Hello! I’m currently writing from my newly designated workstation aboard the R/V Sikuliaq, docked at the University of Hawaiʻi Marine Center in Honolulu, Hawaiʻi. We are scheduled to get underway later this evening. The Sikuliaq, operated by the University of Alaska Fairbanks, is a 261-foot ice-capable research vessel, and our current expedition—SEACURE-IT—is focused on advancing cybersecurity practices in maritime environments.

Our mission centers on understanding and strengthening shipboard cybersecurity infrastructure. Today’s focus was building a simulated research vessel network using Fortinet hardware, including a FortiGate next-generation firewall and a FortiSwitch managed switch. Each virtual vessel was named after a Star Trek captain, and I’m pleased to report that the R/V Christopher Pike is now fully operational.

To bring the system online, we began by installing the firewall and switch hardware, gaining access through the serial console port. From there, we configured a VLAN (Virtual Local Area Network) and assigned appropriate switch ports. After establishing basic connectivity, we implemented firewall rules to enable WAN access for the VLAN while maintaining strict segmentation between networks.

One of the critical lessons in maritime cybersecurity is the need to separate Information Technology (IT) systems from Operational Technology (OT). Onboard vessels, OT systems (such as industrial controllers managing propulsion, navigation, and critical mechanical systems) are sometimes based on legacy architectures and lack modern security hardening. Allowing these to share a network with IT systems—or worse, exposing them to the internet—creates serious vulnerabilities. Our firewall policy design reflects this reality, ensuring the IT and OT VLANs remain isolated. It is also best practice to separate these networks so that everyday users do not accidentally interfere with critical operations.

After confirming secure internet access on the IT VLAN, we deployed a lightweight Ubuntu virtual machine using the Proxmox hypervisor. While running on limited hardware, the system performs well thanks to the efficiency of Ubuntu, enabling us to simulate key cybersecurity operations within our constrained environment.

To put our network control to the test, I implemented a multi-layered blocking policy targeting a known security concern: TikTok. Using FortiGate’s Application Control, DNS Filtering, and Web Filtering capabilities, I successfully restricted access to TikTok domains and traffic patterns. As a result, no devices on our network can currently access the platform—a practical example of layered defense and policy enforcement in a live environment.

This experience has already been invaluable. I’m gaining exposure not only to enterprise-grade network security tools, but also to the nuances of securing mission-critical systems aboard research vessels.