Part of the IDENTIFY Playbook ← Return to Hub

Marine Protocol Guides

Requirement: To enforce Conduits (Step 03), you must first understand the “Language” of the assets. This module maps common maritime protocols (NMEA, Modbus, J1939) to their technical ports.

Marine OT environments are a hybrid of standard Ethernet traffic and specialized industrial serial protocols. Identifying these data flows is critical for creating accurate firewall Access Control Lists (ACLs).

NMEA 0183/2000 MODBUS TCP/RTU IEC 61162

1. Common Vessel Protocols

Navigation (Bridge)

Dominated by NMEA 0183 (Serial) and NMEA 2000 (CAN bus). These are often bridged to Ethernet via Gateways.

Machinery (Engine)

Commonly uses Modbus TCP (Port 502) or J1939. These protocols lack built-in encryption.

2. Port & Service Mapping

Protocol Standard Port Security Risk
Modbus TCP502No Auth; vulnerable to injection.
NMEA over IP10110 (Typical)Cleartext data; GPS spoofing risk.
Siemens S7102Proprietary; requires DPI.

Next Security Phase

OT Traffic Baselining Procedures

OT Traffic Baselining Procedures Objective: Capture the "Normal" state of communication to create a blueprint for Firewall Rules (Conduits). This satisfies the IACS UR E26 requirement for verifying network traffic flows. 1. The 72-Hour Observation Wi...

Continue to OT Traffic Baselining Procedures →
Scroll to Top