Extended Operational and Trade Vocabulary

Maritime Cybersecurity glossary

The cybersecurity assurance vocabulary: the ABS CyberSafety and FCI cyber-risk methods, access control lists and account lockout, Active Directory deployment, and the device-level scoring and network-segmentation terms. Grounds each term in the cyber notation or the OT control it belongs to, the assurance counterpart to the OT/IT section.

441 defined terms.

Showing 250 on this page (page 1 of 2).

A

ABS CyberSafety: ABS class notation framework for cyber resilience.
ABS FCI Cyber Risk: ABS Functional Connectivity and Integration cyber risk method that quantifies risk on operational technology systems using device-level scoring.
Access Control List: Rule set governing which users, processes, or network hosts may reach a shipboard resource such as an ECDIS share or an engine control LAN.
Account Lockout: Authentication control that disables a shipboard user account after a defined number of failed login attempts to deter brute-force attacks.
Active Directory: Microsoft directory service occasionally deployed on larger ships and at shore offices to centralize authentication, encryption keys, and group policy for crew workstations.
Address Resolution Protocol Spoofing: Layer 2 attack in which a malicious device on the shipboard LAN poisons ARP caches to intercept bridge or engine control traffic.
Advanced Persistent Threat: Well resourced adversary, often state aligned, that maintains long term covert access to shipping company networks for espionage or pre positioning.
Adversary Emulation: Red team exercise that imitates a specific threat actor's known tactics, techniques and procedures.
Air gap: Vertical distance from the fuel surface to the top of the tank, used in ullage measurement.
AIS Jamming: Intentional radio interference that prevents Automatic Identification System transmissions from being received within a coverage area.
AIS Spoofing: Falsifying AIS data (MMSI, position, identity) to disguise vessel movements.
Alarm Flooding: Denial of service condition on an Integrated Alarm and Monitoring System in which excessive alarms mask a genuine cyber or safety event.
Anomaly Detection: Security monitoring technique that flags deviations from a learned baseline of shipboard network or process behavior.
Anti-malware: Software that detects, blocks and removes malicious code on endpoints and servers.
Antivirus Signature: Pattern used by anti malware to identify known threats, requiring periodic update on vessels with limited connectivity.
Application Whitelisting: Endpoint control allowing only approved executables to run, a key OT defense.
Asset Inventory: Documented list of hardware, software and firmware required by NIST CSF Identify and IEC 62443 ZCR 1.
Asset Owner: Per IEC 62443, the organization accountable for the secure operation of an industrial automation and control system, typically the shipowner or operator.
Attack Surface: Sum of all paths through which an unauthorized user can attempt to access a system.
Attack Tree: Structured diagram decomposing a cyber attack goal into prerequisite steps, used in shipboard threat modeling.
Attribution: Process of identifying the actor behind a maritime cyber incident, considered notoriously difficult and rarely conclusive.
Audit Log: Tamper evident record of security relevant events on a system, required by ISO/IEC 27001 A.8.15.
Authentication: Process of verifying that a user, device, or message is what it claims to be, largely absent from legacy NMEA 0183 traffic.
Authorization: Process of granting an authenticated identity permission to perform specific actions on shipboard systems.
Automatic Identification System: VHF data system mandated by SOLAS Chapter V for vessels of 300 GT and above on international voyages.
Autonomous Surface Vessel: Uncrewed or minimally crewed ship whose dependence on remote command links concentrates cyber risk on shore control centers and satcom paths.
Availability: Fraction of operating time a machinery item is ready to perform its function.

