MARITIME IT/OT ASSURANCE
Securing the sea lanes
Twenty years of U.S. Naval experience in shipboard technology — applied to IT and OT compliance for vessels, aligned to IMO MSC.428(98) and the NIST framework.
The Strategy
Securing the maritime domain
The maritime industry’s growing reliance on digital, networked systems has introduced vulnerabilities that cyber threats can exploit. Operational technology — from shipboard navigation to automated port cranes and cargo logistics — needs protection that IT-focused security alone does not provide.
SEMAIS aligns its work to the U.S. National Strategy for Maritime Security and its National Maritime Cybersecurity Plan — integrating cyber risk into the protection of the Marine Transportation System across both IT and OT.
National Strategy Alignment
- Maritime Domain Awareness — visibility before disruption
- Layered Security — defense in depth from bridge to port to enterprise
- Workforce & Standards — skilled personnel and common cyber standards
The Heritage
Twenty years at sea behind every assessment
SEMAIS founder Dewayne Hart spent twenty years in the U.S. Navy as a Fire Controlman — operating, testing, and sustaining shipboard combat and control systems. That is not theoretical maritime knowledge; it is firsthand experience with the navigation, weapons, and machinery systems that maritime OT security has to protect.
We bring that operational fluency to every engagement — translating the realities of shipboard operations into cyber risk assessments, control implementations, and resilience plans that hold up at sea, not just on paper. It is what lets us speak the language of both the bridge and the SOC.
What Naval Experience Brings
- Hands-on knowledge of shipboard combat and control systems
- Realistic threat modeling grounded in operations at sea
- Fluency with naval acquisition and sustainment processes
- Credibility with vessel operators, shipyards, and command staff
The Threats
Where maritime cyber risk is growing
Maritime environments blend enterprise IT (crew systems, passenger Wi-Fi, comms) with operational technology (bridge, navigation, GPS/ECDIS, SCADA, propulsion, cargo handling) — and the convergence between them is where risk concentrates.
IT/OT Convergence
One weak link between shipboard, shoreside, and port systems can cascade across the supply chain.
Supply Chain Attacks
A single port incident can disrupt operations with significant economic impact.
Autonomous Vessels
The shift to Maritime Autonomous Surface Ships (MASS) moves the attack surface toward the network.
What assessments routinely uncover
Weak Credentials & Access
Default or never-changed passwords, credentials stored insecurely, and crew Wi-Fi opening paths into OT.
Uncontrolled Media & Devices
Unmanaged USB sticks, personal backup drives, and infected maintenance laptops bridging separate systems.
Unpatched & Misconfigured Systems
Years-out-of-date operating systems and firewalls installed but disconnected or left on default settings.
Third-Party & Zero-Day Exposure
Previously unseen vulnerabilities introduced through hardware and software across the maritime value chain.
The stakes are not just data. When these gaps are exploited, attackers can impede vessel operations, manipulate navigation and bridge systems, knock out propulsion or cargo control, and force costly downtime — threatening crew safety, the marine environment, and the flow of trade, with liability and insurance exposure close behind. SEMAIS has maritime covered — from shipboard OT to shoreside IT, we assess, harden, and sustain the systems that keep vessels operating safely under threat.
Our Security Approach
Defending the maritime domain end to end
Resilience — not just prevention — drives our work. SEMAIS applies a five-function security model across all fleets and operators, so a cyber incident never becomes a safety or mission failure.
Identify
Discover threats and vulnerabilities across shipboard assets, data, and applications — assessing systems against the NIST CSF and IMO requirements.
Protect
Secure shipboard systems, critical services, and users — protecting digital and physical infrastructure while reducing operational blind spots.
Detect
Continuously assess endpoints, networks, and behavior to identify exploits, anomalies, and system deficiencies affecting operations.
Respond
Counter threats that impede system availability — enforcing oversight controls and reducing vessel downtime.
Recover
Restore operations after adverse conditions with procedures that keep shipboard systems running and adapt over time.
Who we support
U.S. Navy
Combat and control system assurance grounded in 20 years of shipboard experience — RMF authorization, OT hardening, and continuous monitoring aligned to DoD 8500-series requirements.
U.S. Coast Guard
USCG cyber and MTSA facility support — Cybersecurity Plans, Cyber Incident Response Plans, annual assessments, and CySO advisory under NVIC 01-20.
DOT / MARAD
Securing Strategic Sealift, the Ready Reserve Force, the National Defense Reserve Fleet, and National Security Multi-Mission Vessels (NSMV), plus ports and workforce programs.
Merchant & Commercial Vessels
Cyber risk assessments and onboard OT protection for U.S.-flag carriers — aligned to IMO MSC.428(98), the ISM Code, and BIMCO guidelines.
Cruise & Passenger Ships
Protecting passenger-facing networks, navigation and bridge systems, and safety-critical OT across high-occupancy vessels.
Ports & Shoreside
Securing port OT, cargo handling, and access control where shipboard systems converge with shoreside, customs, and logistics networks.
Standards we map vessels and ports against
We design safe, secure the vessel, and sustain readiness through network segmentation, penetration testing, and redundant operations — all mapped to the standards that matter. Each customer below operates under a different mission and regulatory regime, so we tailor the approach rather than apply a template. What stays constant is the goal: systems that keep operating safely even under attack.
IMO & Class
IMO MSC.428(98) and MSC-FAL.1/Circ.3, the ISM Code, and BIMCO Guidelines on Cyber Security Onboard Ships.
U.S. Regulatory
USCG NVIC 01-20 for MTSA-regulated facilities and the National Maritime Cybersecurity Plan, aligned to the NIST CSF.
OT & Technical
IEC 62443, IEC 61162-460 for navigation and radio equipment, and the ISO/IEC 27000 family.
RELATED INSIGHTS
Maritime cyber assurance — go deeper
Bring naval-grade OT security to your fleet
SEMAIS pairs maritime IT/OT assurance with deep Navy combat-systems experience.