Extended Operational and Trade Vocabulary

Maritime Cybersecurity and OT Security glossary

The OT-security vocabulary: the IMO Assembly resolutions on AIS and ISM (A.1106(29), A.1163(32)), the distributed control systems (ABB 800xA Marine), the ABS CyberSafety capability tiers (CS1), and the network-segmentation and incident-response terms. Grounds each term in the IMO resolution or the OT control it belongs to.

309 defined terms.

Showing 250 on this page (page 1 of 2).

A

A.1106(29): IMO Assembly Resolution adopted 2 December 2015 on Revised Guidelines for the Onboard Operational Use of Shipborne Automatic Identification Systems (AIS).
A.1163(32): IMO Assembly Resolution adopted in 2021 updating procedures for port State control under the ISM Code framework.
ABB 800xA Marine: Distributed control system from ABB used on tankers, LNG carriers, and offshore vessels for integrated automation and power management.
ABS CyberSafety CS1: American Bureau of Shipping notation indicating informed cyber capability with documented policies for shipboard systems.
ABS CyberSafety CS2: ABS notation indicating capability plus implemented controls and monitoring for connected shipboard equipment.
ABS CyberSafety CS3: ABS notation for enhanced cyber capability including continuous monitoring and incident response readiness.
Access Control: Selective restriction of who or what can view or use shipboard digital resources.
Account Lockout: Authentication control that disables a shipboard user account after a defined number of failed login attempts to deter brute-force attacks.
ACSC: Australian Cyber Security Centre, the national authority for cyber security advice in Australia.
Active Directory: Microsoft directory service occasionally deployed on larger ships and at shore offices to centralize authentication, encryption keys, and group policy for crew workstations.
AES-256: Advanced Encryption Standard with 256-bit key, used to encrypt shipboard data at rest and in transit.
AIG Maritime CyberRisk: Cyber insurance product line offered by AIG addressing marine operator exposures.
Air gap: Vertical distance from the fuel surface to the top of the tank, used in ullage measurement.
AIS Spoofing: Falsifying AIS data (MMSI, position, identity) to disguise vessel movements.
Allianz Maritime Cyber: Cyber insurance offering from Allianz Global Corporate & Specialty for shipping clients.
Allowlist: Security policy permitting only approved applications, addresses, or devices to operate within a network.
Annex A Controls: List of reference information security controls published in ISO/IEC 27001 for ISMS scoping.
Antivirus: Software that detects and removes malicious code from endpoints aboard ship and ashore.
APT: Advanced Persistent Threat, a stealthy adversary, often state aligned, conducting long term intrusions.
Armis Centrix: Asset intelligence and security platform providing visibility into managed and unmanaged OT and IoT devices.
ARMO: Open source Kubernetes security platform sometimes referenced in container hardening for maritime cloud workloads.
ASMS: Augmented Safety Management System concept describing integration of cyber risk into existing ISM documentation.
Asset Inventory: Documented list of hardware, software and firmware required by NIST CSF Identify and IEC 62443 ZCR 1.
Astaara: Cyber insurance and risk monitoring provider focused on the maritime sector.
Attack Surface: Sum of all paths through which an unauthorized user can attempt to access a system.
Audit Log: Tamper evident record of security relevant events on a system, required by ISO/IEC 27001 A.8.15.
Authentication: Process of verifying that a user, device, or message is what it claims to be, largely absent from legacy NMEA 0183 traffic.
Authorization: Process of granting an authenticated identity permission to perform specific actions on shipboard systems.
Automation Network: Shipboard segment carrying control traffic for engine, cargo, and bridge systems.
Availability: Fraction of operating time a machinery item is ready to perform its function.

