Extended Operational and Trade Vocabulary

Maritime Cybersecurity, OT Threats and Standards glossary

Vocabulary of shipboard cyber risk: class notations such as ABS CyberSafety, IEC 62443 OT security requirements, access control and Active Directory exposure, advanced persistent threats behind incidents like Maersk NotPetya, AIS spoofing, and the IMO advisories and standards governing protection of operational and information technology aboard ships.

276 defined terms.

Showing 250 on this page (page 1 of 2).

A

ABS CyberSafety: ABS class notation framework for cyber resilience.
Access Control: Selective restriction of who or what can view or use shipboard digital resources.
Active Directory (AD): Microsoft directory service widely deployed in shipowner head offices and increasingly on vessel domain controllers.
Advanced Persistent Threat (APT): Well resourced threat actor, often state aligned, that maintains long term covert access to a target network.
Advisory: Non-binding circular issued by IMO, flag states, or class societies; MSC-FAL.1/Circ.3 is the principal maritime cyber advisory.
Air gap: Vertical distance from the fuel surface to the top of the tank, used in ullage measurement.
AIS (Automatic Identification System): Class A/B transponder per ITU-R M.1371.
AIS Spoofing: Falsifying AIS data (MMSI, position, identity) to disguise vessel movements.
Alarm Management: ICS discipline addressed in IEC 62682 and referenced by IEC 62443 to prevent alarm flooding that masks cyber events.
Allowlist: Security policy permitting only approved applications, addresses, or devices to operate within a network.
Anomaly Detection: Security monitoring technique that flags deviations from a learned baseline of shipboard network or process behavior.
Antivirus (AV): Signature-based malware detection commonly deployed on bridge IT but typically absent from PLCs and DP control nodes.
APT28 (Fancy Bear): GRU Unit 26165 group implicated in espionage targeting NATO logistics and maritime supply chains.
APT38: Financially motivated subset of Lazarus Group attributed to North Korea's Reconnaissance General Bureau.
Asset Inventory: Documented list of hardware, software and firmware required by NIST CSF Identify and IEC 62443 ZCR 1.
Asset Owner: Per IEC 62443, the organization accountable for the secure operation of an industrial automation and control system, typically the shipowner or operator.
Attack Surface: Sum of all paths through which an unauthorized user can attempt to access a system.
Audit Trail: Documented chain of survey evidence including photos, logs, and instrument records.
Authentication: Process of verifying that a user, device, or message is what it claims to be, largely absent from legacy NMEA 0183 traffic.
Authorization: Process of granting an authenticated identity permission to perform specific actions on shipboard systems.
Automation Vendor: Supplier of OT components such as Kongsberg, Wartsila, ABB, or Siemens, each constituting a product supplier under IEC 62443-4-1.
Availability: Fraction of operating time a machinery item is ready to perform its function.

B

Backdoor: Hidden method of bypassing normal authentication, commonly planted by APT actors.
Backup: Copy of data or system state retained for restoration after loss or compromise.
Ballast Water Management System (BWMS): Type-approved per MEPC.300(72) BWMS Code.
Baseline Configuration: Documented secure configuration of a system used to detect drift.
BianLian: Ransomware and extortion group active since 2022, listed by CISA AA23-136A as targeting critical infrastructure including transportation.
BIMCO: Baltic and International Maritime Council, drafter of standard maritime contracts.
BIMCO Cyber Security Clause 2019: Standard cyber-risk-allocation charterparty clause.
Black Basta: Ransomware-as-a-service operation observed in maritime logistics intrusions throughout 2023 and 2024.
Black Sea GNSS Anomaly: June 2017 mass GPS spoofing event documented by Maritime Executive and C4ADS attributed to Russian state actors.
BlueKeep (CVE-2019-0708): RDP vulnerability that prompted urgent patching of bridge and ECR Windows assets fleet-wide.
BNWAS (Bridge Navigational Watch Alarm System): Required by SOLAS V/19.2.2.3, a watchkeeping monitor whose alarm logic is a candidate target for tampering.
Botnet: Network of compromised hosts controlled remotely, occasionally implicating poorly secured maritime IoT and satcom routers.
Brute Force: Credential guessing attack; default credentials on VSAT terminals remain a common initial access vector.
Business Continuity Plan (BCP): Plan ensuring continued operations; Maersk's manual booking workaround during NotPetya is a frequently cited example.
Business Email Compromise (BEC): Fraud type that cost maritime firms hundreds of millions; the 2018 Maritime CFO Forum survey ranked it the top financial cyber loss.