B

Backdoor: Hidden method of bypassing normal authentication, commonly planted by APT actors.
Backup: Copy of data or system state retained for restoration after loss or compromise.
Ballast Water Management System Interface: Network or serial connection to the BWMS that can expose pump and valve control to a compromised LAN.
Baseline Configuration: Documented secure configuration of a system used to detect drift.
Bastion Host: Hardened jump server placed in a DMZ to broker administrative access into a protected zone.
Behavioral Analytics: Detection method that profiles normal user or device behavior on shipping company networks to surface insider or compromised account activity.
BIMCO Guidelines on Cyber Security Onboard Ships: Industry guidance authored by BIMCO and partner associations, with version 4 published in 2020 and updated thereafter, mapped to NIST functions.
Biometric Authentication: Use of fingerprint, face, or other biological markers to authenticate crew on selected shipboard or shore systems.
Black Sea GPS Spoofing 2017: June 2017 incident in which more than twenty vessels in the Black Sea reported GPS positions ashore at Gelendzhik airport, widely studied as a large scale GNSS spoofing event.
Blocklist: Set of network addresses, domains, or files denied by a shipboard security control.
Boot Sector Malware: Code that infects the master boot record or equivalent on a shipboard PC and executes before the operating system loads.
Botnet: Network of compromised hosts controlled remotely, occasionally implicating poorly secured maritime IoT and satcom routers.
Boundary Protection: Controls placed between shipboard network zones, including firewalls, data diodes, and unidirectional gateways.
Bridge LAN: Local area network connecting ECDIS, radar, conning, AIS, and other navigation equipment on the bridge.
Bring Your Own Device: Crew or contractor practice of connecting personal phones, tablets, and laptops to shipboard networks, a recurring vector cited by BIMCO guidance.
Brute Force Attack: Exhaustive trial of credentials against a shipboard or shore service.
Buffer Overflow: Memory corruption flaw exploited to execute attacker code, historically present in legacy navigation and engine software.
Business Continuity Plan: Procedures that keep critical shipping operations running during and after a cyber incident.
Business Email Compromise: Fraud in which attackers impersonate executives, agents, or counterparties to redirect maritime payments such as bunker invoices.
BV Cyber Managed: Bureau Veritas cybersecurity notation for vessels with managed cyber risk programs.
BV Cyber Resilient: Bureau Veritas additional class notation addressing technical cyber resilience of shipboard systems.

C

CAM Table Overflow: Layer 2 attack that fills a switch's content addressable memory to force traffic broadcast on the bridge or engine LAN.
Capability Maturity Model: Framework rating an organization's cyber processes from initial through optimized, used by OCIMF TMSA Element 13.
Cargo Hold Sensor Network: Distributed temperature, humidity, gas, and water sensors whose data integrity supports cargo claims and safety.
Cargo Manifest System: IT system holding bill of lading and cargo data targeted in several container line breaches.
Carrier Grade NAT: Address translation performed by a satcom provider that complicates direct attack but may also frustrate defender visibility.
Center for Internet Security Controls: Prioritized set of cybersecurity safeguards adapted by some shipping companies for fleet wide use.
CERT-Maritime: Generic label for maritime sector computer emergency response capabilities, with national equivalents such as Singapore's MarSec and France's M-CERT.
Certificate Authority: Entity that issues digital certificates used for ship to shore TLS and code signing.
Chain of Custody: Documented handling of digital evidence during a cyber incident investigation.
Change Management: Controlled process for modifying shipboard IT or OT configurations.
Chief Information Security Officer: Senior executive accountable for cybersecurity across a shipping company.
CIA Triad: Confidentiality, Integrity and Availability, the classical information security model.
ClassNK Cyber Security Approach Guidelines: Nippon Kaiji Kyokai guidance for software security management on ships and shipboard equipment.
CLIA Cybersecurity Guidelines: Cruise Lines International Association guidance for cyber risk management aboard passenger vessels.
Client Certificate: Digital certificate authenticating a device or user to a shipping company service over TLS.
CMA CGM 2020: September 2020 ransomware attack, attributed in open reporting to Ragnar Locker, that disrupted CMA CGM's external booking and tracking systems.
Code Signing: Cryptographic mechanism that proves the origin and integrity of firmware or software loaded on shipboard equipment.
Command and Control: Channel used by malware to receive instructions and exfiltrate data from compromised maritime hosts.
Common Vulnerabilities and Exposures: Reference catalog of publicly disclosed software flaws, including those affecting maritime systems.
Common Vulnerability Scoring System: Standard for rating the severity of disclosed software flaws.
Compensating Control: Alternate safeguard used when a required control is not feasible.
Computer Emergency Response Team: Organized capability for receiving, triaging, and responding to cyber incidents.
Confidentiality: Property that information is not disclosed to unauthorized parties.
Configuration Management Database: Repository describing shipboard assets and their relationships.
Container Inspection Targeting System: Customs system that selects containers for examination and that has been targeted to facilitate smuggling.
Continuous Monitoring: Ongoing observation of shipboard and shore systems to detect security events.
Contractual Cyber Clause: BIMCO Cyber Security Clause 2019 and similar provisions allocating cyber risk between charter parties.
Control System: Hardware and software that monitors and operates physical processes on board.
COSCO 2018: July 2018 ransomware incident that took COSCO Shipping Lines Americas offline and required isolation of US offices.
COSCO Lines Americas Recovery: Recovery work after the 2018 ransomware incident that involved network rebuild and phased service restoration.
Counter Antivirus Service: Underground service used by attackers to confirm that malware evades commercial defenses, occasionally cited in maritime threat reporting.
Credential Stuffing: Automated reuse of leaked username and password pairs against shipping company portals.
Critical Infrastructure: Designated systems whose disruption has national-security impact, including ports.
Cross Site Scripting: Web flaw allowing attackers to inject script into pages served by shipping portals.
Cruise Ship Cyber Risk: Concentration of payment, hospitality, medical, and OT systems on passenger vessels that elevates exposure relative to most cargo ships.
Cryptographic Hash: One way function used to verify integrity of shipboard files and chart updates.
CSO Cyber Coordination: Coordination between the Company Security Officer under the ISPS Code and the cyber risk lead, often the same person on smaller operators.
Cyber Hygiene: Routine practices (patching, passwords, segmentation) reducing OT/IT risk.
Cyber Insurance: Policy covering losses from cyber incidents, with maritime specific exclusions for war and infrastructure events.
Cyber Kill Chain: Lockheed Martin model describing the phases of a targeted intrusion from reconnaissance through actions on objectives.
Cyber Range: Simulated environment used to train shipboard and shore personnel against realistic attack scenarios.
Cyber Resilience: design and operational property addressed by IACS UR-E26 and UR-E27.
Cyber Risk Assessment: Structured analysis of threats, vulnerabilities, and consequences for shipboard and shore systems.
Cyber Risk Management: Process required by IMO Resolution MSC.428(98) to be addressed in the Safety Management System.
Cyber Safety: Aspect of safety addressing failures in cyber enabled systems that could harm people, ship, or environment.
Cyber Security Officer: Person designated within the safety management system or company structure to coordinate cyber risk activities.
Cyber Tabletop Exercise: Discussion based drill walking master, officers, and shore staff through a simulated incident.
Cyber Threat Intelligence: Curated information about adversaries, their tools, and their targets, including maritime sector reporting.

