Maritime and port cybersecurity.

As part of your healthy summer reading, have you also gone through the CCDCOE paper, “Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure”?

No?

Then let me offer a brief personal reflection on and around the topic of port cybersecurity.

In this fine month of July 2025, the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) published a Policy Brief entitled “Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure”.

Only a few hours after the collision between two vessels off the coast of Oman, the first claims attributing the accident to GNSS spoofing (GPS spoofing) began to circulate.

It is likely that we will soon see many screenshots and analyses claiming that GPS spoofing is responsible… or that it is not.

As is often the case with this type of event, it is better to wait for the results of the investigation before drawing conclusions.

Several articles ([1], [2], [3]) report a ransomware cyberattack affecting the Norwegian cruise operator Hurtigruten. The company is particularly well known for its cruises along the Norwegian fjords, but it also provides cargo transport services in the region. The visible phase of the attack occurred during the night of 13–14 December 2020.

The company’s IT systems were impacted, as well as its telephone services. At the time of the attack, the company’s website also displayed an unavailability message.

A press release published today (24/11/2020) announced that the association France Cyber Maritime was created on 17 November 2020 to “help address the expectations of the maritime and port sectors regarding maritime cybersecurity, in a context of increasing digitalization of ships and ports, the development of drones and autonomous vessels, and the growing cyber threats affecting this strategic sector for France and Europe.”

I will quote large parts of the press release, as it is quite comprehensive:

According to The Maritime Executive, the Port of Kennewick, in Washington State, was hit by a ransomware cyberattack on November 17. A ransom of $200,000 was demanded in exchange for restoring access to the port’s data [ 1].

Although smaller than the major ports on the U.S. West and East Coasts, this inland port on the Columbia River now joins the list of many ports already affected by this type of attack. If further evidence were needed, the incident once again highlights that cybersecurity risks must also be taken seriously in the inland waterways sector.

Carnival, the world’s largest cruise operator (102 vessels and roughly 50% of the global cruise market, representing around 225,000 passengers on board every day), announced that it had been the victim of a ransomware cyberattack on August 15, 2020 (1 2). Two ships belonging to the group had already been affected by a cyberattack in May 2019.

The attack, detected by the company, resulted in unauthorized access to part of the group’s information systems, with some systems subsequently encrypted. The intrusion also led to the download of certain data files, although the company did not specify the type of information involved.