1. Stephen McCombie (NHL Stenden): Real-world Threats and Ship Honeynets

Stephen McCombie leads the Maritime IT Security Research Group at NHL Stenden. He opened with a sober picture of the sector. Many fleets are old, equipment is poorly maintained, and the level of cyber maturity is low.

He then walked us through real incidents. He started with the 2017 NotPetya attack that crippled Maersk, and moved on to modern GPS spoofing and jamming cases. To track this growing threat, his team built the Maritime Cyber Attack Database (MCAD). It is an open dataset that logs publicly known maritime cyber incidents and is free to use for research and policy.

The highlight of his talk was the Ship Honeynet project. The idea is to deploy decoy maritime systems, such as fake VSAT terminals, to attract and study real attackers. The team then feeds this threat intelligence into realistic incident simulations. Crews and executives use these simulations to practice how they respond when something goes wrong.

2. Yves Van Seters (Antwerp Maritime Academy): the Interconnected Maritime Ecosystem

Yves Van Seters widened the lens to the bigger picture. He drew a clear line between two ideas that people often mix up. Maritime safety is about protection from accidents. Maritime security is about protection from intentional harm, such as hacking or terrorism.

He explained that the maritime sector is now one of the most targeted industries in Europe. OT incidents and ransomware attacks are both rising. He also pointed to a clear regulatory gap. The industry is highly connected, but individual vessels are exempt from the NIS2 directive. That gap leaves ships as the weakest link in the transport system, because there are no explicit rules for them.

His answer is to build a cyber-safe maritime culture. The Antwerp Maritime Academy works on research and on world-class human-cyber competence training to close the gap between people and technology.

3. Daniel Du Seuil (Blue Cluster): Protecting Critical Maritime Infrastructure

Daniel Du Seuil brought a strategic and industrial view from the Blue Cluster. His focus was Critical Maritime Infrastructure Protection (CMIP). This means protecting offshore energy, communications, and shipping, because all three are vital to the economy and to national defence.

He explained that this is now a national priority. Under the Flemish Innovation and Industrial Strategy for Security and Defence (VISD), millions are being invested to strengthen industrial defence capabilities.

He also shared the roadmap for a "Made in Belgium" defence ecosystem. The plan is to work across academia, government, and industry on innovations in permanent situational awareness, underwater detection, and digital cyber resilience. For companies and research groups, he framed this as a live opportunity, with early access to strategic priorities and a direct route into national and European projects.

4. Johan Galle (Howest Cyber3Lab): Education and OT Assessments

Johan Galle closed the afternoon by showing how Howest helps to close the cybersecurity skills gap. He described the full education path, from the Bachelor in Cybersecurity to Lifelong Learning programmes such as the "Masterclass in Industrial Security". That masterclass teaches professionals how to secure industrial control systems and how to work with industrial protocols.

He also stressed why OT cybersecurity assessments matter right now. IT and OT systems are converging, communication protocols are being standardised, and NIS2 asks for continuous asset monitoring. Together, this means that organisations can no longer leave their OT networks unwatched. Howest supports this shift through research, services, and hands-on lab environments such as the CyberRange.