Ocean watch for connected aquaculture
Drop-in cyber readiness for connected fish farms
Havvakt maps your OT/IoT exposure, turns it into board-ready compliance evidence, and shows what to fix first. No enterprise rollout. No guesswork.
Built in Tromsø · NSM-aligned · Aquaculture OT/IoT · Digital Security Act / NIS2 readiness
- Oxygen monitoringMQTT
- Feeding controllerModbus
- Sea-lice dosingOPC-UA
- Water-flow controlModbus
Right-sized by design
Not every farm needs enterprise cyber
The big OT vendors are built for power grids, factories, and oil majors. Fish farms need something lighter: asset visibility, evidence, and prioritized fixes, sized for real operations.
How it works
Map, score, document, fix
Inspect the site
On-site and remote discovery of OT/IoT assets, network paths, and operational dependencies.
Score the exposure
Rank risks by operational blast radius, compliance relevance, and ease of remediation.
Build the evidence
A signed dossier for the board, insurer, supplier conversations, and audit preparation.
Fix what matters
Prioritized remediation plan, biggest operational risk first, sized to your team and budget.
The deliverable
Your cyber posture, packaged as evidence
Not a slide deck. A structured dossier you can put in front of the board, your insurer, a retailer, or an NSM audit, and a clear path to fixing what matters.
Join the pilotThe offer
Start with one site
Aquaculture Cyber Readiness Check
Founding pilot- Scope
- Fixed, one site
- Duration
- ~10 working days
- Format
- On-site + remote analysis
- Deliverable
- Evidence dossier + board summary + prioritized remediation map
Compliance Evidence Layer
Private pilot- Lightweight monitoring and recurring evidence
- Monthly cyber-posture reports
- Designed for multi-site aquaculture operators
- Turns one-off readiness into continuous proof
Why now
Three pressures, arriving together
The rules already landed
The Digital Security Act is in force and NIS2 is coming. Covered entities must push security requirements onto suppliers, and the obligation cascades down the value chain.
Your farm is online
Feeding, oxygen, water flow, sensors, dosing and SCADA are networked, much of it legacy OT that was never designed to be exposed.
Geography raises the stakes
Remote coastal sites and critical food infrastructure sit in a region under elevated geopolitical pressure. Visibility is no longer optional.
Why Havvakt
Not the big OT vendors. Not a generic IT shop.
Claroty and Dragos serve power grids and oil majors. The big consultancies do not know marine OT. Havvakt is the middle the coast actually needs.
Domain-specific
Aquaculture OT: net-pens, feeding, dosing, SCADA. Not generic enterprise IT.
Right-sized
Built for operators and SMEs without large security teams or enterprise budgets.
Evidence-first
Designed around what boards, insurers, suppliers and regulators actually need to see.
Founder-led
Built in Tromsø, for the coast Norway depends on
Havvakt is founder-led, with a background in DevOps and cloud infrastructure, network-intelligence security, and early-stage startup execution and customer success. The goal is simple: give aquaculture operators the visibility and evidence to keep connected operations resilient, and the ability to sleep at night.
Early-stage and honest about it. We start with one site, do unglamorous work well, and earn trust the only way that lasts in a small industry: by being precise, present, and useful.
FAQ
Questions operators ask
Do we need to replace our existing OT systems?
No. The first engagement maps and documents what already exists. Remediation is prioritized afterward, nothing is ripped out to get started.
Is this for small operators or large producers?
It is designed for operators that need serious evidence without enterprise complexity, typically SMEs without a large in-house security team.
What do we actually receive?
An evidence dossier: asset inventory, exposure map, supplier-risk register, incident-readiness checklist, an NSM Basic Principles gap analysis, and a board-ready summary.
How long does it take?
The readiness check is designed around roughly 10 working days, on-site discovery plus remote analysis and packaging.
Is this a software product or a service?
It starts as a service. The recurring Compliance Evidence Layer, lightweight monitoring and monthly evidence, is the product direction, currently a private pilot.
How do you handle our operational data?
Data handling is kept minimal. We document scope before the engagement and avoid collecting production-sensitive data we do not need.
What if we already have an IT provider?
Good, we complement them. Havvakt focuses on the OT/IoT and compliance-evidence layer most IT providers do not cover, and the deliverable is built to support board and insurer conversations.
Become one of our first pilot sites
We are partnering with a small number of Troms and Finnmark operators as founding pilot sites. Start with one site, see exactly what a regulator would find, and help shape what Havvakt becomes.
Or email hei@havvakt.no