Extended Operational and Trade Vocabulary

Maritime Cybersecurity, OT and IT glossary

The cybersecurity vocabulary spanning operational and information technology: integrated automation systems (ABB Marinx), the ABS CyberSafety notations, access control lists, Active Directory in fleet offices, and the OT attack surfaces (ECDIS, engine control LANs). Grounds each term in the shipboard system or network control it protects.

308 defined terms.

Showing 250 on this page (page 1 of 2).

A

ABB Marinx: ABB integrated automation and marine control system installed on tankers, offshore and cruise vessels.
ABS CyberSafety: ABS class notation framework for cyber resilience.
Access Control List (ACL): Rule set on a router, switch or firewall that permits or denies traffic by source, destination, port or protocol.
Acoustic Modem: Underwater communications device used by AUVs and subsea assets, an emerging cyber attack surface.
Active Directory (AD): Microsoft directory service widely deployed in shipowner head offices and increasingly on vessel domain controllers.
Advanced Persistent Threat (APT): Well resourced threat actor, often state aligned, that maintains long term covert access to a target network.
Adversary Emulation: Red team exercise that imitates a specific threat actor's known tactics, techniques and procedures.
Air gap: Vertical distance from the fuel surface to the top of the tank, used in ullage measurement.
AIS (Automatic Identification System): Class A/B transponder per ITU-R M.1371.
AIS Spoofing: Falsifying AIS data (MMSI, position, identity) to disguise vessel movements.
AISA: Australian Information Security Association, professional cyber body in Australia.
Alarm and Monitoring System: Shipboard system that aggregates engine, cargo and auxiliary alarms, often integrated with the IAS.
Allianz Cyber: Cyber insurance line written by Allianz Global Corporate and Specialty, including marine endorsements.
ANSSI: Agence nationale de la securite des systemes d'information, the French national cybersecurity authority.
Anti-malware: Software that detects, blocks and removes malicious code on endpoints and servers.
Anti-spoofing GNSS Receiver: Receiver with techniques such as multi-antenna direction of arrival and signal authentication to resist GPS spoofing.
Antwerp Port Hack 2011 to 2013: Drug trafficking case where attackers compromised port IT systems to release containers, prosecuted in Belgium and the Netherlands.
Aon Cyber: Broking practice within Aon specializing in cyber insurance placement and incident response retainers.
AP Moller Maersk: Danish liner operator hit by NotPetya in June 2017 with reported losses of about USD 300 million.
Application Whitelisting: Endpoint control allowing only approved executables to run, a key OT defense.
Asset Inventory: Documented list of hardware, software and firmware required by NIST CSF Identify and IEC 62443 ZCR 1.
Attack Surface: Sum of all paths through which an unauthorized user can attempt to access a system.
Attack Vector: Specific path used to deliver a payload, such as phishing email, USB drop or unpatched VPN.
Audit Log: Tamper evident record of security relevant events on a system, required by ISO/IEC 27001 A.8.15.
Authenticated Vulnerability Scan: Scan performed with valid credentials to enumerate missing patches and misconfigurations.
Autonomous Surface Ship: Vessel operating with varying degrees of autonomy, subject to the IMO MASS Code due for adoption May 2026.
Availability: Fraction of operating time a machinery item is ready to perform its function.

