Ocean watch for connected aquaculture

Drop-in cyber readiness for connected fish farms

Havvakt maps your OT/IoT exposure, turns it into board-ready compliance evidence, and shows what to fix first. No enterprise rollout. No guesswork.

Built in Tromsø · NSM-aligned · Aquaculture OT/IoT · Digital Security Act / NIS2 readiness

Havvakt Console
troms-site-04 · live
72/ 100
Site readiness
Evidence
18
controls
Unknown assets
7
to map
Supplier risk
3
open
OT / IoT assets14 mapped
  • Oxygen monitoringMQTT
  • Feeding controllerModbus
  • Sea-lice dosingOPC-UA
  • Water-flow controlModbus
PRIORITY FIXFeeding controller: remote access on default credentials
Dossier · Q2 readiness packageSigned
Based in
Tromsø, Norway
Aligned with
NSM Basic Principles
Built for
Aquaculture OT / IoT
Prepares for
Digital Security Act · NIS2

Right-sized by design

Not every farm needs enterprise cyber

The big OT vendors are built for power grids, factories, and oil majors. Fish farms need something lighter: asset visibility, evidence, and prioritized fixes, sized for real operations.

How it works

Map, score, document, fix

01

Inspect the site

On-site and remote discovery of OT/IoT assets, network paths, and operational dependencies.

02

Score the exposure

Rank risks by operational blast radius, compliance relevance, and ease of remediation.

03

Build the evidence

A signed dossier for the board, insurer, supplier conversations, and audit preparation.

04

Fix what matters

Prioritized remediation plan, biggest operational risk first, sized to your team and budget.

The deliverable

Your cyber posture, packaged as evidence

Not a slide deck. A structured dossier you can put in front of the board, your insurer, a retailer, or an NSM audit, and a clear path to fixing what matters.

Join the pilot
Compliance evidence dossier
Troms-site-04 · Q2 2026
Signed
Asset inventory
Exposure map
Supplier-risk register
Incident-readiness checklist
NSM Basic Principles gap analysis
Board summary

The offer

Start with one site

Aquaculture Cyber Readiness Check

Founding pilot
Scope
Fixed, one site
Duration
~10 working days
Format
On-site + remote analysis
Deliverable
Evidence dossier + board summary + prioritized remediation map
Join the pilot

Compliance Evidence Layer

Private pilot
  • Lightweight monitoring and recurring evidence
  • Monthly cyber-posture reports
  • Designed for multi-site aquaculture operators
  • Turns one-off readiness into continuous proof
Join pilot list

Why now

Three pressures, arriving together

Regulation is active

The rules already landed

The Digital Security Act is in force and NIS2 is coming. Covered entities must push security requirements onto suppliers, and the obligation cascades down the value chain.

OT is already connected

Your farm is online

Feeding, oxygen, water flow, sensors, dosing and SCADA are networked, much of it legacy OT that was never designed to be exposed.

The High North is exposed

Geography raises the stakes

Remote coastal sites and critical food infrastructure sit in a region under elevated geopolitical pressure. Visibility is no longer optional.

Why Havvakt

Not the big OT vendors. Not a generic IT shop.

Claroty and Dragos serve power grids and oil majors. The big consultancies do not know marine OT. Havvakt is the middle the coast actually needs.

01

Domain-specific

Aquaculture OT: net-pens, feeding, dosing, SCADA. Not generic enterprise IT.

02

Right-sized

Built for operators and SMEs without large security teams or enterprise budgets.

03

Evidence-first

Designed around what boards, insurers, suppliers and regulators actually need to see.

Founder-led

Built in Tromsø, for the coast Norway depends on

Havvakt is founder-led, with a background in DevOps and cloud infrastructure, network-intelligence security, and early-stage startup execution and customer success. The goal is simple: give aquaculture operators the visibility and evidence to keep connected operations resilient, and the ability to sleep at night.

Early-stage and honest about it. We start with one site, do unglamorous work well, and earn trust the only way that lasts in a small industry: by being precise, present, and useful.

FAQ

Questions operators ask

Do we need to replace our existing OT systems?

No. The first engagement maps and documents what already exists. Remediation is prioritized afterward, nothing is ripped out to get started.

Is this for small operators or large producers?

It is designed for operators that need serious evidence without enterprise complexity, typically SMEs without a large in-house security team.

What do we actually receive?

An evidence dossier: asset inventory, exposure map, supplier-risk register, incident-readiness checklist, an NSM Basic Principles gap analysis, and a board-ready summary.

How long does it take?

The readiness check is designed around roughly 10 working days, on-site discovery plus remote analysis and packaging.

Is this a software product or a service?

It starts as a service. The recurring Compliance Evidence Layer, lightweight monitoring and monthly evidence, is the product direction, currently a private pilot.

How do you handle our operational data?

Data handling is kept minimal. We document scope before the engagement and avoid collecting production-sensitive data we do not need.

What if we already have an IT provider?

Good, we complement them. Havvakt focuses on the OT/IoT and compliance-evidence layer most IT providers do not cover, and the deliverable is built to support board and insurer conversations.

Become one of our first pilot sites

We are partnering with a small number of Troms and Finnmark operators as founding pilot sites. Start with one site, see exactly what a regulator would find, and help shape what Havvakt becomes.

Or email hei@havvakt.no