News and events archive

From oceangoing watchkeeping officer to researcher working to secure the future of autonomous ships, Muhammed Erbas combines hands-on maritime experience with advanced expertise in AI and cybersecurity. He is currently a PhD candidate at Tallinn University of Technology (TalTech) and a member of the MariCybERA Maritime Cybersecurity Research Group, where his research focuses on threat modeling, cyber-resilience, and risk assessment for next-generation maritime systems. In November 2025, he co-developed a maritime-focused cybersecurity exercise at the Faculty of Informatics, MU, as part of his Cyber-security Excellence Hub in Estonia and South Moravia (CHESS) project fellowship. 

We spoke with him about his interdisciplinary career path, the cybersecurity challenges of autonomous shipping, and how young professionals should prepare for securing complex, real-world cyber-physical systems.

(The cover photo: from left to right - Daniel Volf, Sandesh Kafle, and Muhammed Erbas at FI MU)

Autonomous ships sound futuristic. What can an autonomous ship decide on its own?
An autonomous ship can already support or automate many functions, including route planning under constraints (weather, traffic, safety margins), collision-avoidance manoeuvres based on COLREGs (International Regulations for Preventing Collisions at Sea), speed and power management for fuel efficiency, and increasingly the monitoring of onboard equipment through sensors and analytics. In practice, “autonomy” is usually a spectrum from decision support or supervised autonomy to higher levels where systems act with minimal human input.

Does this increase the need for cybersecurity?

Yes, it does. As you reduce direct human control and rely more on software, sensors, and connectivity, the attack surface expands. If an attacker manipulates navigation inputs, sensor data, or control logic, the ship can make the “wrong but plausible” decision. Cybersecurity becomes a safety issue, not just an IT issue.

Before becoming a researcher, you worked as an Oceangoing Watchkeeping Officer. What responsibilities did you have?

As a watchkeeping officer, my core responsibility was safe navigation and maintaining situational awareness on the bridge during my watch. That includes monitoring traffic and hazards, applying COLREGs, coordinating with the master and crew when conditions change, and ensuring accurate use of navigation systems and procedures. It also involves communication, route execution and adjustments, and maintaining bridge records. In short, these are decisions that directly affect safety, efficiency, and compliance on every watch.

You studied Maritime Transportation and Management Engineering before moving into AI and cybersecurity. What sparked your interest in transitioning from ship operations to high-tech research?

Working at sea makes you appreciate how dependent modern operations are on digital systems. You see firsthand how maritime navigation technologies, such as AIS (Automatic Identification System), GNSS (Global Navigation Satellite System), ECDIS (Electronic Chart Display and Information System), integrated bridge systems, and ship networks shape decision making. Over time I became more interested in the hidden layer, how these systems can fail, be misconfigured, or be manipulated, and how that affects safety and trust.

The transition to AI and cybersecurity happened naturally because I wanted to understand and reduce those risks systematically, not just operationally. Research allows me to turn experience into methods, models, and evidence that can scale beyond one ship or one voyage.

You work on cyber threats across both operational technology and information technology (OT/IT) environments in the maritime domain. How did your real-world experience at sea shape the way you now think about cybersecurity risks? 

Sea experience makes you think in terms of consequences, not buzzwords. A small digital issue becomes operational very quickly, leading to delays, unsafe decisions, loss of visibility, confusion in coordination, or incorrect reporting. It also makes you aware of constraints. Crews work under time pressure, interfaces are complex, and “just patch it” is not always realistic when systems are safety-critical and certification-limited.

Why should we care about the cybersecurity of ships and ports? What’s a cyber risk that most people don’t expect?

We care because maritime systems underpin trade, energy supply, and critical infrastructure. Ships and ports are cyber-physical systems, so cyber incidents can disrupt logistics, cause safety hazards, and create economic ripple effects.

A cyber risk many people don’t expect is data-level manipulation rather than “taking over” a system. You don’t always need a dramatic shutdown. If you can subtly distort sensor inputs or messages (for example navigation-related data), you can push operators or automated logic toward wrong decisions while everything still looks “normal.”

You’re part of MariCybERA at TalTech in Estonia. What current research in the group excites you the most?

What excites me most is work that combines real operational constraints with structured methods, including threat modeling for maritime OT/IT, cyber-resilience concepts tied to safety, and practical ways to generate evidence through exercises, datasets, and reproducible experimentation. I also find the intersection of autonomy and cybersecurity particularly important, especially how to reason about risk when decision-making is shared between humans and algorithms.

In your view, what makes Estonia a strong environment for this type of research?

Estonia has a strong digital governance culture and a cybersecurity-focused ecosystem, so there’s a natural alignment between national capability and research priorities. At TalTech, I also benefit from the combination of maritime expertise (through the Estonian Maritime Academy) and deep IT competence. That cross-disciplinary setup is not common, and it matters a lot for cyber-physical domains like shipping. 