C

CAPEC: Common Attack Pattern Enumeration and Classification maintained by MITRE, referenced in maritime threat models.
Cargo Control Room (CCR): OT zone aboard tankers controlling cargo pumps, IG plant, and valves; a Cat III CBS under IACS UR E26.
CBS (Computer Based System): Term defined by IACS UR E26 for any system using a programmable electronic device performing a vessel function.
CERT-EU: EU Computer Emergency Response Team, source of advisories relevant to European-flagged operators.
CIA Triad: Confidentiality, Integrity and Availability, the classical information security model.
CIRT: Cyber Incident Response Team, required as part of MSC.428(98) compliance.
CISA: US Cybersecurity and Infrastructure Security Agency established 2018, which absorbed ICS-CERT.
ClassNK Cyber Security Approach: Guideline series from Nippon Kaiji Kyokai addressing onboard cyber risk management.
Cloud Storage: Off-vessel data repository introducing new attack surface, especially when used for chart updates and crew records.
CMA CGM Attack: September 2020 Ragnar Locker ransomware incident disrupting the French carrier's booking systems for several weeks.
Command and Control (C2): Channel used by attackers to issue instructions to compromised systems.
Conduit: Defined communication path between IEC 62443 security zones with documented security requirements.
Configuration Management: Process tracking and approving changes to OT assets, NIST CSF PR.IP-1.
Containment: Use of side structures to prevent transverse shifting.
Conti: Ransomware syndicate active 2020 to 2022, leaked internal chats revealed targeting of shipping firms.
Continuous Monitoring: Ongoing observation of shipboard and shore systems to detect security events.
COSCO Attack: July 2018 ransomware impacting COSCO Shipping Lines Americas, taking US west coast operations offline for days.
Crane PLC: Programmable controller on ship and shore cranes; Nagoya port LockBit attack of 4 July 2023 halted terminal cranes for 62 hours.
Crest: Highest point of a wave or ridge.
Cryptography: Practice of securing information through mathematical transformation.
Cyber Aware (LR): Lloyd's Register entry-level notation evidencing baseline cyber hygiene.
Cyber Resilience: design and operational property addressed by IACS UR-E26 and UR-E27.
Cyber Risk: Defined by MSC-FAL.1/Circ.3 as the extent to which a technology asset is threatened by a circumstance that could result in shipping-related operational, safety, or security failures.
Cyber Risk Management (CRM): Process of identifying, analyzing, assessing, and communicating cyber risks; required to be addressed in SMS under MSC.428(98).
Cyber Secure (DNV): DNV notation suite with Essential, Advanced, and Plus tiers introduced 2018 and updated 2023.
Cyber Security Workbook for On Board Ship Use: Joint ICS and Witherby publication aligned with BIMCO guidelines.
CyberOwl Medusa: UK-based platform providing fleet-wide cyber monitoring of IT and OT, used by ship managers including Synergy.
Cydome: Cyber security platform vendor offering fleetwide monitoring and compliance reporting for shipping companies.

D

Data Diode: One-way hardware enforced gateway used to send OT telemetry to IT without enabling reverse access.
Data Integrity: Property addressed by IEC 62443-3-3 SR 3.1, essential for ECDIS chart and loading computer outputs.
Defense in Depth: Layered security strategy combining technical, procedural, and physical controls.
Demilitarized Zone (DMZ): Network segment separating IT and OT systems on board.
Denial of Service (DoS): Attack degrading availability; the 2017 NotPetya wiper functioned as a destructive DoS against Maersk's global network.
Detective Control: Mechanism identifying incidents in progress, distinguished from preventive and corrective controls in ISO 27002.
Device Authentication: IEC 62443-4-2 CR 1.2 requirement for each component to authenticate to its network.
DNV Cyber Secure: DNV class notation for cyber-secure ships.
DNV ShipManager Incident: January 2023 ransomware attack affecting roughly 1,000 vessels using the DNV ShipManager software ashore.
Domain Controller: Server hosting Active Directory services, prime target for ransomware actors.
DP Class 2 and 3: Dynamic positioning notations whose redundancy requirements have led IMCA M220 to add cyber assurance guidance.
Dynamic Positioning System (DPS): Computer-controlled station-keeping system reliant on GNSS and gyro inputs, a Cat III CBS under IACS UR E26.

