MARITIME & PORTS
OT Security for Maritime Infrastructure
Discover internet-exposed OT systems across port facilities, vessel management, and maritime logistics infrastructure.
Threat Landscape
Maritime infrastructure is a growing target for nation-state and criminal cyber operations. Port facilities, cargo handling systems, and vessel management networks increasingly rely on internet-connected OT systems—creating attack surface that traditional maritime security overlooks.
The convergence of IT and OT in port environments means that crane control systems, terminal operating systems, and navigation aids may share network paths with corporate IT infrastructure. A single misconfigured gateway can expose critical port OT systems to the internet.
ShiftSix maps the external OT exposure of maritime organizations, identifying internet-reachable industrial systems from the adversary’s perspective.
Relevant OT Protocols
Modbus/TCP
Used in port crane control systems, fuel management, and facility automation. Exposed Modbus endpoints at ports represent direct paths to cargo-handling infrastructure.
BACnet
Port terminal buildings and climate-controlled storage facilities use BACnet for building management. Exposed BACnet devices can reveal facility operations and allow unauthorized control.
OPC UA
Increasingly used for data exchange between port operational technology systems. Exposed OPC UA servers can provide read/write access to terminal operating system data.
Compliance Requirements
Maritime operators must meet cybersecurity requirements from multiple regulatory bodies:
- IMO Maritime Cyber Risk Management — Guidelines requiring cyber risk assessment for vessel and port OT systems
- NIST CSF 2.0 — Framework adopted by major port authorities for cybersecurity program alignment
- USCG Cyber Strategy — U.S. Coast Guard requirements for facility security plans including cyber risk
- NIS2 Directive — EU classification of ports as essential entities with mandatory cybersecurity measures
Customer Story
Port Authority
Challenge
A mid-sized port authority operating multiple cargo terminals had no OT-specific asset inventory for internet-facing systems.
Discovery
ShiftSix identified exposed Modbus endpoints on crane control networks and BACnet devices in terminal buildings—all reachable from the public internet through vendor remote access connections.
Results
The port authority discovered that 4 vendor remote access connections had default configurations allowing internet-to-OT paths.
Outcome
Vendor access controls reconfigured and continuous external monitoring established.
See Your OT Exposure
See What Attackers See
Get a free external exposure assessment of your organization’s OT attack surface.
See What Attackers See
Get a free external exposure assessment of your organization’s OT attack surface.