Specialist cyber incident response for vessels under attack: ransomware, ECDIS / RADAR compromise, OT disruption, USB-borne malware, AIS / GNSS spoofing and supply-chain compromise. Codesecure deploys remote and on-board response by named maritime cyber consultants with master / ETO / shore coordination.
Cyber incident response for vessels is a specialist discipline. Unlike land-based IR, vessel IR must contend with limited satellite bandwidth, hours-to-days transit time to reach the ship, the master's overriding authority on safety and navigation, OT systems that cannot be aggressively touched, and the operational reality that you cannot just "shut everything off" on a vessel underway.
Codesecure provides vessel IR as a hybrid remote + on-board service. Initial triage and containment guidance starts within an hour via secure shore-link. Forensic evidence collection and deep-dive analysis are coordinated remotely with the master, chief engineer and ETO. Where on-board presence is required (deep forensics, evidence chain of custody, full system rebuild), our maritime IR consultant boards the vessel at the next port call or via launch where time-critical.
Vessel incidents are not theoretical. Public reports include ransomware shutting down shipping company operations, ECDIS rendered unusable mid-voyage by malware, port operations paralysed by attacks, AIS and GNSS spoofing campaigns, and BEC scams diverting bunker payments. Each of these has direct safety, environmental and commercial impact, and each is responded to differently from a typical IT-only incident.
Maritime IR is also increasingly required by SMS and class-society programmes. IMO MSC.428(98) expects response procedures in vessel SMS. IACS UR E26 / E27 expect documented incident response capability. P&I clubs and cyber insurance policies typically require a named IR provider relationship before claim coverage applies. A pre-arranged maritime IR retainer satisfies all of these.
Codesecure's vessel IR programme covers initial response, deep IR and post-incident recovery:
45-minute call with our maritime IR lead. Bring your current IR capability, fleet exposure and insurance policy requirements, leave with a phased readiness plan. Instant response, no delay.
Book Free Strategy CallEvery Vessel IR engagement follows a 5-phase methodology aligned with IMO and IACS guidance:
Scoping call, NDA, IR retainer agreement, contact path documentation, fleet risk profile, tabletop exercise.
Incident notification triggers triage call within one hour. Master / ETO contacted. Initial containment guidance issued.
Forensic guidance for master / ETO to capture evidence under shore-side direction. OT vendor coordination as needed.
Named consultant boards vessel at next port call or via launch for deep IR, evidence chain of custody, system rebuild.
Class-society-aligned incident report, lessons learned, control gap remediation, SMS update.
Every Vessel IR engagement ships with the same operational handoff:
IR retainer onboarding completes in 1-2 weeks. On activation, triage within an hour, on-board phase within 48-72h. Instant response, no delay, kickoff scheduled same or next business day after scoping.
Scoping, retainer agreement, contact path documentation, fleet risk profile.
Tabletop exercise with master / ETO / shore team. Playbooks aligned to fleet.
1-hour triage. On-board phase within 48-72h. Post-incident report within 30 days.
// Frameworks & Standards We Cover
30-minute call with our maritime IR lead. Discuss your fleet, insurance requirements and current IR readiness with no sales pressure.
Schedule Free CallInitial triage call within one hour of notification, any hour of day, any day of year, for retainer customers. Containment guidance for master / ETO follows immediately. Remote forensic guidance starts the same shift. On-board consultant within 48-72 hours where on-board IR is required, sometimes faster if a port call coincides.
We respond to ad-hoc maritime IR incidents, but a retainer is strongly recommended for several reasons: insurance policies typically require a pre-arranged IR provider relationship for claim coverage, response is significantly faster with documented contact paths and pre-arranged playbooks, and tabletop-exercised teams perform measurably better than cold teams during real incidents.
Retainer pricing varies by fleet size, vessel type, response SLA and included tabletop / drill cadence. We provide a fixed-fee scoped proposal within 24-48 hours of scoping. On-incident response is typically billed on top of retainer at agreed day-rates with capped on-board engagement scope.
Yes, within reason. We coordinate with the operator on visa, BTL / clearance, port logistics and travel time. For high-time-criticality incidents we deploy from the nearest available consultant region. Our consultants have travelled to Indian, South-east Asian, Middle Eastern, European and Australian ports for vessel IR engagements.
Yes. AIS and GNSS spoofing investigation includes evidence preservation, comparison against expected position vs reported position, review of AIS class B vs class A traffic patterns, GNSS receiver log analysis, and coordination with shipping operations and authorities where appropriate.
Our retainer setup includes documented coordination paths with your class society (IRS, DNV, BV, LR, ABS) and Flag administration. During incidents we coordinate with class on incident reporting, with Flag on safety notifications, and with P&I club on insurance and recovery aspects.
Yes. Post-incident reports are aligned to IMO MSC.428(98), IACS UR E26 / E27 and BIMCO Cyber Guidelines. They are accepted as audit evidence for vessel SMS verification, class-society cyber audits, and TMSA 3 vetting submissions.
Codesecure delivers vessel IR with 1-hour triage, on-board response and class-society-aligned reporting. Free 30-minute readiness review, instant response, no obligation.
Get a Free Strategy Call See All Maritime Services