E

E26 (IACS UR): Unified Requirement on Cyber Resilience of Ships effective 1 July 2024, mandatory for newbuilds contracted on or after that date.
E27 (IACS UR): Unified Requirement on Cyber Resilience of On-Board Systems and Equipment, companion to E26 applied to suppliers.
ECDIS (Electronic Chart Display and Information System): SOLAS-mandated electronic chart system.
ECR (Engine Control Room): OT zone containing engine and auxiliary controls, Cat III CBS under IACS UR E26.
EDR (Endpoint Detection and Response): Behavioral endpoint security increasingly deployed on bridge and ECR Windows hosts.
Egress Filtering: Outbound traffic control limiting C2 channels from compromised vessel networks.
Emergency Generator Control: PLC-managed power system whose loss could constitute a marine casualty under SOLAS Chapter II-1.
Engine Management System (EMS): OT control system for main engine fuel injection and timing, a Cat III CBS under IACS UR E26.
Engineering Workstation: Configuration host for PLCs and DCS, high-value target requiring strict access control under IEC 62443-3-3 SR 2.1.
ENISA: European Union Agency for Cybersecurity headquartered in Athens.
Eradication: Incident response phase removing adversary presence, NIST SP 800-61r2 3.3.4.
EternalBlue (CVE-2017-0144): SMBv1 exploit released by Shadow Brokers and weaponized in NotPetya.
Ethernet/IP: Industrial protocol commonly used in marine power management systems, addressed in IEC 62443-3-3.

F

Fail-Safe: Design principle ensuring failure of one element does not cause progressive collapse.
Failover: Automatic transfer of operations to a redundant system after a failure or attack.
Fileless Malware: Malicious code that resides primarily in memory and abuses legitimate tools, harder to detect on shipboard hosts with limited telemetry.
Firewall: Network device enforcing traffic policy between zones.
Firmware: Low level software embedded in devices such as VDRs, gateways and PLCs.
FortiGate: Fortinet next generation firewall family commonly deployed at vessel-shore boundaries.
FR (Foundational Requirement): IEC 62443 categorization of seven requirement families from Identification and Authentication Control to Resource Availability.

G

GDPR: General Data Protection Regulation, EU regulation 2016/679 governing the processing of personal data.
Geofencing: Virtual perimeter for AIS or fleet management alerts.
GMDSS (Global Maritime Distress and Safety System): SOLAS communications framework.
GNSS: Global navigation satellite system; GPS, GLONASS, Galileo, BeiDou.
GPS Jamming: Interference with GNSS signals, regularly reported in the eastern Mediterranean, Black Sea and Persian Gulf.
GPS Spoofing: Transmission of false GNSS signals causing receivers to compute incorrect positions.
Guardtime: Estonian firm providing KSI blockchain-based integrity verification for maritime data, deployed by Maersk in 2018.
Guest Wi-Fi: Crew or passenger network requiring strict segregation from OT per IEC 62443-3-2.

H

Hacktivism: Politically motivated cyber action; the Cyber Av3ngers group has targeted Israeli-linked shipping since 2023.
Hardware Security Module (HSM): Dedicated crypto device used in eBL/PKI.
Hellenic Petroleum Attack: 2022 ransomware affecting the Greek refiner and downstream tanker operations.
Honeypot: Decoy system used to attract attackers and learn their techniques.
Human Machine Interface (HMI): Operator workstation for OT, frequently running unsupported Windows variants on vessels delivered before 2015.