B

Backdoor: Hidden method of bypassing normal authentication, commonly planted by APT actors.
Backup: Copy of data or system state retained for restoration after loss or compromise.
Baseline Configuration: Documented secure configuration of a system used to detect drift.
BEC: Business Email Compromise, fraud in which an attacker impersonates an executive or counterparty to redirect payments.
Belden iZK1: Industrial firewall product within the Belden security portfolio used in OT segmentation.
BeyondTrust: Privileged access management vendor providing session monitoring and credential vaulting.
BIMCO Guidelines on Cyber Security Onboard Ships v5: Industry guidance published in 2024 by BIMCO, CLIA, ICS, IMCA, INTERCARGO, INTERMANAGER, INTERTANKO, IUMI, OCIMF, and the World Shipping Council.
BitSight: Security ratings service that scores organizations on externally observable cyber posture.
Blacklist: Legacy term for a denylist of prohibited applications, addresses, or files.
Block Cipher: Symmetric algorithm operating on fixed size blocks of plaintext, such as AES.
Blue Team: Internal defensive group responsible for protecting and monitoring systems against attack.
Bohr Technology BridgePilot: Bridge navigation and automation product referenced in maritime OT integration discussions.
Botnet: Network of compromised hosts controlled remotely, occasionally implicating poorly secured maritime IoT and satcom routers.
Bridge Automation: Integrated control of navigation, alarm, and communication equipment on the ship's bridge.
BSI: Bundesamt fur Sicherheit in der Informationstechnik, the German federal office for information security.
Bunker Fraud: Deception involving falsified bunker delivery notes or spoofed PDFs to misstate fuel quantities or prices.
BV Additional Notation Cyber Secure: Optional class notation from Bureau Veritas attesting to defined cyber security measures.
BV NR659: Bureau Veritas Rule Note for cyber security on board ships covering design and operational requirements.

C

CASB: Cloud Access Security Broker enforcing policy between users and cloud services.
CCS Cybersecurity Notation: China Classification Society notation addressing cyber security capabilities of classed ships.
CG-2: United States Coast Guard intelligence directorate that operates the Intelligence Coordination Center.
CG-5P Policy Letter 08-16: USCG guidance issued in 2016 on reporting suspicious activity and breaches of security.
Change Management: Controlled process for modifying shipboard IT or OT configurations.
Charter Party Fraud: Deception involving manipulated charter party documentation to misdirect cargo or payments.
CIA Triad: Confidentiality, Integrity and Availability, the classical information security model.
CISA: US Cybersecurity and Infrastructure Security Agency established 2018, which absorbed ICS-CERT.
Cisco ISA-3000: Industrial Security Appliance from Cisco designed for ruggedized OT environments.
Claroty xDome: Platform from Claroty providing OT and IoT asset visibility, vulnerability management, and threat detection.
ClassNK Cyber Security Approach: Guideline series from Nippon Kaiji Kyokai addressing onboard cyber risk management.
CMA CGM Ransomware 2020: Ragnar Locker ransomware incident in September 2020 disrupting CMA CGM external booking systems.
CMVP: NIST and CCCS Cryptographic Module Validation Program; current Go FIPS module is CMVP certificate 5247.
Cobham: Satellite communications provider whose maritime VSAT and FleetBroadband equipment is used aboard merchant vessels.
Command Injection: Vulnerability allowing an attacker to execute arbitrary operating system commands through an application input.
Compensating Control: Alternate safeguard used when a required control is not feasible.
Conduit: Defined communication path between IEC 62443 security zones with documented security requirements.
Confidentiality: Property that information is not disclosed to unauthorized parties.
COSCO Ransomware 2018: Cyber incident in July 2018 disrupting COSCO Shipping Lines operations in the Americas.
Credential Stuffing: Automated reuse of leaked username and password pairs against shipping company portals.
CrowdStrike Falcon: Cloud delivered endpoint detection and response platform from CrowdStrike.
Cryptography: Practice of securing information through mathematical transformation.
CSA Singapore: Cyber Security Agency of Singapore, the national body coordinating cyber security efforts.
CSF v2.0: NIST Cybersecurity Framework 2.0 released February 2024 with the new Govern function alongside Identify, Protect, Detect, Respond, Recover.
CVE: Escort aircraft carrier, mass produced in World War II.
CVSS: Common Vulnerability Scoring System for rating the severity of disclosed vulnerabilities.
CyberArk: Privileged access management vendor providing credential vaulting and session isolation.
CyberGuard: Marlink managed security service for shipboard and shoreside networks.
CyberOwl: Maritime focused cyber risk monitoring company providing fleet visibility through its Medulla platform.
Cybersecurity Act EU 2019: Regulation (EU) 2019/881 establishing ENISA's permanent mandate and a European cybersecurity certification framework.
Cydome: Cyber security platform vendor offering fleetwide monitoring and compliance reporting for shipping companies.