D

Data Diode: One-way hardware enforced gateway used to send OT telemetry to IT without enabling reverse access.
Data Exfiltration: Unauthorized transfer of data from a shipping company network to an external location.
Data Loss Prevention: Technical and procedural controls that detect or block unauthorized movement of sensitive data.
Data Sanitization: Procedure to remove data from shipboard storage before disposal or transfer.
Decryption Key: Key required to recover encrypted data, sometimes withheld by ransomware operators after payment.
Deep Packet Inspection: Network analysis technique that examines protocol payloads, used selectively in shipboard monitoring.
Defense in Depth: Layered security strategy combining technical, procedural, and physical controls.
Demilitarized Zone: Network segment that brokers traffic between untrusted external networks and internal shipboard systems.
Denial of Service: Attack that degrades or interrupts the availability of a shipboard or shore service.
Detect Function: NIST Cybersecurity Framework function focused on timely discovery of cyber events.
Device Identity: Cryptographic identifier bound to a piece of equipment, increasingly required by IACS UR E27.
Diaplous Maritime Services 2023: Greek maritime security firm publicly reported to have suffered a cyber incident in 2023, illustrating exposure of armed guard providers.
Differential Backup: Backup capturing changes since the last full backup, used in shipboard recovery planning.
Digital Forensics: Systematic recovery and analysis of digital evidence from shipboard systems after an incident.
Digital Signature: Cryptographic proof of origin and integrity, used in chart updates and firmware distribution.
Disaster Recovery: Plans and procedures to restore IT services after major disruption.
DMZ Shipboard: Buffer network on a vessel that separates crew internet access and business systems from navigation and propulsion networks.
DNP3: Distributed Network Protocol common in utility ICS environments and occasionally found in port and shipyard infrastructure.
DNS Hijacking: Manipulation of domain name resolution to redirect maritime traffic to attacker controlled servers.
DNV Cyber Secure: DNV class notation for cyber-secure ships.
DNV ShipManager 2023: January 2023 ransomware attack on DNV's ShipManager fleet management software server infrastructure that affected use by approximately 70 customers and around 1,000 vessels.
Domain Generation Algorithm: Technique used by malware to compute large numbers of candidate command and control domains.
Drydock Cyber Refit: Planned cyber upgrade during a vessel's drydocking, including firmware, segmentation, and monitoring improvements.
Dynamic Positioning Cyber Risk: Risk that compromise of DP control, reference, or sensor systems leads to loss of position with safety consequences for offshore operations.