I

IACS: International Association of Classification Societies, 12 members.
IACS Recommendation 166: Recommendation on cyber resilience.
IAPH: International Association of Ports and Harbors.
ICS-CERT: Former US ICS computer emergency response team, now part of CISA as Industrial Control Systems.
IEC 61162-460: Part of the IEC 61162 series specifying additional requirements for safe and secure data transmission on shipboard Ethernet networks.
IEC 62443-2-1: Part defining security program requirements for asset owners of industrial automation and control systems.
IEC 62443-3-2: Part of IEC 62443 covering security risk assessment for system design using zones and conduits.
IEC 62443-3-3: System security requirements and security levels SL1 to SL4.
IEC 62443-4-1: Part defining secure product development lifecycle requirements applicable to shipboard equipment suppliers.
IEC 62443-4-2: Technical security requirements for IACS components.
IMO MSC-FAL.1/Circ.3/Rev.2: Joint MSC FAL circular providing Guidelines on Maritime Cyber Risk Management, revision 2 issued in 2022.
IMO MSC.428(98): Maritime cyber risk management in SMS.
Incident Response Plan (IRP): Documented procedure required by NIST CSF RS and applied via the shipboard SMS.
Indicator of Compromise (IOC): Forensic artifact such as IP address or file hash; the US CERT TA17-181A report listed NotPetya IOCs used by responders.
Industrial Demilitarized Zone (IDMZ): Buffer between IT and OT environments per ISA-95 and IEC 62443-3-2.
Inmarsat Fleet Secure: Maritime cybersecurity service launched 2018 by Inmarsat, now Viasat, providing endpoint protection and unified threat management.
Insider Threat: Cyber/security risk from authorized personnel.
Integrated Bridge System (IBS): SOLAS V/15 governed system combining ECDIS, radar, conning, and autopilot; a Cat III CBS under IACS UR E26.
Integrated Platform Management System (IPMS): Naval and commercial OT system integrating propulsion, power, and auxiliaries.
Intrusion Detection System (IDS): Sensor that detects malicious activity, OT specialists include Nozomi, Dragos, Claroty and Defender for IoT.
ISAC: Information Sharing and Analysis Center; the Maritime Transportation System ISAC (MTS-ISAC) was established in 2020.
ISM Code: International Safety Management Code, mandatory under SOLAS IX.
ISO/IEC 27001: Information security management standard widely adopted in shipping.
ISPS Code: International Ship and Port Facility Security Code, mandatory under SOLAS XI-2.

J

Jamming: Radio frequency interference denying use of a service such as GNSS or VSAT.
JSON Web Token (JWT): Authentication token used in modern fleet management APIs, with signing-algorithm confusion a recurring vulnerability.

K

Kerberoasting: Attack against Active Directory service accounts using Kerberos service tickets.
Key Management: Lifecycle handling of cryptographic keys including generation, distribution, storage, rotation, and destruction.
Kill Chain: Lockheed Martin model of intrusion phases, used by Pen Test Partners in maritime tabletop exercises.
Kongsberg K-Chief: Integrated automation system for marine engineering plant.

L

Lateral Movement: Adversary technique of pivoting from an initial foothold to other hosts.
Lazarus Group: DPRK threat actor sanctioned by OFAC in September 2019 and linked to maritime supply chain incidents.
Least Privilege: Principle that users and processes have only the permissions necessary.
Lloyd's Register Cyber Aware: Entry-level LR notation with Secure and Resilient tiers above it.
LockBit 3.0: Ransomware variant responsible for the July 2023 Port of Nagoya attack and numerous shipping logistics intrusions.
Log4Shell (CVE-2021-44228): Apache Log4j RCE that triggered urgent fleet patching of shore and shipboard Java applications in December 2021.
Logging: Recording of system events for monitoring, troubleshooting, and forensics.

M

Maersk NotPetya Incident: 27 June 2017 event costing Moller-Maersk an estimated $300 million per the Q2 2017 interim report.
Maintenance Laptop: Itinerant engineering host visiting multiple vessels, a documented vector for OT compromise.
Malware: Software designed to cause unauthorized effects on shipboard or shore systems.
Maritime Anomaly Detection: Discipline combining AIS, GNSS, and network telemetry to flag suspicious vessel behavior.
Maritime Cyber Baseline (MCB): UK Department for Transport assurance scheme launched in 2023 with IASME certification.
Maritime Transportation Security Act (MTSA): US 2002 ISPS-implementing statute.
Marlink Cyber Guard: SOC service operated by Marlink Group from its NOCs in Belgium and Norway.
MFA Multi-Factor Authentication: Authentication using two or more independent factors.
Mission Secure: OT cyber security vendor providing protection for industrial and maritime control systems.
MITRE ATT&CK for ICS: Knowledge base of OT adversary tactics and techniques first released April 2020.
Modbus: Serial fieldbus protocol common in marine automation.
MSC (Mediterranean Shipping Company) Incident: April 2020 malware outage affecting MSC's Geneva HQ for several days.
MTS-ISAC: Maritime Transportation System Information Sharing and Analysis Center, a US based body for sharing maritime cyber threat information.