You have completed a 2-week CHESS Cyber-Security Excellence Hub fellowship at the Faculty of Informatics, Masaryk University. Together with Jan Vykopal, Sandesh Kafle, and Daniel Volf from FI MU, you designed and executed a full digital tabletop scenario focused on shipboard cyber incidents for Czech and Estonian students. What real-world skills did the participants get to practice? 

The participants practiced skills that closely reflect real-world cyber incident handling in complex operational environments. They worked with realistic maritime data such as AIS messages, GNSS anomalies, and system logs to assess situations under uncertainty, coordinated within teams through role division and shared interpretation, and applied structured reasoning to identify attacker intent, plausible attack paths, and operational impact. They were required to make decisions under time pressure with incomplete information and to document incidents by producing clear, defensible conclusions and recommendations. Crucially, the exercise went beyond “solving puzzles” and focused on the full analytical process of transforming raw technical signals into actionable operational decisions.

Photo: running cyber-security exercise at FI MU

Have you noticed any differences in running the exercise in Czechia and in Estonia?

Yes. The in-person delivery in Czechia supported fast discussion, quick clarifications, and dynamic collaboration, where teams could instantly align and challenge each other verbally. The online delivery in Estonia tended to be more structured, with more explicit turn-taking, more organized screen-sharing workflows, and a clearer separation between analysis and reporting.

Both formats worked well, but they produced different collaboration patterns and pacing. Importantly, running the exercise in both settings was also intentional, as it allowed us to collect comparable data and focus on a joint journal publication that analyzes the exercise design and delivery across institutions.

What were the biggest challenges in designing such an exercise?

The hardest part is balancing realism with learnability. Maritime incidents involve messy data and ambiguity, but students need a path to reason through it without getting lost. Another challenge is designing injects so that they gradually increase complexity without accidentally “giving away” the answer. Finally, instrumentation matters. If you want research value, you must design the exercise so that decisions, timing, and outputs can be captured consistently for later analysis.

The exercise should now become part of the INJECT platform, an open-source exercise environment run by Masaryk University. What opportunities does it bring to students and researchers who want to access it? 

Making it available through INJECT means it becomes reproducible and reusable. Students can experience a realistic maritime cyber scenario without needing a ship simulator or specialized lab. Instructors can deliver it in different modes (in-person/online), compare cohorts, and adapt difficulty.

For researchers, the key opportunity is data. Standardized logs and structured outputs enable comparative studies on teamwork, decision strategies, learning outcomes, and how different facilitation methods influence performance.

FI MU offers a Bachelor’s degree in Cybersecurity, with relevant follow-up study options. What advice do you have for high-school students considering cybersecurity? What everyday skills or habits can they start developing today to prepare for studying this field later?

My main advice is to focus on building strong fundamentals. Cybersecurity is not just about hacking tools; it rewards people who understand how systems actually work. Even at high-school level, students can start preparing in simple, practical ways. Getting familiar with basic Linux commands, how computer networks function, and how the web works provides a solid foundation. Learning to break down a big, messy problem into smaller, manageable steps is an extremely valuable habit.

Clear communication also matters, being able to explain what happened and why is just as important as finding the technical issue. I also encourage ethical curiosity: trying beginner labs, online challenges, or capture-the-flag exercises, while always respecting legal and ethical boundaries. Whenever possible, students should also attend or observe seminars, workshops, or public talks to see how cybersecurity is discussed and practiced in real-world settings.

Finally, cybersecurity is a team effort, so developing collaboration and teamwork skills early on is just as important as technical knowledge.

Looking back, what moment or experience convinced you that research, not industry practice, was the right direction for you? 

It was the realization that many operational risks are systemic rather than isolated. Onboard a ship, you can manage and mitigate issues locally, but the bigger questions involve understanding how risks can be modeled, how people can be trained effectively, and how resilient systems for autonomy should be designed. Addressing these questions requires structured investigation and solid evidence. Research allows me to turn practical operational experience into methods and tools that can be reused, tested, and validated beyond a single ship or situation.

Where do you see yourself in future?

I want to stay at the intersection of maritime operations, cybersecurity, and autonomy in a role where I can both conduct applied research and help translate results into practice through training, practical tools, and close collaboration with industry and regulators. I am also interested in contributing to or building a startup company that can help bring research outcomes into real operational use in Estionia. At the same time, I want to continue research in areas where many people believe practical autonomy at sea is still far away. I see strong value in working on these challenges now so that maritime autonomy develops in a safer, more realistic, and more trustworthy way rather than being delayed by uncertainty or unaddressed risks.

Thank you very much for your answers and we look forward to welcoming you again at FI MU in the future.

Author: Marta Vrlová, Office for External Relations and Partnerships at FI MU

Photos: Muhammed Erbas’ archive