Maritime cybersecurity lags behind as threats escalate, researchers warn

The digital systems powering maritime trade - the digital backbone of the global economy, are increasingly vulnerable to silent, invisible threats. As ports modernize with smart sensors, automated logistics, and real-time vessel tracking, they are also becoming prime targets for cyberattacks that can cripple operations and disrupt global supply chains.

A new study published in the Journal of Marine Science and Engineering and titled "The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats," delivers a stark warning: cyber resilience in the maritime world is dangerously underdeveloped - and the clock is ticking.

Authored by researchers from the University of Rijeka, the study reveals how outdated infrastructure, low awareness, and underinvestment have made even critical ports and shipping operations vulnerable to exploitation. From ransomware attacks at major terminals to exposed GPS systems and unprotected networked devices, the report exposes a growing crisis beneath the surface of the world’s shipping lanes.

Why has cyber resilience become a critical concern for maritime operations?

Digitalization has revolutionized the maritime industry, but it has also introduced unprecedented exposure. Modern ports and vessels now rely heavily on interconnected systems - from GPS and AIS navigation to real-time data exchange between land-based servers and shipboard operational technology (OT). However, this very connectivity has expanded the attack surface. The researchers cite several incidents, including the high-profile ransomware attack on Croatia’s Port of Rijeka by the 8Base group, which compromised sensitive accounting and logistics data. These events highlight a troubling truth: maritime cyber threats are not theoretical - they are already disrupting global logistics.

Cyber resilience is not simply about installing antivirus software or firewalls. It’s the capacity of a system to anticipate, withstand, and recover from cyber incidents with minimal disruption. The study stresses that resilience must be built into both IT and OT systems, which often operate on outdated, proprietary software not designed for today’s threat landscape.

Industry standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework offer a foundational strategy, but maritime systems present unique challenges. Many ports operate legacy OT environments, navigation interfaces, cargo cranes, propulsion systems, that lack modern safeguards and are difficult to patch or replace. The research confirms that basic penetration tests conducted in Croatia’s largest port revealed a high number of unaddressed vulnerabilities - clear evidence that even basic cybersecurity hygiene is lacking in many maritime facilities.

What tools and strategies are available to build cyber resilience across ports and vessels?

The study employs both inside-out and outside-in assessments to evaluate system weaknesses. Internally, tools like Tenable Nessus were used to identify software vulnerabilities. Externally, the researchers leveraged the Shodan search engine to scan the internet for exposed maritime systems broadcasting GPS data or using insecure industrial protocols like Modbus or Profinet. These dual approaches confirmed widespread exposure, particularly in systems designed for remote access or diagnostics.

To combat this, the authors propose a multi-layered defense model anchored in practical implementation. They emphasize the importance of network segmentation, regular risk assessments, and clear incident response plans that comply with evolving regulations like the EU's NIS2 Directive and the IMO’s MSC.428(98) resolution. These rules require shipping companies and port operators to adopt cybersecurity management systems as part of broader safety frameworks.

Yet even with the best tools in place, the success of any cyber defense system depends on human behavior. The report underscores that cybersecurity culture must be built from the top down, with senior management commitment, and horizontally across operational teams. It advocates for training programs that go beyond awareness to embed cybersecurity into everyday decision-making, from system procurement to risk analysis and emergency drills.

Leading examples reinforce these recommendations. The Port of Los Angeles’ Cyber Resilience Center, Rotterdam’s FERM initiative, and Singapore’s Maritime Cybersecurity Operations Centre all demonstrate how public-private partnerships can centralize threat intelligence and improve response coordination. These models show that cyber resilience isn’t a single solution - it’s a system of systems involving people, technology, and governance.

Where are the research gaps, and what future steps are essential for the maritime sector?

Despite advances, several vulnerabilities remain unaddressed. One of the most pressing is the absence of tailored cybersecurity frameworks for OT environments. The majority of existing guidelines are built for enterprise IT networks and fail to address the physical and operational realities of maritime infrastructure. The authors argue for empirically validated frameworks specific to vessel types and port configurations - ones that account for latency, hardware limitations, and the need for real-time control.

Another challenge lies in side-channel attacks, an emerging threat vector that exploits physical characteristics such as electromagnetic signals or vibrations to extract sensitive information. While widely studied in other industries, these attacks remain virtually unexplored in maritime cybersecurity. The researchers call for dedicated investigations into how these vectors could compromise legacy OT systems aboard ships or in port control centers.

Finally, the study highlights that most cybersecurity best practices are designed for large enterprises with ample resources. Small and medium-sized maritime businesses are often left behind, unable to afford enterprise-grade solutions or specialized staff. Scalable and cost-effective security models, modular by design and compatible with different digital maturity levels, are urgently needed to democratize cybersecurity across the industry.

As the sector moves toward autonomous vessels and fully digitized ports, the complexity of the cyber threat landscape will only grow. It will no longer be enough to focus on system recovery after an incident. Instead, maritime cybersecurity must evolve into cyber sustainability, a forward-looking model that integrates resilience into business strategy, risk management, and innovation planning.

Future research must explore these key aspects: creating measurable resilience indicators, tailoring frameworks for legacy OT environments, and investing in human factors to reduce behavior-driven vulnerabilities.