B

Backdoor: Hidden method of bypassing normal authentication, commonly planted by APT actors.
Backup: Copy of data or system state retained for restoration after loss or compromise.
Ballast Water Management System (BWMS): Type-approved per MEPC.300(72) BWMS Code.
Baseline Configuration: Documented secure configuration of a system used to detect drift.
Bastion Host: Hardened jump server placed in a DMZ to broker administrative access into a protected zone.
BCP Business Continuity Plan: Plan defining how critical functions continue during disruption.
BEC Business Email Compromise: Fraud where attackers impersonate executives or vendors to redirect payments, common in bunker and charter party transactions.
BIMCO Guidelines on Cyber Security Onboard Ships Version 4: 2021 guidance co-authored with ICS, INTERTANKO, INTERCARGO, OCIMF, CLIA, SYBAss, WSC and IUMI.
Black Sea GPS Incident June 2017: US Maritime Administration advisory 2017-005 reporting about 20 vessels showing positions inland near Novorossiysk, an early documented GNSS spoofing event.
BlackBasta: Ransomware as a service group active since April 2022, linked to attacks on shipping and logistics.
BlueBorne: 2017 set of eight Bluetooth vulnerabilities affecting Android, Linux, Windows and iOS devices.
BMS Ballast Water Management System: See BWMS.
Bridge Network: Onboard LAN connecting ECDIS, radar, conning displays, AIS and VDR, typically Ethernet over IEC 61162-450.
Brute Force RDP: Repeated guessing of Remote Desktop Protocol passwords, a common ransomware initial access vector.
BSI Germany: Bundesamt fur Sicherheit in der Informationstechnik, the German federal cybersecurity authority.
BunkerTrace: Fleet bunker tracking solution from Forecast Technology and Authentix used to verify fuel chain of custody.
BV Cyber Managed: Bureau Veritas cybersecurity notation for vessels with managed cyber risk programs.

C

CAVP: NIST Cryptographic Algorithm Validation Program, predecessor and companion to CMVP.
CCN-CERT: Spanish national CERT operated by the Centro Criptologico Nacional.
CERT-FR: French government CERT operated by ANSSI.
CFR Title 33 Part 105: US Coast Guard regulation under MTSA covering facility security, including cyber elements.
Chain of Custody: Documented handling of digital evidence during a cyber incident investigation.
Charter Party Platform: Online platform such as Sea/net or ShipServ used to negotiate fixtures, a BEC target.
CIA Triad: Confidentiality, Integrity and Availability, the classical information security model.
CISA: US Cybersecurity and Infrastructure Security Agency established 2018, which absorbed ICS-CERT.
CISO: Chief Information Security Officer overseeing IT/OT cyber governance.
Cl0p: Ransomware group responsible for the 2023 MOVEit Transfer mass exploitation campaign.
CL380: Lloyd's Market Association cyber attack exclusion clause used in marine hull policies.
ClassNK Cyber Resilience: Nippon Kaiji Kyokai notation covering cyber resilience for ships and shipboard systems.
CLIA: Cruise Lines International Association, the global cruise industry trade body.
CMA CGM Ragnar Locker Incident September 2020: Ransomware attack on the French liner operator that disrupted booking systems.
CMVP: NIST and CCCS Cryptographic Module Validation Program; current Go FIPS module is CMVP certificate 5247.
Command and Control (C2): Channel used by attackers to issue instructions to compromised systems.
Compensating Control: Alternate safeguard used when a required control is not feasible.
Confidentiality: Property that information is not disclosed to unauthorized parties.
Conning Display: Bridge display aggregating navigation data, often part of IBS.
Conti Ransomware: Russian speaking ransomware group active 2020 to 2022, leaked playbooks in 2022.
COSCO Shipping Lines Incident July 2018: Ransomware affected COSCO's US operations and Americas web and email systems for several days.
CRA: EU Cyber Resilience Act Regulation 2024/2847 imposing cybersecurity requirements on products with digital elements.
CSF v2.0: NIST Cybersecurity Framework 2.0 released February 2024 with the new Govern function alongside Identify, Protect, Detect, Respond, Recover.
CSIRT: Computer Security Incident Response Team, designated nationally under EU NIS2.
CVE-2017-0144 EternalBlue: SMBv1 vulnerability exploited by WannaCry and NotPetya.
CVE-2020-1472 Zerologon: Netlogon elevation of privilege vulnerability in Windows Server.
CVE-2021-26855 ProxyLogon: Microsoft Exchange Server SSRF vulnerability disclosed March 2021.
CVE-2021-34473 ProxyShell: Microsoft Exchange Server RCE vulnerability disclosed August 2021.
CVE-2021-44228 Log4Shell: Apache Log4j 2 JNDI RCE disclosed December 2021, affecting widespread Java applications including shipping software.
CVE-2023-34362 MOVEit: SQL injection in Progress MOVEit Transfer exploited by Cl0p in 2023.
Cyber Hygiene: Routine practices (patching, passwords, segmentation) reducing OT/IT risk.
Cyber Risk Management: Process required by IMO Resolution MSC.428(98) to be addressed in the Safety Management System.
Cyber Security Workbook for On Board Ship Use: Joint ICS and Witherby publication aligned with BIMCO guidelines.
CyberX: Industrial IoT and OT security platform acquired by Microsoft in 2020 and now part of Defender for IoT.