D

Data Diode: One-way hardware enforced gateway used to send OT telemetry to IT without enabling reverse access.
Data Exfiltration: Unauthorized transfer of data from a shipping company network to an external location.
Data Loss Prevention: Technical and procedural controls that detect or block unauthorized movement of sensitive data.
DDoS: Distributed Denial of Service attack using many sources to overwhelm a target system.
Defender for Endpoint: Microsoft endpoint detection and response platform integrated with the Microsoft 365 security suite.
Defender for IoT: Microsoft OT and IoT detection platform incorporating CyberX technology.
Defender for Office 365: Microsoft secure email gateway providing protection against phishing and malicious attachments.
Defense in Depth: Layered security strategy combining technical, procedural, and physical controls.
Detect Function: NIST Cybersecurity Framework function focused on timely discovery of cyber events.
DLP: Acronym for Data Loss Prevention.
DMZ: Distillate grade with higher minimum viscosity than DMA for engines requiring lubricity.
DNV Cyber Secure Advanced: DNV class notation indicating advanced controls including monitoring and incident response.
DNV Cyber Secure Basic: Class notation from DNV indicating implementation of essential cyber security measures.
Doosan HEMM: Engine monitoring and management system associated with Doosan Engine marine two stroke installations.
Dragos: ICS and OT cybersecurity vendor focused on industrial threat detection and intelligence.
Dragos Year in Review: Annual report from Dragos documenting industrial threat activity and tracked adversary groups.
DSC: Digital Selective Calling per ITU-R M.493 and ITU-R M.541.

E

ECDIS: Electronic Chart Display and Information System per IMO MSC.232(82).
ECDIS Spoofing: Manipulation of navigation data feeds to cause an ECDIS to display incorrect own ship position or chart features.
EDR: Endpoint Detection and Response, security tool category that records and analyzes endpoint behavior.
Elastic Stack: Open source platform combining Elasticsearch, Logstash, and Kibana used for log collection and SIEM functions.
Emerson DeltaV: Distributed control system from Emerson used in process industries and some marine applications.
Encryption: Process of transforming readable data into ciphertext using a cryptographic key.
Endpoint: Any device, such as a laptop, server, or workstation, connected to a network.
ENISA: European Union Agency for Cybersecurity headquartered in Athens.
Entra ID: Microsoft cloud identity and access management service, formerly known as Azure Active Directory.
Essential Entity: Category under NIS2 of large operators in critical sectors subject to the strictest cyber obligations.
Ethernet: Family of networking technologies underlying most shipboard IT and increasingly OT communications.
eyeInspect: Forescout OT visibility and threat detection product, formerly SilentDefense.

F

Facility Security Plan: Document required under MTSA and ISPS describing security measures at a regulated port facility, including cyber elements since 2021.
FactoryTalk View: Rockwell Automation human machine interface software used in industrial control applications.
Failover: Automatic transfer of operations to a redundant system after a failure or attack.
Falcon: Saab Seaeye electric observation ROV widely used for inspection, search and light intervention worldwide.
False Positive: Alert that mistakenly indicates malicious activity, common during initial deployment of OT monitoring.
FIPS 140-3: NIST cryptographic module standard, superseding FIPS 140-2 from April 2022.
Firewall: Network device enforcing traffic policy between zones.
Firmware: Low level software embedded in devices such as VDRs, gateways and PLCs.
Fleet Broadband: Inmarsat IP and voice service over FB150/250/500 terminals.
Forcepoint: Vendor providing data loss prevention, secure web gateway, and insider threat products.
Forescout: OT and IoT security vendor whose eyeInspect platform provides passive monitoring.
Functional Requirements: ISM Code provisions addressing the components of a Safety Management System.
Furuno NavNet: Integrated navigation system from Furuno used on commercial and recreational vessels.

