Unite, Prepare and Enable Maritime Cyber Readiness

The maritime transport industry, the backbone of global trade, is at a pivot point amid shifts in economic, political, and technological conditions. Advances in technology have entered the industry, thereby improving efficiency and enabling innovative solutions for various onboard operations, including remote cargo monitoring, advanced energy management systems, and overall automation.

Digitization via interconnected IT/OT systems, however, expands attack surfaces, opening the door to increasingly sophisticated adversaries and cybercriminals determined to breach them for financial gain or disruption. Both ports and ships are experiencing an increase in malware, phishing, ransomware, GPS spoofing and social engineering designed to disrupt operations, steal data, or hold systems hostage.

• In 2024, the Port of Seattle was attacked by the ransomware group Rhysida. The criminals encrypted data, resulting in widespread, sustained outages across multiple systems that affected check-in kiosks, baggage systems, and Wi-Fi.

• In 2023, the Port of Nagoya, Japan, was subject to a ransomware attack by LockBit, a notorious Russia-based cybercriminal group. Container terminal operations were crippled for more than two days. Trade was disrupted, affecting major companies like Toyota, and highlighting critical infrastructure vulnerabilities, following an earlier DDoS attack in 2022.

• From 2011 through 2017, Port of Antwerp, Belgium, was exposed to drug cartels that hit the port with malware to spy on its container management system, which gave them access to credentials and other data. The port has since become a gateway for illegal narcotics to enter Europe.

New technologies also expose legacy system vulnerabilities and a shortage of skilled professionals.

On January 17, 2025, the USCG published a new final rule that establishes regulations requiring all U.S. shipowners and operators, as well as those operating within U.S. jurisdiction, to implement cybersecurity measures to protect against threats. Effective July 2025, the final rule mandates the development of cybersecurity risk management programs and cyber incident response plans, and the implementation of protocols for reporting cyber breaches.

Cybersecurity plans must also align with international standards set by the IMO. This rule aims to enhance the resilience of the marine sector, ensuring the security of critical infrastructure and mitigating risks to safety, operations, and global supply chains in an increasingly digital world.

The next mandated compliance deadline is January 2026, when all personnel with IT/OT access must undergo cybersecurity training. Subsequent phases will extend to July 2027 for complete plans, assessments, and a dedicated officer, covering all U.S.-flagged vessels, OCS facilities, and MTSA-regulated shoreside entities.

Deploying cybersecurity plans and processes is a big, complex, and ongoing responsibility that requires significant resources and expertise. Not all things being equal, implementing security measures for large organizations will typically require more time for risk assessments and policy development, given their complexity. In contrast, smaller ports can implement more quickly but often lack the resources for comprehensive security measures. Whether large or small, maritime operators can experience organizational fatigue from the prolonged security implementations and process changes.

Adding insult to injury, at many terminals and ports, there is a lack of clear responsibility and ownership of new cyber requirements within the organization. The USCG now requires a Facility Security Officer (FSO) who manages physical security and a Cyber Security Officer (CySO) who is responsible for the technical infrastructure. Because most maritime environments do not have a CySO, there is an assumption among operators that an FSO can do what’s required as an add-on responsibility. On the other hand, the FSO assumes the corporate IT department is managing matters. At the 11th hour for compliance, often no one is managing cybersecurity initiative. Operators may assume that regulations do not apply to them or that they are not a potential target, which can appear negligent. It also precipitates a situation where someone must inform an inspector that protocols are not being followed.

As nation state adversaries escalate threats and continue to actively target critical infrastructures, the maritime industry is wise to consider a comprehensive cyber-physical approach. Operators should seek help in leveraging proven security methodologies, policy templates, and vetted measures. This increases efficiency and effectiveness. The new regulations underscore that OT is not the same as IT and ensuring secure and stable operations requires expertise in maritime operations.

By consistently applying advanced frameworks and training, the maritime industry can help ensure global trade routes remain secure, efficient, and dependable in an increasingly connected world.