D

DarkSide: Ransomware group responsible for the May 2021 Colonial Pipeline attack with reported USD 4.4 million ransom.
Data Diode: One-way hardware enforced gateway used to send OT telemetry to IT without enabling reverse access.
Data Loss Prevention (DLP): Technology that inspects content to prevent unauthorized data transfer.
DDoS Distributed Denial of Service: Attack flooding a target with traffic from many sources.
Defender for IoT: Microsoft OT and IoT detection platform incorporating CyberX technology.
Demilitarized Zone (DMZ): Network segment separating IT and OT systems on board.
DHCP Snooping: Switch feature that blocks rogue DHCP servers, used to protect bridge LANs.
Digital Twin: Software model of a physical asset such as a Triple-E class container ship used for performance and predictive maintenance.
DKIM: DomainKeys Identified Mail, email authentication standard RFC 6376.
DMARC: Domain-based Message Authentication, Reporting and Conformance, RFC 7489.
DNV Cyber Secure: DNV class notation for cyber-secure ships.
Domain Controller: Server hosting Active Directory services, prime target for ransomware actors.
DP Networks: Networks supporting dynamic positioning thrusters, references, gyros and operator stations, often dual redundant.
DP1, DP2, DP3: IMO MSC/Circ.645 dynamic positioning equipment classes used on offshore and cruise vessels.
Dragos: ICS and OT cybersecurity vendor focused on industrial threat detection and intelligence.
DRP Disaster Recovery Plan: Plan for restoring IT services after a disruptive event.
Dwell time: duration containers or cargo remain in the terminal.

E

ECDIS (Electronic Chart Display and Information System): SOLAS-mandated electronic chart system.
EDR: Endpoint Detection and Response, security tool category that records and analyzes endpoint behavior.
EFC Enterprise Fleet Control: Generic term for shore based fleet management consoles.
ENC Distribution: Authorized chart supply through Jeppesen, Primar Stavanger, IC-ENC and ChartWorld.
ENC Electronic Navigational Chart: S-57 and S-101 vector charts distributed via authorized services such as Primar and IC-ENC.
Eniram: Wartsila fleet performance and trim optimization platform.
ENISA: European Union Agency for Cybersecurity headquartered in Athens.
EternalBlue: NSA exploit leaked by Shadow Brokers in April 2017 and used in WannaCry and NotPetya.
EU Cyber Resilience Act: Regulation 2024/2847 requiring secure by design for products with digital elements sold in the EU.
EU NIS2 Directive 2022/2555: Network and Information Security Directive 2 covering maritime transport, applicable from 17 January 2025.

F

Fail Secure: Design that locks or denies access on failure.
Fail-Safe: Design principle ensuring failure of one element does not cause progressive collapse.
FIPS 140-3: NIST cryptographic module standard, superseding FIPS 140-2 from April 2022.
Firewall: Network device enforcing traffic policy between zones.
Firmware: Low level software embedded in devices such as VDRs, gateways and PLCs.
Fleet Performance Monitoring System: Shore platform such as Eniram, Nautilus Labs or DeepSea ingesting onboard sensor data.
Forensic Imaging: Bit for bit copy of storage media to preserve evidence.
FortiGate: Fortinet next generation firewall family commonly deployed at vessel-shore boundaries.
FortiOS: Fortinet operating system subject to multiple critical vulnerabilities including CVE-2022-40684.