N

Naval Dome: Maritime cyber security vendor providing endpoint protection for shipboard OT systems.
NCSC: UK National Cyber Security Centre, publisher of Cyber Security for Ships Code of Practice in 2017 and 2023 update.
Network Segmentation: Division of a network into zones with controlled inter-zone communication.
NIS2 Directive: See EU NIS2 Directive 2022/2555.
NIST CSF 2.0: 2024 release of the Cybersecurity Framework adding the Govern function alongside Identify, Protect, Detect, Respond, and Recover.
NIST SP 800-82r3: April 2023 Guide to Operational Technology Security, replacing the 2015 r2 ICS Security Guide.
NMEA 0183: Marine electronics serial data standard.
NMEA 2000: CAN-based marine data network.
NotPetya: June 2017 wiper malware that propagated through MeDoc Ukrainian tax software, impacting Maersk and others.
Nozomi Networks Guardian: OT monitoring platform deployed on tankers and bulk carriers for passive asset discovery.

O

OEM (Original Equipment Manufacturer): Supplier of OT systems whose role under IACS UR E27 includes secure development and maintenance.
OFAC: US Office of Foreign Assets Control, administers maritime sanctions.
OPC UA: Industrial interoperability standard used in shipboard automation.
Open Source Intelligence (OSINT): Use of publicly available information for reconnaissance, including AIS, port schedules, and crew rosters.
Operational Technology (OT): Control systems for shipboard automation.
OT/IT Convergence: Integration creating shared cyber attack surface.

P

Patch Management: Cyber-control practice for shipboard systems.
Pen Test Partners: United Kingdom cyber security consultancy with a recognized maritime OT penetration testing practice.
Penetration Test: Authorized simulated attack to identify exploitable weaknesses.
Phishing: Cyber social-engineering vector targeting crew and shore staff.
PII (Personally Identifiable Information): Crew and passenger data subject to GDPR, US state laws, and IMO FAL Convention.
PKI (Public Key Infrastructure): Cryptographic trust framework for eBL/SSAS.
PLC Programmable Logic Controller: Industrial controller used in engine room, cargo and ballast systems.
Port authority: Statutory body managing port.
Port of Lisbon Incident: 25 December 2022 LockBit ransomware attack on Administracao do Porto de Lisboa, claimed by the LockBit group in January 2023.
Port of Nagoya Incident: 4 July 2023 LockBit attack on the Nagoya United Terminal System halting Japan's largest container port for 62 hours.
Privileged Access Workstation (PAW): Hardened admin host used to manage OT systems, a NIST SP 800-82r3 recommendation.
Process Hazard Analysis (PHA): Safety study now extended with cyber-PHA per ISA TR84.00.09 to address OT compromise scenarios.

Q

Quantum Key Distribution (QKD): Emerging cryptographic technique under exploration by ITU for satellite communications.
Quarantine: Isolation of a suspect file, device, or network segment to prevent further harm.

R

Ragnar Locker: Ransomware group linked to the September 2020 CMA CGM attack.
Ransomware: Malware encrypting systems and demanding payment; major shipping cyber threat.
Ransomware-as-a-Service (RaaS): Affiliate model used by LockBit and Black Basta against shipping targets.
Recovery Point Objective (RPO): Maximum acceptable data loss measured backward in time, set in cyber business continuity planning.
Recovery Time Objective (RTO): Maximum acceptable downtime, often very short for safety-critical OT.
Red Team: Internal or external team that simulates adversary attacks.
Remote Access: Network access to shipboard systems from outside the vessel, requiring strong authentication and segmentation.
Remote Maintenance: Vendor remote support session, frequently the highest-risk OT entry point.
Resilience: Capacity of an ecosystem to absorb disturbance and recover.
REvil (Sodinokibi): Ransomware syndicate disrupted by international action in 2022, implicated in earlier shipping logistics intrusions.
RINA Cyber Resilience: RINA notation addressing cyber resilience of shipboard systems.
Risk assessment: Documented evaluation of hazards.
Risk Register: Living record of identified risks, controls and treatments.
Role-Based Access Control (RBAC): Access model required by IEC 62443-3-3 SR 2.1.
Rootkit: Malware that conceals its presence on a host and resists removal.
RTU (Remote Terminal Unit): OT device used in offshore platforms and shore facilities, addressed by IEC 62443-4-2.