E

Eavesdropping: Passive interception of shipboard or shore communications.
ECDIS: Electronic Chart Display and Information System per IMO MSC.232(82).
ECDIS Hardening: Application of vendor and class society guidance to limit services, accounts, and removable media on ECDIS workstations.
ECDIS Update USB Infection: Recurring attack pattern in which infected USB media used to apply chart or software updates introduce malware to a navigation network.
Electronic Logbook: Digital record of voyage events whose integrity is relevant to regulatory acceptance.
Email Filtering: Inbound mail security control that reduces phishing reaching shipping company users.
Encryption in Transit: Protection of data moving over networks using cryptography such as TLS or IPsec.
Encryption-At-Rest: Protection of stored ship/port data.
Endpoint Detection and Response: Host based platform that records detailed system telemetry to detect and contain threats.
ENISA Port Cybersecurity: European Union Agency for Cybersecurity guidance, including the 2019 Port Cybersecurity Good Practices for Cybersecurity in the Maritime Sector.
ENISA Threat Landscape: Annual ENISA publication that periodically includes a dedicated maritime or transport sector edition.
Enterprise Resource Planning System: Shore based system handling finance, crewing, procurement, and operations, frequent target of ransomware.
Ephemeral Key: Short lived cryptographic key used for a single session.
EU Maritime Security Strategy: 2014 (revised 2023) framework for EU action.
EU NIS2 Directive: 2022 EU cyber directive covering critical infrastructure including ports.
European Maritime Safety Agency Guidance: EMSA work on cybersecurity awareness and best practice for the EU shipping sector.
Event Correlation: SIEM capability that links related events from multiple sources into an incident.
Evidence Preservation: Procedures to preserve shipboard logs, images, and removable media for forensic and legal use.
Exfiltration over C2 Channel: MITRE ATT&CK technique describing data theft via the same channel used for command and control.
Exploit Kit: Toolset that automates exploitation of browser or plugin vulnerabilities against visitors to a compromised site.
External Penetration Test: Authorized attack simulation conducted from outside a shipping company's network perimeter.

F

Fail-Safe: Design principle ensuring failure of one element does not cause progressive collapse.
Failover: Automatic transfer of operations to a redundant system after a failure or attack.
False Flag: Ship displaying ensign or AIS identity of another state to mask identity.
False Positive: Alert that mistakenly indicates malicious activity, common during initial deployment of OT monitoring.
File Integrity Monitoring: Control that detects unauthorized changes to critical files on a ship's IT or OT host.
Fileless Malware: Malicious code that resides primarily in memory and abuses legitimate tools, harder to detect on shipboard hosts with limited telemetry.
Firewall: Network device enforcing traffic policy between zones.
Firmware: Low level software embedded in devices such as VDRs, gateways and PLCs.
Firmware Signing: Cryptographic verification of firmware before installation on shipboard equipment.
Fleet Cyber Operations Center: Shore based capability monitoring multiple vessels for cyber events.
Fleet Xpress: Inmarsat Ka-band/L-band hybrid service.
Forensic Image: Bit for bit copy of shipboard storage media preserved for analysis.
Forwarding Information Base: Routing table used by a switch or router to forward traffic on shipboard networks.

G

Galileo: EU GNSS constellation.
Gateway: Device that bridges different protocols or zones, often the interface between OT and IT on board.
Geofencing: Virtual perimeter for AIS or fleet management alerts.
GLONASS: Russian GNSS constellation.
GNSS Spoofing: Transmission of false signals to mislead PNT receivers.
Governance: Oversight structure that assigns cyber risk accountability within a shipping company.
GPS Jamming: Interference with GNSS signals, regularly reported in the eastern Mediterranean, Black Sea and Persian Gulf.
GPS Spoofing: Transmission of false GNSS signals causing receivers to compute incorrect positions.
Group Policy: Microsoft Windows mechanism used to apply security configuration across shipping company workstations.