G

Galileo: EU GNSS constellation.
GISIS: Global Integrated Shipping Information System, IMO's public and restricted-access database platform.
GLONASS: Russian GNSS constellation.
GNSS (Global Navigation Satellite System): Generic term for GPS, GLONASS, Galileo, BeiDou and SBAS.
Governance Function: New function added in NIST CSF 2.0 covering organizational risk strategy, policy and oversight.
GPS Jamming: Interference with GNSS signals, regularly reported in the eastern Mediterranean, Black Sea and Persian Gulf.
GPS Spoofing: Transmission of false GNSS signals causing receivers to compute incorrect positions.
Group Policy Object (GPO): Active Directory mechanism for enforcing security configuration.

H

Hapag-Lloyd Phishing 2024: Hamburg liner reported phishing attempts impersonating its booking and quotation systems in 2024.
Hash: Fixed length output of a cryptographic function such as SHA-256 used for integrity.
HatMan: Alternate name for Trisis/Triton malware targeting Schneider Electric Triconex safety controllers.
Hellenic Republic Public Power Corporation: Greek electricity utility hit by Egregor ransomware in February 2022.
Hiscox Cyber: Lloyd's syndicate writing cyber and marine cyber insurance.
HoneyNet: Network of decoy systems used to study attacker behavior.
HSE Health Service Executive Ireland: Hit by Conti ransomware in May 2021, illustrative for incident response cost.

I

IACS: International Association of Classification Societies, 12 members.
IACS Recommendation 166: Recommendation on cyber resilience.
IACS UR E22: Computer-based systems on board ships.
IACS UR E26: Cyber resilience of ships (new builds 1 Jul 2024+).
IACS UR E27: Cyber resilience of on-board systems and equipment (new builds 1 Jul 2024+).
IAS Integrated Automation System: Plant control system from vendors such as Kongsberg K-Chief, Wartsila NACOS and ABB Marinx.
IBN Integrated Bridge Navigation: Navigation system integrating ECDIS, radar, conning and autopilot.
IBS (Integrated Bridge System): SOLAS/IMO MSC.252(83) integrated navigation system.
IC-ENC: International Centre for Electronic Navigational Charts based in Taunton UK.
ICS Industrial Control System: Generic term for SCADA, DCS, PLC and safety systems.
ICS-CERT: Former US ICS computer emergency response team, now part of CISA as Industrial Control Systems.
IEC 60364-7-709: Electrical installation standard for marinas and pleasure craft shore connections.
IEC 61162-450: Ethernet-based marine network standard.
IEC 61850: Communication standard for substation automation, relevant to LNG terminals and shore power.
IEC 62443 Series: International standards for security of industrial automation and control systems.
IEC 62443-2-4: Security program requirements for IACS service providers.
IEC 62443-3-3: System security requirements and security levels SL1 to SL4.
IEC 62443-4-2: Technical security requirements for IACS components.
Immutable Backup: Backup that cannot be modified or deleted within its retention period, key defense against ransomware.
IMO MASS Code: Code for Maritime Autonomous Surface Ships expected for adoption in May 2026.
IMO Resolution MSC.428(98): 2017 resolution requiring cyber risks to be addressed in the SMS from the first DOC annual verification after 1 January 2021.
IMO Website Attack September 2020: Cyber attack disabled IMO public website and GISIS for several days.
IMS Integrated Monitoring System: Cargo, engine and auxiliary monitoring system on tankers and bulkers.
Incident Response Plan: Documented procedures for detecting, containing and recovering from cyber incidents.
Industroyer: Malware used in the December 2016 Ukrainian power grid attack, attributed to Sandworm.
Industroyer2: 2022 variant targeting Ukrainian electricity substations.
Inmarsat FleetBroadband: Higher-bandwidth IP service.
Insider Threat: Cyber/security risk from authorized personnel.
INTERCARGO: International Association of Dry Cargo Shipowners, co-author of BIMCO cyber guidelines.
INTERTANKO: International Association of Independent Tanker Owners.
Intrusion Detection System (IDS): Sensor that detects malicious activity, OT specialists include Nozomi, Dragos, Claroty and Defender for IoT.
Intrusion Prevention System (IPS): Inline device that blocks detected malicious traffic.
IoC Indicator of Compromise: Forensic artifact such as a hash, IP or domain associated with malicious activity.
IRClass Cyber: Indian Register of Shipping cyber notation series.
ISA/IEC 62443: Joint ISA and IEC industrial cybersecurity standard family.
ISMS Information Security Management System: ISO/IEC 27001 management system for information security.
ISO/IEC 27001:2022: Information security management system standard, current edition published October 2022.
ISO/IEC 27002:2022: Code of practice for information security controls.
ISO/IEC 27005: Guidance on information security risk management.
ISO/IEC 27017: Code of practice for information security controls for cloud services.
ISPS Code: International Ship and Port Facility Security Code, mandatory under SOLAS XI-2.
IT Information Technology: Business systems for data processing, communications and administration.
IUMI: International Union of Marine Insurance, co-author of BIMCO cyber guidelines.