G

GDPR: General Data Protection Regulation, EU regulation 2016/679 governing the processing of personal data.
GMDSS: Global Maritime Distress and Safety System under SOLAS Chapter IV.
GOFIPS140: Go toolchain environment variable selecting the validated cryptographic module version.
Govern Function: New core function added in NIST CSF v2.0 in February 2024, addressing cyber security strategy and oversight.
GPS Jamming: Interference with GNSS signals, regularly reported in the eastern Mediterranean, Black Sea and Persian Gulf.
GPS Spoofing: Transmission of false GNSS signals causing receivers to compute incorrect positions.
Guardian: Nozomi Networks sensor providing OT and IoT visibility and anomaly detection.

H

Hapag-Lloyd Password Reset 2017: Precautionary credential reset action taken by Hapag-Lloyd following observed cyber activity in 2017.
Hardening: Cumulative physical and procedural measures making a vessel a less attractive target.
Hash: Fixed length output of a cryptographic function such as SHA-256 used for integrity.
HiCS: Hyundai Integrated Smart Vessel control system used on Hyundai Heavy Industries newbuildings.
HiMSEN: Family of medium-speed four-stroke engines from Hyundai Heavy Industries widely used as marine auxiliary and main engines.
Hirschmann Eagle: Industrial firewall and router product line within the Belden portfolio.
HMM Ransomware 2020: Cyber incident in October 2020 affecting Hyundai Merchant Marine email systems.
Honeywell Experion: Process control system from Honeywell used in petrochemical and some marine applications.
HudsonCyber: Maritime cyber risk consultancy providing assessments and training.

I

IAM: Identity and Access Management, the discipline of managing digital identities and their entitlements.
IBM QRadar: Security information and event management platform from IBM.
ICS: International Chamber of Shipping, industry body.
ICS-CERT: Former US ICS computer emergency response team, now part of CISA as Industrial Control Systems.
Identify Function: NIST Cybersecurity Framework function focused on understanding cyber risk to systems, assets, data, and capabilities.
IEC 62443-1-1: Part of the IEC 62443 series providing terminology, concepts, and models for industrial automation and control system security.
IEC 62443-2-1: Part defining security program requirements for asset owners of industrial automation and control systems.
IEC 62443-2-4: Security program requirements for IACS service providers.
IEC 62443-3-2: Part of IEC 62443 covering security risk assessment for system design using zones and conduits.
IEC 62443-3-3: System security requirements and security levels SL1 to SL4.
IEC 62443-4-1: Part defining secure product development lifecycle requirements applicable to shipboard equipment suppliers.
IEC 62443-4-2: Technical security requirements for IACS components.
Illumio: Microsegmentation vendor providing host based policy enforcement.
IMO MSC-FAL.1/Circ.3/Rev.2: Joint MSC FAL circular providing Guidelines on Maritime Cyber Risk Management, revision 2 issued in 2022.
IMO MSC.428(98): Maritime cyber risk management in SMS.
Incident Response: Organized approach to addressing and managing the aftermath of a cyber security breach.
Indegy: OT security platform now branded as Tenable.OT after Tenable's 2019 acquisition.
Inmarsat: Satellite communications provider for GMDSS and commercial services.
Insider Threat: Cyber/security risk from authorized personnel.
InsightVM: Vulnerability management product from Rapid7.
Integrity: Security property requiring that information and systems are not altered by unauthorized parties.
Intercept X: Endpoint protection product from Sophos.
InTouch: Human machine interface product from AVEVA, originally developed as Wonderware InTouch.
IoT: Internet of Things, the broad category of network connected sensors and actuators.
IPsec: Suite of protocols providing authenticated and encrypted communication, used for ship to shore VPNs.
ISACA: Professional association governing the CISA and CISM certifications among others.
ISM Code: International Safety Management Code, mandatory under SOLAS IX.
ISMS: Information Security Management System as defined by ISO/IEC 27001.
ISO 28001: International standard on security management systems for the supply chain.
ISO/IEC 27001: Information security management standard widely adopted in shipping.
ISO/IEC 27002: Code of practice providing information security controls referenced by ISO/IEC 27001 implementations.
ISPS Code: International Ship and Port Facility Security Code, mandatory under SOLAS XI-2.

