The maritime industry – a cornerstone of global trade responsible for over 90 percent of international commerce and an indispensable pillar of APAC’s economy, has increasingly become a target for cybercriminals. Cyber incidents have plagued civilian vessels and infrastructure — in the first half of 2024 alone, it was reported that there were 23,400 malware detections and 178 ransomware attacks across 1,800 vessels, resulting in operational standstills and recovery costs running into millions.
Civilian GPS jamming, a growing maritime cybersecurity threat, has been increasingly exploited by state and non-state actors to disrupt vessel navigation, often with severe economic and safety implications. In 2024-2025, incidents of GPS spoofing targeting civilian ships have surged, for instance, in geopolitically sensitive regions like the Black Sea and the Persian Gulf, where signals were jammed to mislead vessels into territorial waters, triggering legal disputes and insurance claims.
The MCAD records cases where commercial ships experienced spoofed GPS signals, causing navigational errors that delayed operations and incurred costs for rerouting or recovery. These attacks exploit vulnerabilities in vessels’ reliance on satellite-based navigation, especially when these systems lack fallback mechanisms like compasses or astrolabes.
As ships increasingly integrate with connected systems, the absence of secure-by-design protocols amplifies risks, underscoring the need for robust countermeasures like encrypted navigation signals and crew training to detect and respond to jamming attempts.
Critical nodes on vessels are vulnerable to cyberattacks
Modern vessels, particularly those under 25 years old, are akin to floating factories with extensive automation present onboard, blending information technology (IT) and operational technology (OT) systems. Approximately half of a ship's digital infrastructure is IT-based, while the other half comprises OT, mirroring industrial control systems found in factories. Protecting these nodes is paramount, as breaches can compromise navigation, propulsion, or cargo operations.
At the core of this infrastructure are the OT layers. For instance, the upper level on the bridge manages propulsion, engines, and steering; the lower level in the engine room handles machinery; and mid-level systems, like SCADA for cargo operations, monitor pressure, ballast tank levels, and specialised maritime functions absent in land-based industries. Industrial Internet of Things (IIoT) devices permeate all levels, enabling real-time monitoring of critical resources via "connected vessel" systems. However, these systems heighten risks by linking to external networks, potentially allowing malware ingress.
Port infrastructure compounds vulnerabilities as the exchange of data through ports, while critical for safety, also serves as a prime target for attackers. Attacks often occur via communication channels: Starlink connections, cellular modems effective within 10 to 12 miles of shore, or port Wi-Fi networks. We have seen documented cases of ransomware spreading through port connections and immobilising ships for days.
- Alexander Nikolaev, Kaspersky’s Industrial Cybersecurity Expert
Infection vectors are diverse and often human-enabled. Nautical charts, updated biweekly, are typically downloaded to officer laptops and transferred via USB to navigation computers – a practice that risks malware propagation across IT and OT boundaries. Without malware scanning, these drives become a source of threats. GPS jamming can lure vessels into various obstacles, and also into territorial waters for legal disputes, triggering insurance payouts and operational halts.
Emerging unmanned civilian vessels, trialled on shuttle routes like ferries, introduce AI-driven risks, including predictive failures in navigation or propulsion, further necessitating robust defences. In "smart ports," IIoT integration demands regulatory-compliant security to prevent cascading failures.
Regulation and certification for cybersecurity solutions on maritime infrastructure
As threats evolve, regulatory frameworks have matured to enforce cybersecurity in maritime operations. Since July 2024, major registries have adopted documents mandating cyber-protected systems, with secure-by-design principles effective from January 2024. Software and hardware solutions must undergo certification to operate on vessels, ensuring they meet safety standards.
The International Maritime Organisation (IMO)’s Guidelines on Maritime Cyber Risk Management offer recommendations for integrating cyber defences into risk processes, addressing cyber risks in safety management systems under the ISM Code. In April 2024, IMO issued a circular on risk assessment, emphasising proactive evaluations – though no specific 2025 update is noted, ongoing revisions stress emerging threats like AI in unmanned ships.
The International Association of Classification Societies (IACS) issues technical requirements, such as Recommendation 166 and Unified Requirements E26, E27, for cybersecurity in ship construction. The Oil Companies International Marine Forum focuses on tankers, via the Tanker Management and Self-Assessment and Ship Inspection Report Programme, promoting continuous safety enhancements.
Cybersecurity vendors are entering this market, certifying solutions to registry standards. Crew training programs, addressing human factors like USB misuse, are also integral to reducing risks through awareness and cyber-hygiene practices.
Embracing secure by design in digital maritime solutions
In 2025, the maritime sector – both in APAC and globally, stands at a crossroads: digitise securely or risk amplified losses. Modern digital solutions must adopt "secure by design" from inception, embedding cybersecurity into hardware, software, and processes rather than bolting it on later. This approach, mandated by recent regulations, minimises vulnerabilities like unpatched legacy systems on older vessels, which rarely see updates due to design change implications.
Stakeholders should prioritise IIoT hardening, unidirectional data flows, and regular audits. They must also invest in crew education to curb human errors, integrate predictive analytics for failure detection, and leverage insurance policies that are tailored to cyber risks. By heeding IMO, IACS, and national frameworks, the industry can fortify against threats like ransomware. Secure by design is not optional – it's essential for safeguarding global trade, preventing economic shocks, and ensuring safe seas.
Alexander Nikolaev is Kaspersky’s Industrial Cybersecurity Expert.