H

Hardening: Cumulative physical and procedural measures making a vessel a less attractive target.
Hardware Security Module: Tamper resistant device that stores cryptographic keys used for code signing and authentication.
Hash Function: Algorithm that produces a fixed length value used to verify integrity of files and configurations.
Hellenic Shipyards 2018: 2018 incident involving Hellenic Shipyards reported in open sources, highlighting cyber exposure of shipyard infrastructure.
High Availability: Design objective for shipboard systems requiring minimal downtime.
Honeypot: Decoy system used to attract attackers and learn their techniques.
Host Based Intrusion Detection System: Endpoint agent that inspects local activity for signs of compromise.
HSE Cyber Briefing: Inclusion of cyber safety in shipboard health, safety, and environment briefings.
Human Machine Interface: Operator facing display and controls for a shipboard automation system, frequently a Windows or Linux PC.
Hybrid Threat: Coordinated combination of cyber, physical, information, and economic instruments against maritime interests.

I

IACS UR E22: Computer-based systems on board ships.
IACS UR E26: Cyber resilience of ships (new builds 1 Jul 2024+).
IACS UR E27: Cyber resilience of on-board systems and equipment (new builds 1 Jul 2024+).
IAMS: Integrated Alarm and Monitoring System aggregating alarms from shipboard machinery and processes.
IBS: Lloyd's Register Integrated Bridge System notation.
ICMS: Integrated control and monitoring system, single platform for propulsion, power, and auxiliary control.
Identify Function: NIST Cybersecurity Framework function focused on understanding cyber risk to systems, assets, data, and capabilities.
Identity and Access Management: Set of processes and tools governing user and device access across shipping company resources.
IEC 61162: Digital interface standard for marine electronics (NMEA 0183 family).
IEC 61162-460: Part of the IEC 61162 series specifying additional requirements for safe and secure data transmission on shipboard Ethernet networks.
IEC 62443: Industrial automation security standard, applied in OT shipboard networks.
IEC 62443-2-1: Part defining security program requirements for asset owners of industrial automation and control systems.
IEC 62443-3-3: System security requirements and security levels SL1 to SL4.
IEC 62443-4-1: Part defining secure product development lifecycle requirements applicable to shipboard equipment suppliers.
IEC 62443-4-2: Technical security requirements for IACS components.
IMO Cyber Risk Management Resolution: Common reference to Resolution MSC.428(98) requiring administrations to ensure cyber risks are appropriately addressed in safety management systems.
IMO MSC-FAL.1/Circ.3/Rev.2: Joint MSC FAL circular providing Guidelines on Maritime Cyber Risk Management, revision 2 issued in 2022.
IMO MSC.428(98): Maritime cyber risk management in SMS.
Incident: Marine event short of a casualty that could have led to one, sometimes called a near miss.
Incident Commander: Person leading response to a cyber incident on a ship or in a shipping company.
Incident Response Plan: Documented procedures for detecting, containing and recovering from cyber incidents.
Indicators of Compromise: Forensic artifacts such as hashes, domains, or registry keys that point to known threats.
Industrial Control System: Computer based system that monitors or controls physical processes such as propulsion, cargo handling, or ballast.
Information Sharing and Analysis Center: Sector based body for sharing cyber threat information, with maritime activity centered in MTS-ISAC.
Information Technology: Class of systems handling business data such as email, ERP, and cargo planning.
Inmarsat Fleet Xpress: Satellite broadband service widely used by merchant ships, comprising Ka band and L band components.
Insider Threat: Cyber/security risk from authorized personnel.
Integrity: Security property requiring that information and systems are not altered by unauthorized parties.
Internal Network Penetration Test: Authorized attack simulation conducted from inside a shipping company's network.
Internet of Things: Network of embedded devices increasingly deployed for cargo monitoring, environmental sensing, and predictive maintenance.
Intrusion Detection System: Sensor based platform that alerts on suspicious activity in shipboard or shore networks.
Intrusion Prevention System: Inline sensor that blocks detected attacks in addition to alerting.
IPMS: Integrated Platform Management System combining propulsion, electrical, and auxiliary control, common on naval and offshore vessels.
IPsec: Suite of protocols providing authenticated and encrypted communication, used for ship to shore VPNs.
Iran Shahid Rajaee Port 2020: May 2020 cyber attack that disrupted operations at Iran's Shahid Rajaee container port near Bandar Abbas, widely reported in open sources.
Iridium Certus: L-band satellite broadband service (GMDSS-recognized 2020).
ISA/IEC 62443 Conduit: Logical grouping of communication channels between security zones, used in shipboard segmentation design.
ISA/IEC 62443 Zone: Grouping of assets sharing common security requirements, used in shipboard segmentation design.
ISM Code Cyber Integration: Inclusion of cyber risk management within the International Safety Management Code as required by Resolution MSC.428(98).
ISO/IEC 27001: Information security management standard widely adopted in shipping.
ISO/IEC 27002: Code of practice providing information security controls referenced by ISO/IEC 27001 implementations.
ISPS Code Interface: Coordination between the International Ship and Port Facility Security Code and cyber risk management, particularly at facilities under USCG NVIC 01-20.
Israeli Ports Cyber Friction: Series of reported cyber incidents and operational disruptions affecting Israeli port infrastructure since 2020, including the Shahid Rajaee event widely reported as Israeli linked.

