Cybersecurity in Autonomous Maritime Systems: Seafar Case Study

The maritime industry is rapidly evolving through remote operations, autonomous systems, and increasingly connected vessel technologies. While these innovations unlock new efficiencies, they also expand the cyber threat surface across onboard systems and onshore control environments.

Seafar is at the forefront of this transformation. The company develops and operates solutions that enable vessels to be monitored and controlled from onshore control centers, relying on interconnected systems such as communication networks, navigation technologies, and remote control platforms. In this context, cybersecurity is critical to ensuring safe and resilient operations.

A key challenge in such emerging environments is the lack of a clear, standardized definition of cybersecurity requirements. While regulatory authorities expect organizations to demonstrate cyber resilience, they often do not specify what “secure” entails in practice. For pioneering companies like Seafar, this means defining and implementing appropriate cybersecurity standards themselves.

To address this, Seafar conducted a structured cybersecurity assessment in collaboration with Bureau Veritas Cybersecurity. Working closely with Zia Nassir, Chief Technology & Operations Officer, the objective was to establish a clear, risk-based view of Seafar’s cybersecurity posture, aligned with operational realities and evolving regulatory expectations.

The engagement started with a risk assessment based on ISO/IEC 27005, providing a structured methodology to identify, analyze, and evaluate risks across systems, assets, and processes. Aligned with ISO/IEC 27001, this enabled the identification of organization-wide risks and the definition of governance and control measures at a company level.

In parallel, threat modelling was conducted on key systems and operational scenarios specific to remote and autonomous vessel operations. This technical analysis examined Seafar’s architecture to identify threat actors, potential attack paths, and vulnerabilities, particularly those related to connectivity and remote control, where unauthorized access could directly impact vessel operations.

Together, these activities provided both a strategic and technical perspective, combining structured, organization-wide risk management with system-level threat analysis. This approach supported alignment with regulatory expectations while embedding cybersecurity into the design and operation of connected, autonomous maritime systems.