Extended Operational and Trade Vocabulary

Maritime Cybersecurity glossary (page 2)

The cybersecurity assurance vocabulary: the ABS CyberSafety and FCI cyber-risk methods, access control lists and account lockout, Active Directory deployment, and the device-level scoring and network-segmentation terms. Grounds each term in the cyber notation or the OT control it belongs to, the assurance counterpart to the OT/IT section.

441 defined terms.

Showing 191 on this page (page 2 of 2).

M

MSC-FAL.1/Circ.3: Original IMO joint circular providing Guidelines on Maritime Cyber Risk Management, superseded by Rev.1 and then Rev.2.
MTS-ISAC: Maritime Transportation System Information Sharing and Analysis Center, a US based body for sharing maritime cyber threat information.
Multi Factor Authentication: Authentication requiring two or more factors, increasingly mandated for remote access to shipping company systems.
Mutual TLS: Bidirectional certificate based authentication used between trusted shore and ship services.

N

National Cyber Security Centre Maritime Guidance: Country specific cyber guidance such as the UK Department for Transport's Code of Practice for Cyber Security for Ships.
NCSC UK Code of Practice for Cyber Security for Ships: 2017 publication by the UK Department for Transport and supporting bodies setting out principles and controls for shipboard cyber security.
Network Address Translation: Function that maps internal addresses to external ones, common in satcom routers.
Network Segmentation: Division of a network into zones with controlled inter-zone communication.
Network Tap: Passive device for mirroring traffic to a monitoring tool without affecting the link.
Network Time Protocol: Protocol used to synchronize clocks, important for log correlation and certificate validity.
NIS Directive: Original 2016 European Union directive on security of network and information systems, succeeded by NIS2.
NIS2 Directive: See EU NIS2 Directive 2022/2555.
NIST Cybersecurity Framework: US National Institute of Standards and Technology voluntary framework cited in BIMCO guidelines.
NIST SP 800-171: US standard for protecting controlled unclassified information in non federal systems, relevant to maritime defense contractors.
NIST SP 800-53: US federal catalog of security and privacy controls referenced by some maritime operators.
NIST SP 800-61: US guide to computer security incident handling used by maritime incident response teams.
NIST SP 800-82: US guide to industrial control systems security, applicable to shipboard OT.
NMEA 0183: Marine electronics serial data standard.
NMEA 2000: CAN-based marine data network.
NMEA OneNet: Ethernet based marine networking standard developed by NMEA for IP based navigation networks.
Noisy Neighbor: Tenant or process whose behavior interferes with others on a shared shipboard or cloud platform.
Non Repudiation: Property that the originator of an action cannot credibly deny having performed it.
Notification of Suspected Incident: Formal alert sent by ship or company personnel when a cyber event is suspected.
NotPetya: June 2017 wiper malware that propagated through MeDoc Ukrainian tax software, impacting Maersk and others.

O

OCIMF TMSA Element 13: Element of the Oil Companies International Marine Forum's Tanker Management and Self Assessment program focused on maritime security including cybersecurity.
OEM Remote Access: Connection used by an original equipment manufacturer to support shipboard equipment, often via satcom and a vendor portal.
OPC UA: Industrial interoperability standard used in shipboard automation.
Operational Technology: Hardware and software that detects or causes changes through direct monitoring or control of physical devices on board.
OT Firewall: Firewall placed at the boundary between IT and OT zones, often with industrial protocol awareness.
OT Penetration Testing: Authorized testing conducted with extra safety constraints on shipboard or port operational technology systems.