J

Jamming: Radio frequency interference denying use of a service such as GNSS or VSAT.
Jump Box: See Bastion Host.

K

Kerberos: Network authentication protocol used by Active Directory on shore and some shipboard environments.
Key Management: Lifecycle handling of cryptographic keys including generation, distribution, storage, rotation, and destruction.
Key Rotation: Periodic replacement of cryptographic keys to limit exposure from compromise.
Keylogger: Software or hardware that records keystrokes, used to harvest credentials.
Killchain Mapping: Use of the cyber kill chain to plan detection coverage across shipboard and shore systems.
KR Cyber: Korean Register notation scheme addressing cyber resilience of ships and on board systems.
KVH: Maritime satellite communications provider whose Ku and Ka band services are used by merchant and fishing fleets.

L

Lateral Movement: Adversary technique of pivoting from an initial foothold to other hosts.
Least Privilege: Principle that users and processes have only the permissions necessary.
Legacy System: Equipment that has reached end of vendor support, common on board ships with long lifecycles.
Lifecycle Management: Coordinated planning of acquisition, operation, maintenance, and disposal of shipboard systems.
Local Area Network: Network within a defined area such as a bridge, engine control room, or vessel.
Logging: Recording of system events for monitoring, troubleshooting, and forensics.
LR ShipRight CyberSAFE: Lloyd's Register ShipRight procedure addressing cyber security capability for ships and offshore units.

M

Maersk NotPetya 2017: June 2017 incident in which the NotPetya wiper, dispersed initially through compromised Ukrainian tax software, propagated through A.P. Moller-Maersk's network, with publicly reported losses of…
Malicious Insider: Authorized user who deliberately abuses access to harm a shipping company or vessel.
Malware: Software designed to cause unauthorized effects on shipboard or shore systems.
Managed Security Service Provider: External provider that operates security functions such as monitoring and response for shipping companies.
Maritime Cyber Baseline: Common term for a defined minimum set of cyber controls expected on board, used by several class societies.
Maritime Transportation Security Act: US law of 2002 implementing the ISPS Code, with cyber risk addressed by USCG NVIC 01-20 at regulated facilities.
Marlink: Maritime satellite communications and IT services provider supporting many merchant and offshore operators.
MARSEC Levels: ISPS Code maritime security levels 1, 2 and 3.
MASS Cyber Considerations: Cyber aspects of Maritime Autonomous Surface Ships addressed in IMO work and class society guidance.
Master Key: Cryptographic key used to protect other keys, requiring stringent handling.
Mean Time to Detect: Average time between the onset of a malicious event and its detection.
Mean Time to Respond: Average time between detection of a cyber event and effective response.
Memorandum of Understanding: MOU, regional cooperative agreement among port states for harmonized PSC.
Microsoft Windows on Bridge: Common operating environment for ECDIS, conning, and planning workstations, requiring patch and antivirus discipline.
MITRE ATT and CK: Public knowledge base of adversary tactics and techniques.
MITRE ATT and CK for ICS: ATT and CK matrix for industrial control systems.
Modbus: Serial fieldbus protocol common in marine automation.
MSC 2020: April 2020 outage of MSC Mediterranean Shipping Company's data center attributed to malware, which took MSC's website and several digital services offline.