Home Courses Maritime OT Cybersecurity
Available | Agent: ODIN | 4 Modules

Maritime OT
Cybersecurity

ODIN — Operational Defense Intelligence Navigator

Train your crew to defend what moves the world.

Real Client Deliverable Built for FortressGuard

Compliance-ready for ISM Code, IMO MSC-FAL.1/Circ.3, and port state control requirements.

IEC 62443 BIMCO Guidelines NIST SP 800-82 IMO MSC-FAL.1/Circ.3 ISM Code IMO MSC 428(98)
Buy Team License Buy Scale License View Confirmation Page
Course Overview

Four modules. Every maritime operator, protected.

Modern ships run on systems designed before cybersecurity existed. ECDIS, IPMS, AIS, GPS — these are Operational Technology systems that control physical machinery. When they're compromised, the consequences aren't data loss. They're engine failures, navigation errors, and cargo incidents.

This course was built to give maritime professionals — bridge officers, engineers, fleet managers, DPAs — the knowledge they need to understand, identify, and manage cyber threats to OT systems without needing an IT background.

Target Audience
Masters & Deck Officers Chief & Second Engineers Fleet Managers Designated Person Ashore (DPA) Port Operations Managers No IT Background Required
The Curriculum

From fundamentals to action — in four sessions.

Module 01
~20 min

OT Fundamentals for Maritime Operators

The conceptual foundation every officer needs — no IT experience required.

What OT is vs IT — and why the distinction is critical at sea
5+ OT systems on a typical commercial vessel: ECDIS, IPMS, AIS, GPS, VDR, GMDSS, radar, engine management
Why ships are uniquely vulnerable: 20-year-old systems, satellite connectivity, no mid-voyage reboots
Real incidents: NotPetya cost Maersk $300M. GPS spoofing events in the Black Sea and Persian Gulf — documented cases.
Key Outcome

Officers can name every OT system on their vessel and articulate exactly how a cyber incident could affect its operation — before the course ends.

Module 02
~25 min

Maritime Cyber Threats — What Attackers Actually Do

Threat models built for maritime context — not generic IT threat catalogues.

Phishing USB Attacks GPS Spoofing AIS Manipulation Ransomware Supply Chain Remote Access
Warning signs of cyber incidents: system slowness, unexpected alarms, network anomalies on bridge consoles
Who's targeting maritime: criminal organizations, nation-state actors, hacktivists, insider threats — threat profiles for each
Tabletop scenario: walk through a simulated GPS spoofing incident from bridge detection to incident log
Key Outcome

Officers can identify behavioral indicators of each attack type and know the correct immediate response for the vessel context.

Module 03
~20 min

Compliance Frameworks — What the Rules Require

Mandatory requirements, classification society expectations, and port state control — without the legal jargon.

IMO MSC-FAL.1/Circ.3 and ISM Code requirements — mandatory since January 1, 2021 for all flag state vessels
BIMCO Guidelines, IEC 62443 industrial control systems standard, NIST SP 800-82 Rev. 3
Port state control cybersecurity checks — what PSC inspectors look for and document during inspections
Classification society cyber notations: DNV Cyber Secure, Lloyd's Register, Bureau Veritas, ABS, ClassNK
US-specific: USCG Cyber Strategy, MTSA facilities, Executive Order 14116 (February 2024)
Key Outcome

Officers and DPAs can walk through a port state control inspection's cyber component and answer every standard question with documented evidence.

Module 04
~30 min

Gap Assessment — Finding and Fixing Your Weaknesses

A structured five-stage methodology to assess any vessel's cyber posture — without calling an external consultant.

Five-Stage Methodology
01
Asset Inventory
Catalogue every OT system, connection, and interface onboard
02
Network Mapping
Trace data flows between OT systems, IT networks, and satellite links
03
Control Assessment
IEC 62443 FR 1–7 foundational requirements checklist
04
Gap Scoring
Risk matrix: Likelihood × Impact — prioritized scoring per system
05
Remediation Planning
Build a prioritized action plan mapped to your SMS documentation
Key Outcome

Fleet managers and DPAs leave with a completed gap assessment template and a prioritized remediation roadmap they can present to ownership.

"
The ships carrying your cargo run on 20-year-old systems connected to satellite internet. That's not a metaphor. That's the attack surface.

Maritime OT Cybersecurity — ODIN

Governance Infrastructure

TRIDENT Governance Built In

Every session logged. Every regulatory reference cited and version-tracked. Every AI decision written to an immutable audit trail — reviewable by DPAs, flag state auditors, and port state control inspectors.

ODIN Agent

Scanned for prompt injection before every response. Security posture enforced at the infrastructure layer, not policy.

Regulatory Citations

IEC 62443, BIMCO, NIST, and IMO references tracked by document version. No stale compliance data.

Session Logs

Exportable for SMS compliance documentation. Audit-ready evidence packages for flag state and PSC inspections.

Course Design Philosophy

What sets this apart from generic cybersecurity training.

Maritime-First Language

Bridge watch terminology, SOLAS comparisons, vessel operational rhythms — not corporate IT metaphors. A chief engineer understands IPMS risk, not "SCADA vulnerabilities."

Physical Consequences Focus

OT attacks cause engine failures and navigation errors — not just data loss. Every module grounds cyber risk in physical, operational, and commercial consequences officers already understand.

Compliance-Mapped

Every concept traced to IMO, BIMCO, IEC 62443, or NIST. Learners understand what regulators require — not just what's considered best practice — and why those requirements exist.

Regulatory Coverage
IMO BIMCO IEC 62443 NIST SP 800-82 ISM Code Port State Control USCG EO 14116
Ready to Deploy

Ready to protect
your fleet?

This course was built as a real client deliverable for a maritime security organization. We can deploy it for your fleet, adapt it to your SMS, and integrate it with your existing compliance documentation.

Buy Team License Buy Scale License
Fleet deployment ready
SMS-compatible outputs
TRIDENT audit logs included