S

SAFEMED IV: EU REMPEC project including cyber capacity-building for southern Mediterranean states.
SafeSeaNet: EU ship reporting network whose data integrity supports STM and is in scope for NIS2 protection.
Sandworm: GRU Unit 74455 attributed by the US DOJ indictment of October 2020 as the operator of NotPetya.
SAT (Satellite) Modem: VSAT terminal that has been the entry point for several documented vessel intrusions, including the 2018 Pen Test Partners disclosure of Cobham SAILOR vulnerabilities.
SCADA: Supervisory Control and Data Acquisition system for distributed industrial processes.
Secure Boot: Mechanism that verifies firmware and operating system images before execution.
Secure by Design: Principle that security is built in from inception, embedded in IEC 62443-4-1.
Security Information and Event Management (SIEM): Cyber correlation platform.
Security Level (SL): IEC 62443 grading from SL 0 to SL 4 by adversary capability.
Segmentation: Network partitioning to limit blast radius; mandatory under IACS UR E26 for safety-critical systems.
Service Provider: IEC 62443-2-4 role covering shipyards, integrators, and MSSPs.
Ship Security Officer (SSO): Required under ISPS Code Part A.
Sigma Rule: Generic detection signature format supported by maritime SOCs including Marlink and CyberOwl.
SIRE 2.0: Ship Inspection Report Programme, OCIMF, transitioned from VIQ7 to a behavior-based program in 2024.
Smishing: Phishing conducted through SMS or other mobile messaging channels.
SOC (Security Operations Center): 24x7 monitoring facility; maritime examples include Marlink's NOC and DNV's Cyber Operations Center.
SOLAS Chapter IX: Convention chapter incorporating the ISM Code through which IMO cyber requirements are enforced.
SOLAS V/19: Carriage requirements for navigational equipment.
SR (System Requirement): IEC 62443-3-3 specification within a foundational requirement.
SSH: Secure Shell protocol used for encrypted command line access to shore and selected shipboard hosts.
Standards Compliance Plan: Document showing how a vessel meets IACS UR E26 controls, audited at class survey.
State Sponsored: Threat actor backed by a nation-state, exemplified by Sandworm (Russia) and Lazarus (DPRK).
Steering gear: Hydraulic actuator system providing rudder torque per SOLAS II-1/29.
STIX/TAXII: Threat intelligence sharing standards used by MTS-ISAC.
Strait of Hormuz: Strait connecting the Persian Gulf to the Gulf of Oman.
Supply Chain Risk Management (SCRM): NIST SP 800-161r1 discipline applied to maritime OEMs by IACS UR E27.
System Integrator: Entity combining components into a functional system, covered by IEC 62443-2-4.

T

Tabletop Exercise: Discussion based exercise simulating an incident scenario.
Tampering: Unauthorized modification, particularly concerning for ECDIS chart data and VDR recordings.
TARA (Threat and Risk Assessment): Methodology used in IEC 62443-3-2 risk workflows.
TCP/IP: Internet protocol suite forming the basis of most shipboard and shoreside networks.
Templar Executives: UK consultancy delivering accredited maritime cyber emergency response training including the MaCRA program.
Threat Intelligence: Curated information on adversaries, their tools, techniques, and procedures used to inform defense.
Threat Model: Structured representation of relevant threats to a shipboard system or process.
Tier I MTSA Facility: US-regulated maritime facility now expected to implement cyber risk management per NVIC 01-20.
TLS Transport Layer Security: RFC 8446 TLS 1.3 protocol securing data in transit.
TOC (Terminal Operating System): Container yard software whose compromise halted Port of Nagoya for 62 hours in July 2023.
Token Based Authentication: Use of hardware or software tokens to provide an authentication factor.
Triton/TRISIS: 2017 malware specifically targeting Schneider Triconex safety instrumented systems, demonstrating capability against safety OT.
TRP Cyber Resilience (CCS): China Classification Society notation for cyber resilience aligned with IACS UR E26.
Trust Boundary: Logical perimeter at which trust assumptions change, mapped to IEC 62443-3-2 zone edges.

U

UKHO: United Kingdom Hydrographic Office, publisher of Admiralty charts.
Unified Requirement (UR): IACS instrument binding on member societies; UR E26 and UR E27 are the cyber URs.
US-CERT TA17-181A: Technical alert on Petya ransomware variant published 28 June 2017.