Maritime · Industrial · Defense

Maritime and Industrial Cybersecurity, Assessed On Site

Primis Global evaluates the systems, facilities, people, and procedures that protect maritime and industrial operations. We conduct onsite cybersecurity and cyber physical security assessments for vessels, ports, terminals, shipyards, manufacturers, and defense sector operators.

From physical access and ship to shore communications to operational technology and regulatory documentation, we examine how security actually works in the field.

The Core Problem

Maritime Security Does Not Stop at the Network

Most organizations separate cybersecurity, physical security, vessel operations, information technology, and operational technology into different departments. The threat environment does not respect those boundaries.

A vessel or maritime facility may have strong firewalls and still be exposed through:

  • Uncontrolled vendor access
  • Unmanaged laptops
  • Removable media
  • Shared credentials
  • Poorly protected communications cabinets
  • Flat IT and OT networks
  • Weak ship to shore connections
  • Inadequate access controls
  • Monitoring systems with no defined response process

Primis Global evaluates the full operating environment rather than treating each control as an isolated compliance item. The objective is not to produce another report. The objective is to identify where operations are exposed and provide a practical path to correct it.

Scope

One Assessment Across the Full Security Environment

01

Vessel and Facility Cybersecurity

Review vessel, terminal, port, shipyard, and shore based systems for security weaknesses, operational dependencies, and regulatory gaps.

02

Operational Technology Security

Evaluate industrial control systems, PLCs, HMIs, engineering workstations, machinery controls, monitoring systems, and other safety critical technology.

03

Ship to Shore Connectivity

Review satellite, cellular, wireless, VPN, cloud, vendor, and shore office connections that extend the security perimeter beyond the hull.

04

Physical Access and Monitoring

Evaluate gangway access, restricted spaces, communications rooms, equipment cabinets, surveillance systems, visitor procedures, contractor access, and security escalation.

05

Identity and Remote Access

Assess user accounts, privileged access, multifactor authentication, shared credentials, vendor access, remote maintenance, and termination procedures.

06

Incident Response and Recovery

Review how the organization detects, escalates, contains, and recovers from cyber events without creating additional operational or safety risk.

Method

The Work Begins Where the Operations Are

1

Pre-Assessment Review

Primis Global reviews available plans, network diagrams, asset inventories, security procedures, incident plans, vendor relationships, and regulatory requirements.

2

Onsite Operational Assessment

The assessment includes interviews, physical inspection, network and system review, access control validation, documentation comparison, and observation of actual operating practices.

3

Findings and Risk Prioritization

Findings are organized so that management can act on them in order.

  • Operational consequence
  • Safety impact
  • Exploitability
  • Regulatory exposure
  • Cost and complexity
  • Immediate vs long term
4

Remediation Roadmap

Management receives a prioritized corrective action plan identifying what should be fixed first, who should own the work, and what evidence should be retained.

5

Validation

Primis Global can return after remediation to determine whether corrective actions were implemented and whether the original risk has been reduced.

Primis Global does not perform checkbox assessments by video call when the systems, people, and operating conditions need to be examined in person.

Deliverables

What the Client Receives

  • Executive risk summary
  • Cybersecurity assessment report
  • Critical IT and OT asset inventory
  • Network and system boundary diagrams
  • Physical access and restricted area findings
  • Ship to shore data flow analysis
  • Vendor and remote access review
  • Regulatory gap analysis
  • Prioritized remediation roadmap
  • Corrective action tracker
  • Incident response recommendations
  • Follow up validation report

Reports are written for both management and technical personnel. Executives receive a clear explanation of business and operational risk, while implementation teams receive specific corrective actions.

Standards

Standards Applied to the Operating Environment

Primis Global works with the requirements and guidance that govern each environment, including:

  • United States Coast Guard maritime cybersecurity regulations
  • 33 CFR maritime security requirements
  • IMO maritime cyber risk management guidance
  • ISM and ISPS security principles
  • NIST Cybersecurity Framework
  • NIST SP 800-82 for operational technology
  • ISA and IEC 62443 industrial cybersecurity principles
  • NIST SP 800-171 and CMMC where defense information is present
  • IACS ship and onboard equipment cyber resilience requirements

The applicable requirements depend on the vessel, facility, contract, flag, operating environment, and information handled. Primis Global determines the relevant obligations before applying a framework.

Sectors

Maritime and Industrial Environments

Maritime

  • Vessel operators
  • Tug and towing companies
  • Passenger vessel operators
  • Ferries
  • Terminals
  • Port facilities
  • Shipyards
  • Vessel management companies
  • Offshore support operations
  • Maritime logistics companies

Industrial and Defense

  • Aerospace manufacturers
  • Defense suppliers
  • CNC and machining operations
  • Industrial manufacturers
  • Warehousing and logistics
  • Connected machinery operators
  • Government information contractors

Primis Global focuses on environments where a cybersecurity failure can interrupt operations, expose protected information, damage equipment, or create a physical safety consequence.

Background

Security Experience Across Physical, Technical, and Operational Environments

David Koran, founder of Primis Global
David Koran Founder, Primis Global

Primis Global is led by David Koran, a technology and security professional with more than 30 years of experience in networking, Linux systems, software, manufacturing technology, and cybersecurity compliance.

This combination supports a different kind of assessment. Primis Global examines the relationship between personnel, facilities, networks, operational systems, documentation, and management responsibility. Security weaknesses often exist between those areas rather than entirely within one of them.

Primis Global is expanding its industrial control system and operational technology practice through advanced ICS and SCADA security training and preparation for the GIAC Global Industrial Cyber Security Professional certification.

Relevant Background

  • United States Marine Corps, Marine Security Force
  • Operated a commercial security company in the Philippines
  • Maritime training and a current Transportation Worker Identification Credential
  • Onsite CMMC and NIST cybersecurity assessments
  • Manufacturing and industrial system experience
  • Network architecture, Linux, remote access, and systems integration
  • Work with aerospace and defense sector organizations

Remediation

Findings Without Remediation Are Not a Security Program

Primis Global does not stop at identifying weaknesses. We help clients convert findings into an executable remediation program. Support may include:

Network segmentation design
Remote access controls
Account and privilege restructuring
Vendor access procedures
Removable media controls
Monitoring and logging requirements
Asset inventory development
Policy and procedure development
Incident response planning
Backup and recovery planning
Management responsibility assignments
Evidence and documentation requirements
On Independence Primis Global may advise on remediation or perform an independent assessment. Where independence is required, those roles are separated.

Engagement

Request an Onsite Assessment

Primis Global works with organizations that need an independent review of their maritime, industrial, or defense sector security environment. Initial discussions identify:

  • Type of vessel or facility
  • Operating locations
  • Regulatory or contractual requirements
  • Number of sites or vessels
  • Known cybersecurity concerns
  • Desired timeline
  • Whether the engagement involves assessment, remediation, or validation