P

Patch Management: Cyber-control practice for shipboard systems.
Payload: Component of an attack that performs the intended malicious action.
Payment Card Industry Data Security Standard: Standard governing handling of card data, relevant to cruise and ferry operators.
Penetration Test: Authorized simulated attack to identify exploitable weaknesses.
Phishing: Cyber social-engineering vector targeting crew and shore staff.
Physical Security Interface: Coordination between cyber and physical access controls, particularly at port facilities under USCG NVIC 01-20.
PKI: Public Key Infrastructure of certificate authorities, registration authorities, and relying parties supporting digital identity.
PLC: Programmable logic controller, foundation of modern marine automation.
Port community system: PCS, electronic data exchange platform.
Port Cybersecurity: Discipline of protecting port community systems, terminal operating systems, and control systems.
Port of Antwerp 2011-2013: Multi year intrusion in which criminal actors compromised port systems and the systems of forwarders to facilitate cocaine smuggling, disclosed by Belgian authorities in 2013.
Port of Barcelona 2018: September 2018 cyber attack on the Port of Barcelona that affected internal systems while operations continued.
Port of San Diego 2018: September 2018 ransomware attack on the Port of San Diego that affected information technology systems while cargo operations continued.
Port Security Officer: Officer responsible for port security, increasingly required to coordinate with cyber risk personnel.
Power Quality Monitor: Shipboard device whose communication interfaces may sit on the engineering LAN and create monitoring or exposure paths.
Pretexting: Social engineering technique using a fabricated scenario to obtain access or information.
Privileged Access Management: Controls for the use, monitoring, and rotation of privileged credentials.
Privileged Account: Account with elevated rights that warrants additional protection on shipboard and shore systems.
Process Hazard Analysis (Cyber): Combined-domain risk analysis on OT systems.
Procurement Cyber Clause: Contractual requirement obliging suppliers to meet specified cyber security controls for shipboard equipment.
Production Network: Network supporting live operational systems on board, including OT.
Propulsion Control LAN: Network connecting propulsion control units, common gateway target for OT compromise.
Protect Function: NIST Cybersecurity Framework function focused on safeguards to ensure delivery of critical services.
Protocol Gateway: Device that translates between industrial protocols and IP networks, often a sensitive choke point.
Public Key Infrastructure: Hierarchical system supporting issuance and validation of digital certificates.
Purdue Model: Reference architecture defining Levels 0 to 5 for ICS network segmentation.

Q

Quarantine: Isolation of a suspect file, device, or network segment to prevent further harm.
Quick Response Code Risk: Use of malicious QR codes to lure crew or office staff to attacker controlled sites.

R

Radar Spoofing: Injection or modification of radar returns to mislead operators or automated tracking systems.
RADius: Kongsberg microwave DP reference.
Ransomware: Malware encrypting systems and demanding payment; major shipping cyber threat.
Recover Function: NIST Cybersecurity Framework function focused on restoring impaired capabilities and services.
Recovery Point Objective: Maximum acceptable amount of data loss measured in time.
Recovery Time Objective: Maximum acceptable duration of service unavailability.
Red Team: Internal or external team that simulates adversary attacks.
Reflection Attack: Denial of service technique that abuses third party services to amplify traffic toward a victim.
Registry of Cyber Incidents: Internal log maintained by a shipping company of cyber incidents and near misses.
Remote Access: Network access to shipboard systems from outside the vessel, requiring strong authentication and segmentation.
Remote Code Execution: Vulnerability class allowing an attacker to run code on a target system.
Remote Monitoring: Service in which equipment vendors observe shipboard systems for performance and condition monitoring.
Replay Attack: Capture and retransmission of valid messages to cause unauthorized effect.
Residual Risk: Risk remaining after controls have been applied.
Respond Function: NIST Cybersecurity Framework function focused on action regarding a detected cybersecurity incident.
Restore Operations: Procedures to return shipboard systems to operational state after an incident.
Reverse Engineering: Analysis of software or firmware to understand its behavior, used by both defenders and attackers.
RFI Mitigation: Measures to address radio frequency interference affecting navigation and communication.
RINA Cyber Resilience: RINA notation addressing cyber resilience of shipboard systems.
Risk Acceptance: Documented decision to bear a specific risk without further treatment.
Risk Appetite: Amount and type of risk a shipping company is willing to pursue or retain.
Risk Register: Living record of identified risks, controls and treatments.
Risk Transfer: Treatment in which risk is shifted to another party, for example through insurance.
Rogue Access Point: Unauthorized wireless device that creates an attack path into shipboard networks.
Role Based Access Control: Access model in which permissions are assigned to roles rather than individual users.
Rootkit: Malware that conceals its presence on a host and resists removal.
Routine Update: Scheduled application of patches, signatures, and configuration changes.
RTU: Remote Terminal Unit used in distributed industrial control architectures.