J

Jamming: Radio frequency interference denying use of a service such as GNSS or VSAT.
Jump Server: Hardened intermediate host used for administrative access to a sensitive zone.

K

K-Chief: Kongsberg integrated automation system family for merchant and offshore vessels.
K-Master: Kongsberg integrated maneuvering and conning workstation.
K-Pos: Kongsberg DP system family; common on offshore vessels.
Kaseya 2021: Supply chain ransomware incident in July 2021 in which REvil exploited Kaseya VSA to deploy ransomware to managed service provider customers.
Kaspersky ICS-CERT: Kaspersky's industrial systems emergency response team publishing OT threat research.
Kerch Strait: Body of water between the Black Sea and Sea of Azov where AIS and GPS interference has been reported.
Key Management: Lifecycle handling of cryptographic keys including generation, distribution, storage, rotation, and destruction.
Kongsberg Cyber Maritime: Kongsberg's maritime cyber security service offering covering monitoring and consulting.

L

LAN: Local Area Network, a network limited to a single site such as a ship or office.
Least Privilege: Principle that users and processes have only the permissions necessary.
Lloyd's Register AL5: Lloyd's Register Autonomy Level 5 designation within its autonomy and digital notation series.
Lloyd's Register Digital Twin: Lloyd's Register methodology and notation framework for digital representation of assets and associated cyber considerations.
Logical Segmentation: Separation of network traffic using VLANs or software policies rather than physical isolation.
LogRhythm: Security information and event management platform.

M

MAC Address: Media Access Control address, a hardware identifier for network interfaces used in OT asset inventories.
Maersk NotPetya 2017: June 2017 incident in which the NotPetya wiper, dispersed initially through compromised Ukrainian tax software, propagated through A.P. Moller-Maersk's network, with publicly reported losses of…
Malware: Software designed to cause unauthorized effects on shipboard or shore systems.
Marlink: Maritime satellite communications and IT services provider supporting many merchant and offshore operators.
Marlink Cyber: Marlink's cyber security service line for shipping customers.
Marlink Sea Connect Cyber: Marlink managed cyber security service bundled with its Sea Connect connectivity offering.
MARSEC: Maritime Security level system used by the United States Coast Guard with levels 1, 2, and 3.
MARSEC Notice 02-22: USCG MARSEC Directive addressing cyber risk reporting and measures at Tier 1 facilities.
MAS Notice 644: Monetary Authority of Singapore notice on technology risk management for financial institutions.
MFA: Medical First Aid, STCW VI/4 paragraph 1.
Microsegmentation: Granular isolation of workloads to limit lateral movement after initial compromise.
Microsoft Purview: Microsoft data governance and data loss prevention platform.
Microsoft Sentinel: Microsoft cloud native security information and event management platform.
Mimecast: Secure email gateway and continuity service provider.
Mimikatz: Open source credential dumping tool widely used in post exploitation.
Mission Secure: OT cyber security vendor providing protection for industrial and maritime control systems.
MSC Ransomware 2020: Cyber incident in April 2020 that took the msc.com booking portal offline for approximately two days.
MTSA: Maritime Transportation Security Act of 2002, the US statute implementing port and vessel security requirements aligned with ISPS.