J

Jamming: Radio frequency interference denying use of a service such as GNSS or VSAT.
Jeppesen Marine: Boeing subsidiary providing ENC distribution and route planning, now Jeppesen by Bing Maritime.
Jump Box: See Bastion Host.
Jump Server: Hardened intermediate host used for administrative access to a sensitive zone.

K

K-Bridge: Kongsberg integrated bridge system.
K-Chief: Kongsberg integrated automation system family for merchant and offshore vessels.
Kerberoasting: Attack against Active Directory service accounts using Kerberos service tickets.
Keylogger: Software or hardware that records keystrokes, used to harvest credentials.
Kongsberg Maritime: Norwegian supplier of bridge, automation and dynamic positioning systems.
KRACK: Key Reinstallation Attack on WPA2, disclosed 2017, affecting Wi-Fi confidentiality.

L

Lateral Movement: Adversary technique of pivoting from an initial foothold to other hosts.
Least Privilege: Principle that users and processes have only the permissions necessary.
LockBit: Ransomware as a service group active from 2019, disrupted by Operation Cronos in February 2024.
Log Aggregation: Centralized collection of logs for analysis, foundation of SIEM.
Log4Shell: See CVE-2021-44228.
LR Cyber AL1 to AL5: Lloyd's Register Assurance Level scheme for cyber on ships, AL1 to AL5.
LRIT Long Range Identification and Tracking: SOLAS V/19-1 mandatory long range tracking system.

M

Maersk NotPetya June 2017: NotPetya wiper destroyed approximately 49,000 endpoints, 4,000 servers and 2,500 applications across Maersk; reported loss about USD 300 million.
MARSEC Levels: ISPS Code maritime security levels 1, 2 and 3.
Marsh Marine Cyber: Cyber insurance practice within Marsh including marine specific wordings.
MASS Maritime Autonomous Surface Ships: Vessels operating at varying autonomy degrees, framed by the IMO MASS Code.
MFA Multi-Factor Authentication: Authentication using two or more independent factors.
Mimikatz: Open source credential dumping tool widely used in post exploitation.
MITRE ATT and CK: Public knowledge base of adversary tactics and techniques.
MITRE ATT and CK for ICS: ATT and CK matrix for industrial control systems.
Mondelez v Zurich 2022: Insurance dispute over NotPetya war exclusion settled in October 2022.
MSC Mediterranean Shipping Company Incident April 2020: Malware outage at MSC Geneva headquarters disabled myMSC web portal for several days.
MSC-FAL.1/Circ.3/Rev.2: 2022 joint guidelines on maritime cyber risk management.
MSC.428(98): IMO resolution on Maritime Cyber Risk Management in Safety Management Systems.
MSP Managed Service Provider: External IT or OT service provider, a common supply chain attack vector.
MTSA Maritime Transportation Security Act: US statute implemented in 33 CFR Parts 101 to 105, with cyber expectations clarified in NVIC 01-20.