S

Safety Management System Cyber Element: Component of the SMS that addresses cyber risks as required by MSC.428(98).
Sandbox: Isolated environment used to detonate suspect files or observe behavior of unknown software.
Satcom Router: Router that terminates a vessel's satellite link, historically a recurring source of exposure when default credentials are left in place.
Satellite Communications: Use of geostationary or non geostationary satellites to provide ship to shore connectivity.
SCADA: Supervisory Control and Data Acquisition system for distributed industrial processes.
Secure Boot: Mechanism that verifies firmware and operating system images before execution.
Secure Coding: Set of practices that reduce the likelihood of exploitable vulnerabilities in software supplied to ships.
Secure Configuration Baseline: Documented hardened state for a class of shipboard system.
Secure Remote Access: Controlled mechanism allowing authorized personnel to reach shipboard systems from shore.
Security Information and Event Management: Platform that aggregates and analyzes log and event data from across IT and OT.
Security level: ISPS Code level 1, 2, or 3 affecting ship security plan implementation.
Security Operations Center: Team and platform that monitors, detects, and responds to cyber events.
Security Patch: Vendor supplied update that addresses a specific vulnerability.
Security Policy: Documented set of rules and responsibilities governing protection of information and systems.
Security Zone: IEC 62443 concept describing a grouping of assets with common security requirements.
Segregation of Duties: Control splitting tasks to prevent fraud or error.
Sensor Hardening: Controls applied to environmental, motion, and cargo sensors to reduce their attack surface.
Service Level Agreement: Contract clause defining performance and availability commitments.
Session Hijacking: Theft of an authenticated session to impersonate a legitimate user.
Shadow IT: Unsanctioned IT systems and services used by personnel without central oversight.
Shipboard DMZ: Buffer network used to mediate traffic between crew, business, and OT networks on board.
ShipManager Incident 2023: Common short reference to the DNV ShipManager ransomware incident publicly disclosed in January 2023.
Shore Network: Shipping company office network that connects to vessels via satcom and other links.
SIEM Use Case: Predefined logic in a SIEM that detects a specific scenario such as suspicious authentication on a satcom router.
Signature Based Detection: Detection method that matches observed activity against known patterns.
Simulation Environment: Lab or virtualized setup used to safely test shipboard systems and incidents.
Single Sign On: Authentication scheme allowing one set of credentials to access multiple shipping company services.
Smishing: Phishing conducted through SMS or other mobile messaging channels.
SOAR: Security Orchestration, Automation, and Response platforms used to automate incident workflows.
Social Engineering: Manipulation of people to disclose information or take actions that compromise security.
Software Bill of Materials: Inventory of software components within a product, increasingly required for shipboard equipment.
Software Supply Chain: Sequence of activities and parties producing software used on board.
SOLAS Chapter V: Safety of Navigation.
Spear-Phishing: Targeted phishing against specific shore/ship staff.
Speedcast: Maritime communications service provider whose Ku and Ka band networks support many merchant and offshore vessels.
SQL Injection: Web vulnerability allowing manipulation of database queries through user input.
SSH: Secure Shell protocol used for encrypted command line access to shore and selected shipboard hosts.
Starlink Maritime: SpaceX LEO maritime broadband service.
Static Application Security Testing: Analysis of source code for security defects, applicable to shipboard software suppliers.
Stena Bulk 2020: Reported attempted cyber attack on Stena Bulk in 2020, illustrating targeting of tanker operators.
STRIDE: Threat modeling mnemonic for Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.
Subnetting: Division of an IP network into smaller logical networks, used in shipboard segmentation.
Supplier Cyber Assurance: Process of evaluating cyber capabilities and practices of suppliers of shipboard equipment and services.
Supply Chain Attack: Compromise via a trusted vendor or component, as in SolarWinds and MOVEit.
Switch Port Security: Switch configuration that restricts which devices may connect to a given port on shipboard networks.
System Hardening: Comprehensive reduction of attack surface across a shipboard system.
Systems of Systems: Recognition that shipboard cyber risk emerges from interactions among multiple independently designed systems.

T

Tabletop Exercise: Discussion based exercise simulating an incident scenario.
TARA: Threat Agent Risk Assessment methodology used in shipboard threat modeling.
Terminal operating system: TOS, e.g., Navis N4, CyberLogitec OPUS, Tideworks Mainsail.
Threat Actor: Individual or group conducting cyber attacks.
Threat Hunting: Proactive cyber-defense practice in OT/IT networks.
Threat Intelligence Platform: System for collecting, enriching, and disseminating cyber threat intelligence.
Threat Model: Structured representation of relevant threats to a shipboard system or process.
TLS: Transport Layer Security protocol providing authenticated and encrypted communication over IP networks.
TMSA: Tanker Management and Self-Assessment, OCIMF self-assessment tool, current edition TMSA 3.
Token Based Authentication: Use of hardware or software tokens to provide an authentication factor.
Traffic Light Protocol: Marking scheme governing sharing of sensitive cyber information among trusted partners.
Transport Encryption: Protection of data in transit using protocols such as TLS or IPsec.
Trojan: Malware disguised as legitimate software to deceive users into running it.
Trusted Platform Module: Hardware component that supports cryptographic operations and platform integrity measurement.
Two Factor Authentication: Authentication requiring two independent factors, often a password and a token or app generated code.
Type Approval Cyber: Inclusion of cyber requirements in type approval processes for shipboard equipment.

