Cyber Incidents in the Maritime Industry: A Rising Tide of Digital Threats

The maritime industry, once dominated by analog navigation and paper charts, has undergone a massive digital transformation over the past two decades. From smart ports and automated cargo handling to digital navigation and shipboard networks, modern maritime operations are heavily reliant on interconnected systems. While this digital evolution brings unprecedented efficiency and safety improvements, it also exposes the industry to a rapidly growing and evolving risk: sophisticated cyberattacks.

According to a CCDCOE policy brief, nearly 80% of global trade is carried by sea, making the maritime industry one of the world’s most critical infrastructures.

Why the Maritime Sector is a Target

Maritime logistics serves as the backbone of global commerce, with over 80% of world trade transported by sea through a network of 50,000+ commercial vessels and 7,000+ ports worldwide. This critical infrastructure makes the sector an attractive target for various threat actors including cybercriminals seeking financial gain, hacktivists pursuing ideological goals, state-sponsored groups conducting espionage, and terrorist organizations aiming for maximum disruption.

The maritime industry's cybersecurity posture has historically lagged behind other critical sectors such as finance, healthcare, and energy. This vulnerability stems from several factors: widespread use of legacy systems that were never designed with cybersecurity in mind, inconsistent patch management practices across global fleets, complex supply chains with multiple stakeholders, remote operational environments with limited IT support, and crews with varying levels of cybersecurity awareness and training.

The convergence of operational technology (OT) and information technology (IT) systems onboard modern vessels has created new attack vectors that didn't exist in traditional maritime operations. When a ship's navigation systems, cargo management platforms, and communication networks become interconnected, a single point of compromise can cascade across multiple critical systems.

The growing interconnection of OT (operational technology) and IT (information technology) systems has significantly expanded attack surfaces, as highlighted in the U.S. Coast Guard’s CTIME report . When a ship's navigation systems, cargo management platforms, and communication networks become interconnected, a single point of compromise can cascade across multiple critical systems.

Industry reports reveal a increase in maritime cyber threats between 2020 and 2024, proving that these threats are accelerating.

Notable Cyber Incidents in the Maritime Industry

1. Maersk – NotPetya Attack (2017)

The most devastating cyber incident in maritime history occurred when Danish shipping giant A.P. Moller-Maersk fell victim to the NotPetya malware. Originally designed as a cyberweapon targeting Ukraine, NotPetya spread globally, causing catastrophic damage across multiple industries. For Maersk, the impact was unprecedented: the malware infiltrated 4,000 servers and 45,000 PCs across 600 sites in 130 countries within minutes.

The attack completely paralyzed Maersk's operations for weeks. Container terminals in major ports including Los Angeles, New York, and Rotterdam were forced to operate manually. Ships were stranded at sea, unable to receive berthing instructions. The company had to rebuild its entire IT infrastructure from scratch, including installing 4,000 new servers. Total damages exceeded $300 million, making it one of the costliest cyberattacks in corporate history.

Maersk’s cyber losses from NotPetya are estimated at over $300 million, making it one of the costliest cyberattacks in corporate history.

2. COSCO – Ransomware Attack (2018)

China Ocean Shipping Company (COSCO) suffered a ransomware attack affecting its American operations.

Systems affected: Email systems and operational communications

• Impact: Manual processes for several days, disrupting shipment tracking and customer communication

• Lesson: Heavy reliance on digital communication without proper backups is a major vulnerability

3. Port of San Diego – Cyberattack (2018)

A ransomware attack targeted administrative systems.

• Affected operations: Permit processing, tenant record management, and financial transactions.

• Lesson: Even attacks not directly targeting operational systems can cause substantial disruption.

4. IMO – Cyber Breach (2020)

The International Maritime Organization (IMO) faced a breach of its website and internal systems.

• Irony: Occurred while promoting new cybersecurity guidelines.

• Lesson: No organization is immune to cyber threats, even regulatory bodies

5. Emerging Threat: GPS Spoofing and Jamming (2019-2025)

While not a single incident, GPS spoofing and jamming are increasingly common:

• Ships in the Black Sea have reported false GPS locations.

• Navigation disruption is a growing risk for global shipping.

• Emerging threats like GPS spoofing have disrupted navigation, particularly in the Black Sea, according to Crisis24 reports

Key Vulnerabilities in the Maritime Ecosystem

Shipboard Systems (OT & IT Integration): Many OT systems lack security features like encryption or authentication, making them vulnerable when connected to IT networks.

Supply Chain & Port Infrastructure: A successful attack on a terminal operating system could disrupt vessel scheduling, cargo handling, and customs clearance processes simultaneously.

Satellite Communications & Navigation: VSAT and GPS systems are often unprotected, making them easy targets for spoofing and jamming.

Human Factors & Social Engineering: Crew members with little cybersecurity training remain the weakest link.

Regulatory Response & Industry Guidelines

To address growing cyber risks, several organizations have issued frameworks and regulations:

• Requires cyber risk management to be part of the ship's Safety Management System (SMS).

• Provides practical measures for shipowners and operators.

• Sets expectations for cybersecurity in facilities and vessels in U.S waters.