N

NACOS Platinum: Wartsila SAM Electronics integrated bridge and automation platform.
NCSC UK: National Cyber Security Centre, part of GCHQ, established 2016.
Network Segmentation: Division of a network into zones with controlled inter-zone communication.
Network Tap: Passive device for mirroring traffic to a monitoring tool without affecting the link.
NIS2 Directive: See EU NIS2 Directive 2022/2555.
NIST CSF v2.0: NIST Cybersecurity Framework version 2.0, published 26 February 2024.
NIST SP 800-53 Rev 5: US federal security and privacy control catalog.
NIST SP 800-82 Rev 3: Guide to operational technology security, released September 2023.
Nmap: Open source network scanner used in vulnerability assessment.
NMEA 0183: Marine electronics serial data standard.
NMEA 2000: CAN-based marine data network.
NotPetya: June 2017 wiper malware that propagated through MeDoc Ukrainian tax software, impacting Maersk and others.
Nozomi Networks: OT and IoT visibility and threat detection vendor.
NVIC 01-20: USCG Navigation and Vessel Inspection Circular providing guidelines for addressing cyber risks at MTSA regulated facilities.

O

OCIMF: Oil Companies International Marine Forum, owner of SIRE.
OCIMF SIRE 2.0: Tanker inspection regime succeeding the SIRE program with a behavioral and cyber emphasis, launched 2024.
OCIMF VIQ 7: Vessel Inspection Questionnaire version 7, with Section 7.5 covering cyber security.
OPC UA: Industrial interoperability standard used in shipboard automation.
Operational Technology (OT): Control systems for shipboard automation.
OS-NMA: Galileo Open Service Navigation Message Authentication for spoofing resistance.

P

Patch Management: Cyber-control practice for shipboard systems.
Patch Tuesday: Microsoft's monthly security update release on the second Tuesday.
Pegasus: NSO Group spyware capable of zero click compromise of iOS and Android, documented by Citizen Lab.
Penetration Test: Authorized simulated attack to identify exploitable weaknesses.
Phishing: Cyber social-engineering vector targeting crew and shore staff.
PLC Programmable Logic Controller: Industrial controller used in engine room, cargo and ballast systems.
Port community system: PCS, electronic data exchange platform.
Port of San Diego SamSam 2018: September 2018 ransomware attack disrupting port IT services.
Privilege Escalation: Adversary technique of gaining higher level permissions.
ProxyLogon: See CVE-2021-26855.
ProxyShell: See CVE-2021-34473.
Purdue Model: Reference architecture defining Levels 0 to 5 for ICS network segmentation.

Q

Quad9: Public recursive DNS service providing malware blocking.
Quarantine Network: Isolated segment used to contain suspect devices pending investigation.

R

Ragnar Locker: Ransomware group linked to the September 2020 CMA CGM attack.
RAT Remote Access Trojan: Malware giving remote control of a compromised host.
RBAC Role-Based Access Control: Authorization model based on assigned roles.
RDP Remote Desktop Protocol: Microsoft remote desktop service often abused by ransomware actors.
Red Team: Internal or external team that simulates adversary attacks.
Replay Attack: Capture and retransmission of valid messages to cause unauthorized effect.
REvil: Ransomware group also known as Sodinokibi, prominent through 2021.
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile.
Risk Register: Living record of identified risks, controls and treatments.
Root Cause Analysis: Investigation method to determine the underlying cause of an incident.
RPO Recovery Point Objective: Maximum acceptable data loss measured in time.
RTO Recovery Time Objective: Maximum acceptable time to restore service after disruption.

S

SaaS Software as a Service: Cloud delivered software, in scope of supply chain risk.