The latest NORMA Cyber annual report has the merit of placing maritime cybersecurity back where it now truly operates: in a space saturated with geopolitical tensions, logistical interdependencies, and blurred boundaries between cyber, physical, and informational domains. Its main outlook for 2026 (for those who still believe in cyber crystal balls) is that the structuring risk is not so much the “big” destructive attack as the accumulation of intelligence operations, opportunistic disruptions, and hybrid effects on already strained logistical and operational chains. In that sense, it is a less alarmist report than it may appear at first glance, and that is probably its main strength.

On March 18, 2026, the US Coast Guard published a cyber bulletin titled MCB 01-26: Awareness for Increased Phishing (available at the end of this article). This short document aims to shed light on the evolution of cyber threats in the maritime sector, and more specifically on the growing role of phishing attacks in incidents affecting the Marine Transportation System (MTS). It is not specified—although it naturally comes to mind—whether the release of this bulletin is directly linked to the current conflict in the Persian Gulf and the risk of phishing attacks originating from Iran.

The collective volume Marine Technology, Ocean Development and the Law of the Sea (2026), available as open access, devotes significant attention to digital issues, with numerous occurrences of the term “cyber” and several chapters more broadly dedicated to the security of maritime systems.

GNSS, jamming and spoofing: a clearly documented risk

The chapter on maritime cybersecurity provides a detailed description of the threats affecting GNSS systems. It recalls that associated attacks (spoofing, jamming) can lead to a loss of reliable positioning and to navigation errors, directly impacting maritime safety. It also emphasizes that users must “plan” (or at least anticipate!) “potential GPS disruptions, authenticate the reliability of received data and consider alternative positioning sources” (cyber chapter, pp. 278–280).

Ireland published in February 2026 its first national maritime security strategy (National Maritime Security Strategy 2026–2030).

This document marks an important evolution for this island state, which we particularly appreciate, highly dependent on its maritime infrastructure, but historically limited in terms of surveillance and protection capabilities over its maritime domain.

The strategy explicitly identifies the protection of critical infrastructure as a central issue, in particular subsea telecommunications cables and energy interconnectors (such as the Celtic Interconnector). These infrastructures are presented as essential to the country’s economic and digital functioning, in a context where a significant share of transatlantic data flows passes close to Irish waters.

Following a previous webinar, in February 2026, in connection with current developments in the Persian Gulf, BIMCO hosted a webinar dedicated to GNSS interference. I encourage you to watch it, and here is a brief personal analysis. This webinar had an immediate merit: amid the numerous publications on the subject (particularly on LinkedIn), and although the topic is not new (especially since the conflict between Russia and Ukraine), it did not treat jamming and spoofing as a purely theoretical issue reserved for specialists, nor from a purely alarmist perspective, but as a now very real operational risk for commercial navigation.

Over the past few days, there has been a noticeable increase in publications discussing GNSS interference, particularly GPS jamming and spoofing.

This brings me back to a case that is frequently cited in public and private reports, both in France and internationally: the collision that occurred off the coast of Oman between two vessels, which continues to be mentioned as an example of a collision “linked” to GPS spoofing.

What catches my attention is not the hypothesis itself.
GNSS interference in that region is documented and certainly not a new phenomenon. It obviously deserves to be taken seriously.