MARITIME
IOActive established itself as a leader in maritime cybersecurity threatscape research in 2014 with the release of a technical white paper detailing numerous vulnerabilities in popular SATCOM systems and terminals.
The maritime industry has been a core focus of our research for the last decade. Smart and connected technologies create a technical attack surface that maritime designers and engineers of decades past could not have imagined.
Technologies such as satellite communications (SATCOM) play a vital role in keeping logistics and operations afloat, and cybersecurity threats to the industry pose risks not only to economies but also to national security.
Remote hardware connectivity, insecure protocols, weak authentication and access controls, zero-day vulnerabilities in logistics systems, and exploits designed to tamper with maritime vehicle telematics all pose significant cybersecurity risks to the maritime industry worldwide, not to mention global trade and economic stability. Other security challenges include vulnerable onboard software, GPS, GNSS, and obstacle detection systems.
IOActive focuses on the three maritime cybersecurity ecosystem areas for Information Technology (IT) and Operational Technology (OT):
- Vessel: SATCOM, IT/OT, navigation systems, and networks
- Ports: Networks and facility warehouses
- Infrastructure: Shore infrastructure interfaces
IOActive has now cemented its position as an expert in maritime cybersecurity risks and research by exploring very small aperture terminals (VSAT) systems and associated technologies, performing red team assessments of Security Operation Centers (SOCs), and conducting penetration tests of numerous onboard systems for our maritime clients.
Our research-driven services include penetration tests to examine the security of intermodal terminal operating systems, core vessel information systems, and remotely operated vessels.
However, IOActive’s offerings do not end there. We also have extensive experience in assessing on-vessel crew awareness and incident response capabilities.
In 2024, we provided a webinar for the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) titled, “Maritime Cybersecurity Penetration Testing and Common Vulnerabilities.”
Our webinar acted as an introduction to the different types of penetration testing, how to use results most effectively, and advice on how to secure the most value out of penetration testing efforts. In addition, we provided summaries of the analysis from dozens of maritime cybersecurity assessments (such as vessel, shore IT/OT networks, SATCOM, ports, and Web applications) that IOActive has conducted globally over the past decade, whilst also anonymizing the vulnerabilities and mapping them to ‘common’ vulnerability types.
We are also the proud sponsors of the annual MTS-ISAC Cybersecurity Summits.
IOActive’s cybersecurity expertise allows us to assist our customers with managing current and emerging threats, safeguarding supply chains, end users, customers, and society at large.
At IOActive, we take pride in supporting our transportation clients, assisting them to identify and manage the risks to their transportation networks and products worldwide.
Through our dedication to groundbreaking research, IOActive conducts research into vulnerabilities and risk factors that enhance global security standards and protocols. That is why the Global 1000 trusts us to help protect their assets, supply chains, and customers.