Building Cyber Resilience at Sea

Effective measures include:

• Cyber Awareness Training: Educating crew members to recognize threats.

• Network Segmentation: Separating critical OT and IT systems.

• Incident Response Plans: Preparing for swift recovery from cyber incidents.

• Regular Audits & Penetration Testing: Identifying vulnerabilities proactively.

• Collaboration and Information Sharing: Strengthening industry-wide resilience.

• Employee Training: Educating employees on best practices for cybersecurity.

Frequently Asked Questions (FAQ)

• What are the major cyber incidents in the maritime industry?

  The maritime industry has experienced several high-impact cyber incidents, including Maersk’s NotPetya attack in 2017, COSCO’s ransomware attack in 2018, Port of San Diego ransomware in 2018, and the IMO cyber breach in 2020. Emerging threats such as GPS spoofing have disrupted navigation in critical regions.

• Why is maritime logistics a target for cyberattacks?

  Maritime logistics is critical to global trade, carrying over 80% of world commerce by sea, making it an attractive target for cybercriminals, hacktivists, and state-sponsored groups. The industry’s reliance on interconnected digital systems, legacy technology, and complex supply chains increases vulnerability to cyberattacks.

• How can shipping companies prevent cyberattacks?

  Shipping companies can enhance cybersecurity by implementing crew training, segmenting OT and IT networks, maintaining updated incident response plans, conducting regular audits, and collaborating with industry stakeholders. Adopting best practices from IMO guidelines, BIMCO standards, and US Coast Guard recommendations ensures robust protection against evolving threats. Reference: BIMCO Cybersecurity Guidelines

• What are common vulnerabilities in port systems?

  Common vulnerabilities in port systems include weak integration between OT and IT networks, unprotected satellite communications, insecure supply chains, and human error due to insufficient cybersecurity awareness. Addressing these gaps through technology upgrades, training, and risk management strategies is essential for securing port operations. Reference: The Digital Ship

• What role do crew members play in maritime cybersecurity?

  Crew members are a critical line of defense against cyber threats. Lack of awareness or training can make them susceptible to phishing, social engineering, or accidental breaches. Regular cybersecurity training and drills are essential to strengthen human resilience onboard.

• How does the integration of OT and IT systems increase risks?

  Integration of Operational Technology (OT) and Information Technology (IT) systems creates larger attack surfaces. Vulnerabilities in OT systems, such as shipboard navigation or cargo management platforms, can be exploited when connected to IT networks, potentially affecting multiple operational areas simultaneously.

• What regulatory frameworks guide maritime cybersecurity?

  Key regulatory frameworks include IMO cyber risk management guidelines, BIMCO cybersecurity guidelines, and US Coast Guard Cyber Risk Management Guidance. These provide best practices and mandatory requirements to secure ships, ports, and maritime operations against cyber threats.

• What emerging threats are maritime companies facing?

  Emerging threats include GPS spoofing, jamming, ransomware attacks, and phishing campaigns targeting both ships and port infrastructure. These threats are evolving rapidly, requiring continuous monitoring, updated security protocols, and collaboration across the maritime sector.

Final Thoughts

The maritime industry stands at a critical crossroads in its digital evolution. Cyberattacks on shipping companies and ports are not just future possibilities—they are present-day realities with global consequences.

When a major shipping line like Maersk goes offline, supply chains around the world feel the impact. Retailers face inventory shortages, manufacturers experience delays, and consumers ultimately pay the price.

Building resilience requires unprecedented collaboration among shipping companies, port authorities, technology vendors, regulators, and insurers. Cybersecurity can no longer be viewed as a compliance checkbox—it must be embedded into every layer of maritime operations.

References

• https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.3.pdf

• https://industrialcyber.co/transport/us-coast-guards-2024-ctime-report-reveals-growing-cyber-risks-in-maritime-operations/?utm_source=chatgpt.com

• https://thedigitalship.com/news/maritime-satellite-communications/maritime-faces-rising-cyber-threats-in-2025/

• https://www.bimco.org/news-insights/bimco-news/2024/20241114-cyber-security-guidelines

• https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks

• https://ccdcoe.org/uploads/2025/07/CCDCOE_Policy_Brief.pdf?utm_source=chatgpt.com

• https://industrialcyber.co/transport/us-coast-guards-2024-ctime-report-reveals-growing-cyber-risks-in-maritime-operations/?utm_source=chatgpt.com

• https://thedigitalship.com/news/maritime-satellite-communications/maritime-faces-rising-cyber-threats-in-2025/

• https://en.wikipedia.org/wiki/2017_NotPetya_cyberattack

• https://rntfnd.org/2017/07/12/mass-gps-spoofing-attack-in-the-black-sea/

• https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.3.pdf

• https://www.bimco.org/news-bimco-news/2024/20241114-cyber-security-guidelinesinsights/

• https://www.dco.uscg.mil/Our-Organization/Assistant-Commandant-for-Prevention-Policy-CG-5P/Inspections-Compliance-CG-5PC-/Office-of-Port-Facility-Compliance/Domestic-Ports-Division/cybersecurity/