N

NACOS Platinum: Wartsila SAM Electronics integrated bridge and automation platform.
Naval Dome: Maritime cyber security vendor providing endpoint protection for shipboard OT systems.
NCSC New Zealand: National Cyber Security Centre of New Zealand within the Government Communications Security Bureau.
NCSC UK: National Cyber Security Centre, part of GCHQ, established 2016.
Nessus: Vulnerability scanner from Tenable.
Network Segmentation: Division of a network into zones with controlled inter-zone communication.
Network Tap: Passive device for mirroring traffic to a monitoring tool without affecting the link.
NIS2 Directive: See EU NIS2 Directive 2022/2555.
NIST: National Institute of Standards and Technology, US federal agency publishing the Cybersecurity Framework.
NMEA 0183: Marine electronics serial data standard.
NMEA 2000: CAN-based marine data network.
Nozomi Networks: OT and IoT visibility and threat detection vendor.
NVIC 01-20: USCG Navigation and Vessel Inspection Circular providing guidelines for addressing cyber risks at MTSA regulated facilities.

O

OCIMF: Oil Companies International Marine Forum, owner of SIRE.
Okta: Cloud identity provider offering single sign-on and lifecycle management.
OPC UA: Industrial interoperability standard used in shipboard automation.
OT: Operational Technology, the hardware and software that detects or causes a change through monitoring or control of physical devices and processes.
OT vs IT: Distinction between systems controlling physical processes aboard ship and systems supporting administrative or crew functions.
OWASP: Open Worldwide Application Security Project producing standards and tools for application security.

P

PAM: Privileged Access Management, the discipline of controlling and monitoring elevated accounts.
Patch Management: Cyber-control practice for shipboard systems.
Pemex Ransomware 2019: Cyber incident in November 2019 disrupting administrative systems at Petroleos Mexicanos.
Pen Test Partners: United Kingdom cyber security consultancy with a recognized maritime OT penetration testing practice.
Penetration Testing: Authorized simulated attack on a system to identify exploitable vulnerabilities.
Phishing: Cyber social-engineering vector targeting crew and shore staff.
PingOne: Cloud identity platform from Ping Identity.
PKI: Public Key Infrastructure of certificate authorities, registration authorities, and relying parties supporting digital identity.
Playbook: Documented sequence of response actions for a defined incident scenario.
Port of Antwerp Intrusion: IT compromise between 2011 and 2013 used by drug traffickers to manipulate container release data.
Port of Barcelona Ransomware 2018: Cyber incident in September 2018 affecting Barcelona port systems.
Port of San Diego Ransomware 2018: SamSam ransomware incident in September 2018 disrupting Port of San Diego administrative systems.
Praxis Automation Mega-Guard: Integrated bridge and automation suite from Praxis Automation.
Privileged Account: Account with elevated rights that warrants additional protection on shipboard and shore systems.
Proofpoint: Secure email gateway and information protection vendor.
Protect Function: NIST Cybersecurity Framework function focused on safeguards to ensure delivery of critical services.

Q

QRadar: Security information and event management platform from IBM.
Qualys VMDR: Vulnerability management, detection, and response platform from Qualys.
Quarantine: Isolation of a suspect file, device, or network segment to prevent further harm.

R

Ragnar Locker: Ransomware group linked to the September 2020 CMA CGM attack.
Ransomware: Malware encrypting systems and demanding payment; major shipping cyber threat.
Rapid7: Vendor of InsightVM vulnerability management and InsightIDR detection and response products.
Recover Function: NIST Cybersecurity Framework function focused on restoring impaired capabilities and services.
Red Team: Internal or external team that simulates adversary attacks.
Remote Access: Network access to shipboard systems from outside the vessel, requiring strong authentication and segmentation.
Respond Function: NIST Cybersecurity Framework function focused on action regarding a detected cybersecurity incident.
Rhebo: Industrial network monitoring vendor providing OT anomaly detection.
Risk assessment: Documented evaluation of hazards.