LATEST NEWS

Are you safe with Internet Connected Systems from Cyber-Attack?

Cyber-Attack Protection Level When Internet Connected

Safiery's STARSHIP

Cyber Security Compliant

Can take full on attacks

Can be Internet Connected with no threat from a cyber-attack.

Vessel's NMEA

No Cyber Security Compliance

Recommendation is to isolate from Internet connected network or install a third party compliant Cyber Blocker

CZONE System

No Cyber Security Compliance

Recommendation is to isolate from Internet connected network or install a third party compliant Cyber Blocker

Victron Energy System

No Cyber Security Compliance

Recommendation is to isolate from Internet connected network or install a third party compliant Cyber Blocker

Complaint to the Security standards of these trusted brands Apple Google Amazon Samsung
These trusted brands insist on Cryptographic Compliance to Cyber Security Standards for direct control.

Cameras are a hidden reason for being Cyber Security Compliant

  • 100% Privacy: No separate cloud, no registration, no tracking. Local communication without cloud dependency. 
  • Matter-enabled to let you seamlessly monitor your cyber secure cameras across smartphones and voice assistants of all major platforms. Cutting-edge network technology for a robust system. 

What Makes Safiery's STARSHIP Cyber-Attack Proof?

Security Certifications

STARSHIP adheres to these compliance standards:

  • ISO 27001 for information security management.
  • Compliance to the NIST cybersecurity framework for encryption and secure communications.
  • CSA STAR certification (Cloud Security Alliance), which certifies the security of IoT ecosystems.
For Security Reasons QR code partially blocked.

The QR code on every STARSHIP controller is unique.

Safiery has to place a unique key inside the firmware that exactly matches the link from the QR code. 

  • When joined to the network, the QR code verifies through blockchain cryptography that the devices firmware matches and is valid.
  • Included at the same time are any automatic updates in firmware using Over the Air from the smartphone.
  • Once scanned, matched and used, that QR code cannot be used again in any way.

Security Compliant Features of STARSHIP.

  1. Encryption
    • STARSHIP uses end-to-end encryption (E2EE) for WiFi communication between devices. This ensures that data transmitted over the network cannot be intercepted or tampered with.
  2. Device Authentication
    • Devices must go through a secure onboarding process using the Matter Fabric, which ensures only authorized devices can join the network.
    • STARSHIP employs cryptographic authentication to validate device identity, reducing the risk of unauthorized devices infiltrating the network.
  3. Certificate-Based Security
    • Each STARSHIP device uses PKI-based (Public Key Infrastructure) certificates issued by a trusted Certificate Authority (CA). This ensures secure communication and identity verification.
  4. Secure Boot and Software Updates
    • STARSHIP Devices support secure boot to ensure only authorized firmware is executed.
    • Firmware updates are cryptographically signed to verify authenticity, ensuring devices remain secure against vulnerabilities.
  5. Zero-Trust Architecture
    • STARSHIP employs a Zero-Trust model, meaning every device interaction is authenticated and authorized, regardless of its location on the network.
  6. Resilience Against Replay and Injection Attacks
    • STARSHIP uses mechanisms like nonce-based cryptography and session keys to prevent replay and injection attacks, which are common in IoT systems.
  7. Interoperability Without Compromising Security
    • STARSHIP has seamless interoperability between devices from various manufacturers. However, it ensures that the security architecture is not compromised in multi-vendor environments.

Security Compliance of SAFIERY as a company.

Safiery must comply and/or hold these certificates for STARSHIP:

  1. Root Trust Certificate:
    • Safiery holds a trust certificate from a recognized entity or a trusted PKI (Public Key Infrastructure) system. This ensures that devices certified under Safiery’s Product Attestation Authority (PAA) are trusted by other compliant devices.
    • A trust certificate for the PAA acts as the root of trust, enabling:
      • Validation of device identity during onboarding.
      • Cryptographic proof that devices under the PAA are certified and secure.
      • Integration of Safiery’s devices into the compliant ecosystem with full interoperability with Apple, Google, Amazon and Samsung.
  2. Compliance with Cryptographic Standards:
    • Safiery must have strict compliance with cryptographic standards:
      • X.509 certificates.
      • Secure key storage and management.
  3. Secure Infrastructure:
    • Safiery must have a secure key management infrastructure to generate and store cryptographic keys used for issuing Product Attestation Authority credentials. This includes Hardware Security Modules (HSMs) or equivalent systems.

Compliance is Verified by an Independent Testing Laboratory.

An Independent Testing Laboratory (ITL) plays a critical role in the certification process, ensuring that devices meet the stringent technical and security requirements defined by the Connectivity Standards Alliance for interoperability, security, and reliability. Here's an explanation of their role. Apple, Google, Amazon and Samsung are members of the Alliance and demand this level of independent testing.


STARSHIP is tested by an Independent Testing Authority based in Europe.

How to Mitigate Cyber Threat in a non-compliant system.

Secure Network Design

  • Use a firewall to segregate the Starlink internet connection from the NMEA 2000 network.
  • Implement virtual LANs (VLANs) to isolate critical systems from external networks.

Encryption and Authentication

  • Ensure that all communications between Starlink and connected systems use strong encryption protocols (e.g., TLS).
  • Deploy multi-factor authentication (MFA) for remote access to the system.

Firmware and Software Updates

  • Regularly update the firmware of Starlink terminals and NMEA 2000 devices to patch known vulnerabilities.
  • Monitor updates from vendors to stay current with security recommendations.

Access Controls

  • Limit access to the NMEA 2000 network by enforcing user roles and permissions.
  • Restrict remote access to trusted devices and users.

Intrusion Detection Systems

  • Use intrusion detection and monitoring tools to identify suspicious activity on the network.
  • Set up alerts for unusual traffic patterns or unauthorized access attempts.

Segmentation of Critical Systems

  • Isolate safety-critical NMEA 2000 components (e.g., steering, navigation) from non-critical systems like entertainment or internet-connected devices.

Physical Security

  • Protect physical access to Starlink terminals and NMEA 2000 hardware to prevent tampering.

Related Posts