Ransomware (January and May 2020): Two ransomware incidents (Mailto in January, Nefilim in May) against Australian logistics operator Toll Group, often cited alongside maritime cases.
TraceTogether / Crew Tracing Apps: Pandemic-era tools that introduced new privacy and credential risks for ships.
TRAILBLAZER: A code-name unrelated to maritime, included here only as an example of why fictional code-names should not be cited; refer to verified incident reports.
Transas (Wartsila Voyage): An ECDIS, VDR, and bridge equipment supplier whose user base is broad enough to make supply-chain hygiene material.
Two-Factor Authentication (2FA): A control required by most class cyber notations for privileged shoreside access to fleet systems.