Extended Operational and Trade Vocabulary
Maritime Cybersecurity, OT Threats and Standards glossary (page 2)
Vocabulary of shipboard cyber risk: class notations such as ABS CyberSafety, IEC 62443 OT security requirements, access control and Active Directory exposure, advanced persistent threats behind incidents like Maersk NotPetya, AIS spoofing, and the IMO advisories and standards governing protection of operational and information technology aboard ships.
276 defined terms.
Showing 26 on this page (page 2 of 2).
U
- USB Hygiene
- Procedures controlling removable media use aboard ship, the most common bridge-system malware vector per Naval Dome 2019 study.
- USCG NVIC 01-20
- US Coast Guard Navigation and Vessel Inspection Circular 01-20, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act Regulated Facilities.
V
- VDR (Voyage Data Recorder)
- SOLAS V/20 mandated black box per MSC.333(90).
- Vendor Risk Management
- Process of evaluating OEM cyber posture, required under IACS UR E27.
- Vessel Cyber Risk Officer (VCRO)
- Emerging role responsible for shipboard cyber posture under the SMS.
- Vetting
- Charterer inspection of vessel before fixture.
- Viasat KA-SAT
- Satellite network suffering the 24 February 2022 AcidRain wiper attack, disrupting modems across Europe.
- Virtual LAN (VLAN)
- Network segmentation primitive used in IEC 62443-3-2 zone implementations.
- Virtual Private Network (VPN)
- Encrypted tunnel often used for vendor remote access, requiring strong authentication per IACS UR E26.
- VSAT
- Very Small Aperture Terminal satellite system used for two-way broadband at sea.
- Vulnerability Disclosure Policy (VDP)
- Process for receiving and acting on third-party vulnerability reports, increasingly expected of maritime OEMs.
W
- Watering Hole Attack
- Compromise of a website frequented by a target community to deliver malware.
- Weaponized Document
- Malicious office file used in phishing; the dominant payload in shipping BEC and ransomware delivery campaigns.
- Whaling
- Hunting of whales; commercial whaling moratorium adopted by IWC in 1982 (effective 1986).
- Whitelisting
- Restriction of allowed software, hosts, or destinations to an approved list.
- Wi-Fi Pineapple
- Rogue access point tool used in red-team assessments of crew Wi-Fi.
- WiperMalware
- Destructive code such as NotPetya and AcidRain, distinguished from ransomware by absence of recovery path.
- Witherbys Cyber Security Workbook
- Reference manual covering policies, procedures, drills, and reporting for shipboard crews, 5th edition 2024.
X
- XDR Extended Detection and Response
- Platform unifying EDR, NDR and SIEM telemetry.
- XML External Entity (XXE)
- Vulnerability class affecting port community system APIs that consume third-party XML payloads.
Y
- Yacht Cyber Code
- REG Yacht Code Part A and Part B updates incorporating cyber considerations for large yachts since 2023.
- Yard Trial
- Sea trial milestone increasingly including cyber commissioning per IACS UR E26 Section 5.
Z
- Zero Day
- Vulnerability unknown to the vendor at the time of exploitation.
- Zero Trust
- Architectural approach that assumes no implicit trust based on network location and verifies every access request.
- Zone
- Customs zone, freight rating zone, or environmental compliance zone.
- Zone and Conduit Diagram
- Representation of security zones and the conduits between them in a shipboard or shore environment.