U

UN R155: United Nations Regulation No. 155 on cybersecurity for road vehicles, often referenced as a precedent for sector specific cyber regulation including discussions in maritime.
Underwater Infrastructure Cyber Risk: Cyber and cyber physical risk to subsea cables, pipelines, and offshore platforms.
Unidirectional Gateway: See Data Diode.
USB Sanitization Kiosk: Standalone device used to scan removable media before connection to shipboard systems.
USCG Marine Safety Information Bulletin: Periodic bulletin used by the US Coast Guard to communicate cyber risk advisories to industry.
USCG NVIC 01-20: US Coast Guard Navigation and Vessel Inspection Circular 01-20, Guidelines for Addressing Cyber Risks at Maritime Transportation Security Act Regulated Facilities.
USCG NVIC 02-22: US Coast Guard Navigation and Vessel Inspection Circular 02-22, Vessel Cyber Risk Management Work Instruction.
User Awareness Training: Recurring education program to improve crew and shore staff recognition of phishing and other social engineering.
User Behavior Analytics: Detection technique that learns normal patterns of user activity to surface anomalies.

V

VDR Tampering: Manipulation of Voyage Data Recorder contents or interfaces, with implications for casualty investigation integrity.
Vendor Remote Access: Connection used by a supplier to support shipboard equipment, typically a high value target.
Vessel Cyber Risk Assessment: Formal process of identifying and analyzing cyber risk for a specific ship.
Vessel Document of Compliance: Document issued under the ISM Code, the first annual verification of which after 1 January 2021 served as the deadline for cyber risk to be addressed in SMS per MSC.428(98).
Virtual LAN: Logical segmentation of a switched network used in shipboard architectures.
Virtual Private Network: Encrypted tunnel between two networks or between a remote user and a network.
Virtualization: Use of hypervisors to run multiple guest systems on shared hardware, used on some modern ship bridges.
Vital System: System whose failure would compromise safety of life, ship, or environment.
Voltage Surge Protection: Electrical protection whose failure can cascade into cyber relevant equipment outages.
Voyage data recorder: VDR or S-VDR under SOLAS.
Voyager Worldwide 2023: January 2023 cyber incident at maritime voyage planning software provider Voyager Worldwide that disrupted services used by shipping customers.
VPN Concentrator: Network device that terminates many VPN tunnels and enforces associated policies.
Vulnerability: Weakness in a system, process, or control that may be exploited by a threat.
Vulnerability Assessment: Systematic review identifying and prioritizing weaknesses.
Vulnerability Disclosure Policy: Published policy describing how external researchers may report vulnerabilities to a shipping company or equipment vendor.

W

Walled Garden: Restricted set of permitted destinations enforced for some shipboard internet access.
WAN Optimization: Techniques to improve performance of wide area links, often deployed on satcom paths.
War Driving: Practice of scanning for wireless networks from a moving vehicle or vessel.
Watering Hole Attack: Compromise of a website frequented by a target community to deliver malware.
Web Application Firewall: Filter that inspects HTTP traffic to web applications for malicious patterns.
Whaling: Hunting of whales; commercial whaling moratorium adopted by IWC in 1982 (effective 1986).
Whitelisting: Restriction of allowed software, hosts, or destinations to an approved list.
Wireless Access Point Hardening: Configuration measures that secure shipboard Wi Fi infrastructure.
Workforce Cyber Competency: Set of cyber knowledge, skills, and behaviors expected of crew and shore personnel.
Workstation Hardening: Application of security configuration to shipboard PCs including ECDIS and loading computer workstations.

X

X.509 Certificate: PKI certificate format used in eBL and SSAS.
XDR: Extended Detection and Response, an integrated approach combining endpoint, network, and cloud telemetry.

Y

Yard Cyber Acceptance: Cyber acceptance activities conducted at the shipyard during newbuild delivery, increasingly aligned to IACS UR E26.
Year One Cyber Audit: Common practice of conducting a focused cyber audit during the first year of vessel operation.

Z

Zero Day: Vulnerability unknown to the vendor at the time of exploitation.
Zero Trust: Architectural approach that assumes no implicit trust based on network location and verifies every access request.
Zone: Customs zone, freight rating zone, or environmental compliance zone.
Zone and Conduit Diagram: Representation of security zones and the conduits between them in a shipboard or shore environment.