Maritime cybersecurity is the iceberg no one sees coming

Maritime transport, the backbone of global trade, is adapting to shifting economic, political, and technological conditions. Advances in technology have improved efficiency, bringing innovations such as remote cargo monitoring, advanced energy management systems, and automation of various onboard operations.

But modernization also comes with new security challenges. Ships equipped with new technologies have become attractive targets for criminals. Any attack on these systems can compromise safety and put human lives at risk.

In March 2024, the MV Dali lost power and collided with Baltimore’s Francis Scott Key Bridge, causing the bridge to collapse. Investigators traced the problem to electrical blackouts, but the case also shows that a ship’s OT can be exposed to both technical failures and possible cyber interference. No cyberattack has been confirmed, but the incident raised many questions about security and what could happen if someone were to carry out an attack and take control of a ship.

What is particularly concerning is that only 17% of shipyards indicate they have the in-house expertise needed to ensure vessels are cyber-secure.

Port cybersecurity

Vulnerabilities are not limited to ships. Ports and terminals, which generate and process vast amounts of data, are also at risk. Information about shipping routes, cargo, and financial transactions is valuable to criminal organizations. Port cybersecurity is managed separately by various public, private, and non-governmental actors.

Without common procedures for identifying, communicating about, or mitigating cyber incidents, it is hard to mount a coordinated response. A cyberattack affecting just one port might cause limited operational issues, but broader attacks on multiple ports could have major consequences.

Many ports rely on third-party vendors, but operators usually have little visibility beyond the first tier of their supply chains and often don’t understand how vulnerabilities in these networks can affect specific port operations. Limited visibility into cyber and software supply chains, combined with a lack of standard practices and limited knowledge of third-party cybersecurity measures, makes it difficult for ports to carry out thorough risk assessments.

Cyberattacks threaten shipping and port operations

Financially motivated hackers, ransomware groups and hacktivists are increasingly targeting the maritime and shipping sector as geopolitical tensions rise. Ransomware has become one of the main concerns for port owners and operators.

In 2017, the NotPetya attack hit Maersk, one of the world’s largest shipping companies. The malware spread through a compromised update to Ukrainian accounting software and was later attributed to the Russian military. The incident forced the shutdown of 76 port terminals and disrupted more than 45,000 PCs and 4,000 servers.

Marlink tracked cyber threats on 1,800 vessels in the first half of 2024, recording 23,400 malware detections and 178 ransomware attacks.

MarineMax, a U.S. boat retailer, suffered a cyberattack that compromised its accounting system and exposed financial, employee, and customer records online. More recently, the Port of Rijeka was targeted by the 8Base ransomware group, which claimed to have stolen invoices, receipts, employment contracts, personal data, accounting records, and other confidential files.

While ransomware continues to disrupt operations, cyber espionage remains a persistent threat due to the sector’s strategic importance. A policy brief from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that critical port infrastructure, which handles 80% of global trade, is targeted by threat actors linked to Russia, Iran, and China.

Meanwhile, the Lab-Dookhtegan hacker group said it disabled communications on more than 60 Iranian oil tankers and cargo ships, cutting off connections between the vessels, their ports, and the outside world in one of the largest cyberattacks on Iran’s maritime sector. This attack demonstrates what a targeted and precise strike can accomplish. It also shows the risks of having outdated or poorly maintained software.

Interference with Global Navigation Satellite Systems (GNSS) is becoming a bigger concern for maritime operations. State actors are using jamming and spoofing techniques to disrupt ship navigation and logistics. This kind of threat isn’t going away anytime soon. Russia is often identified as the primary actor, but countries like Iran and China also have electronic warfare capabilities that could affect maritime navigation, whether on purpose or by accident.

AI creates new risks for the maritime sector

AI-powered cyberattacks could make it much easier for hackers to target ship and port systems, tamper with navigation or sensor data, or send highly convincing phishing messages to trick crew members and other personnel.

The level of concern about AI-enhanced cyberattacks is shown by the fact that 74% of security leaders are highly worried about such attacks, and 69% are highly concerned that AI could reveal new vulnerabilities in their environments.

Shipping companies need to carry out thorough risk assessments to spot vulnerabilities and potential attack points that could be targeted by AI-driven cyber threats. This should be an ongoing process that continuously monitors new threats and updates defenses as needed.

“Security researchers have shown it’s possible to subvert AI assistants into running unauthorized commands, accessing sensitive files, or introducing supply-chain vulnerabilities, all without triggering typical security alerts. While these tests have been in controlled conditions, the techniques are straightforward enough that it’s only a matter of time before malicious actors use them in the wild,” warned Jacob Ideskog, CTO of Curity.

Building resilience through workforce skills and industry cooperation

Experts agree that workforce training is a key component. Staff at all levels should be trained to recognize and respond to incidents. Knowing criminal techniques like phishing and social engineering is important, since human error is always the Achilles’ heel of most successful attacks. Staff should be trained to handle key tasks manually whenever digital or operational systems are disrupted.

Organizations in the maritime industry should prioritize collaboration and information sharing when it comes to cybersecurity. While competition and self-preservation are natural, sharing insights about cyber incidents, vulnerabilities, or supply chain risks can help protect the entire transportation system. Establishing formal channels for communication with other industry players and government partners ensures that best practices are spread, threats are detected faster, and the sector as a whole becomes more resilient to attacks.

Regulatory landscape

Regulatory authorities are responding to these challenges by strengthening the enforcement of cybersecurity standards in the maritime sector.

United States: The U.S. Coast Guard’s 2025 cybersecurity rule mandates vessels and facilities to appoint Cybersecurity Officers, report incidents to the National Response Center, train staff, and implement formal cybersecurity measures to protect the Marine Transportation System.

European Union: The NIS2 Directive requires maritime operators to implement risk management measures, secure supply chains, and report incidents to authorities.

International Maritime Organization (IMO): Updated IMO guidelines integrate cybersecurity into Safety Management Systems (ISM Code). Companies are urged to perform regular cyber risk assessments, establish incident response plans, and evaluate third-party vendors, following IMO Resolution MSC.428(98).