• SDVOSB — Certified by SBA
  • CAGE
  • 6WY63
  • UEI
  • N55TCNK111FZ5
  • SAM.gov Active
Twitter Linkedin-in Youtube
Contact
MARITIME IT/OT ASSURANCE

Securing the sea lanes

Twenty years of U.S. Naval experience in shipboard technology — applied to IT and OT compliance for vessels, aligned to IMO MSC.428(98) and the NIST framework.
Contact SEMAIS
Naval Support
The Strategy

Securing the maritime domain

The maritime industry’s growing reliance on digital, networked systems has introduced vulnerabilities that cyber threats can exploit. Operational technology — from shipboard navigation to automated port cranes and cargo logistics — needs protection that IT-focused security alone does not provide.
SEMAIS aligns its work to the U.S. National Strategy for Maritime Security and its National Maritime Cybersecurity Plan — integrating cyber risk into the protection of the Marine Transportation System across both IT and OT.

National Strategy Alignment

  • Maritime Domain Awareness — visibility before disruption
  • Layered Security — defense in depth from bridge to port to enterprise
  • Workforce & Standards — skilled personnel and common cyber standards
The Heritage

Twenty years at sea behind every assessment

SEMAIS founder Dewayne Hart spent twenty years in the U.S. Navy as a Fire Controlman — operating, testing, and sustaining shipboard combat and control systems. That is not theoretical maritime knowledge; it is firsthand experience with the navigation, weapons, and machinery systems that maritime OT security has to protect.

We bring that operational fluency to every engagement — translating the realities of shipboard operations into cyber risk assessments, control implementations, and resilience plans that hold up at sea, not just on paper. It is what lets us speak the language of both the bridge and the SOC.

What Naval Experience Brings

  • Hands-on knowledge of shipboard combat and control systems
  • Realistic threat modeling grounded in operations at sea
  • Fluency with naval acquisition and sustainment processes
  • Credibility with vessel operators, shipyards, and command staff
The Threats

Where maritime cyber risk is growing

Maritime environments blend enterprise IT (crew systems, passenger Wi-Fi, comms) with operational technology (bridge, navigation, GPS/ECDIS, SCADA, propulsion, cargo handling) — and the convergence between them is where risk concentrates.
IT/OT Convergence
One weak link between shipboard, shoreside, and port systems can cascade across the supply chain.
Supply Chain Attacks
A single port incident can disrupt operations with significant economic impact.
Autonomous Vessels
The shift to Maritime Autonomous Surface Ships (MASS) moves the attack surface toward the network.

What assessments routinely uncover

Weak Credentials & Access
Default or never-changed passwords, credentials stored insecurely, and crew Wi-Fi opening paths into OT.
Uncontrolled Media & Devices
Unmanaged USB sticks, personal backup drives, and infected maintenance laptops bridging separate systems.
Unpatched & Misconfigured Systems
Years-out-of-date operating systems and firewalls installed but disconnected or left on default settings.
Third-Party & Zero-Day Exposure
Previously unseen vulnerabilities introduced through hardware and software across the maritime value chain.
” The stakes are not just data. When these gaps are exploited, attackers can impede vessel operations, manipulate navigation and bridge systems, knock out propulsion or cargo control, and force costly downtime — threatening crew safety, the marine environment, and the flow of trade, with liability and insurance exposure close behind. SEMAIS has maritime covered — from shipboard OT to shoreside IT, we assess, harden, and sustain the systems that keep vessels operating safely under threat. “
Our Security Approach

Defending the maritime domain end to end

Resilience — not just prevention — drives our work. SEMAIS applies a five-function security model across all fleets and operators, so a cyber incident never becomes a safety or mission failure.
Identify

Discover threats and vulnerabilities across shipboard assets, data, and applications — assessing systems against the NIST CSF and IMO requirements.

Protect

Secure shipboard systems, critical services, and users — protecting digital and physical infrastructure while reducing operational blind spots.

Detect

Continuously assess endpoints, networks, and behavior to identify exploits, anomalies, and system deficiencies affecting operations.

Respond
Counter threats that impede system availability — enforcing oversight controls and reducing vessel downtime.
Recover
Restore operations after adverse conditions with procedures that keep shipboard systems running and adapt over time.

Who we support

U.S. Navy

Combat and control system assurance grounded in 20 years of shipboard experience — RMF authorization, OT hardening, and continuous monitoring aligned to DoD 8500-series requirements.

U.S. Coast Guard

USCG cyber and MTSA facility support — Cybersecurity Plans, Cyber Incident Response Plans, annual assessments, and CySO advisory under NVIC 01-20.

DOT / MARAD

Securing Strategic Sealift, the Ready Reserve Force, the National Defense Reserve Fleet, and National Security Multi-Mission Vessels (NSMV), plus ports and workforce programs.

Merchant & Commercial Vessels
Cyber risk assessments and onboard OT protection for U.S.-flag carriers — aligned to IMO MSC.428(98), the ISM Code, and BIMCO guidelines.
Cruise & Passenger Ships

Protecting passenger-facing networks, navigation and bridge systems, and safety-critical OT across high-occupancy vessels.

Ports & Shoreside
Securing port OT, cargo handling, and access control where shipboard systems converge with shoreside, customs, and logistics networks.

Standards we map vessels and ports against

We design safe, secure the vessel, and sustain readiness through network segmentation, penetration testing, and redundant operations — all mapped to the standards that matter. Each customer below operates under a different mission and regulatory regime, so we tailor the approach rather than apply a template. What stays constant is the goal: systems that keep operating safely even under attack.

IMO & Class
IMO MSC.428(98) and MSC-FAL.1/Circ.3, the ISM Code, and BIMCO Guidelines on Cyber Security Onboard Ships.
U.S. Regulatory
USCG NVIC 01-20 for MTSA-regulated facilities and the National Maritime Cybersecurity Plan, aligned to the NIST CSF.
OT & Technical
IEC 62443, IEC 61162-460 for navigation and radio equipment, and the ISO/IEC 27000 family.
RELATED INSIGHTS

Maritime cyber assurance — go deeper

White Paper
Maritime Cyber Assurance — securing shipboard and shoreside IT/OT, aligned to IMO and USCG requirements

Bring naval-grade OT security to your fleet

SEMAIS pairs maritime IT/OT assurance with deep Navy combat-systems experience.
Contact SEMAIS
Scroll to Top