- Maritime cybersecurity extends far beyond IT, encompassing legal, political, human, and operational factors that influence safety and security at sea and in ports.
- Increasing IoT integration in vessels and ports creates new vulnerabilities, including risks from spoofing and personal devices.
- Strengthened regulations in the EU and UK are making cybersecurity a legal duty for maritime directors, with criminal liability for failures.
According to Dinos Kerigan-Kyrou, co-founder of the RINA Cybersecurity Task Force, the maritime industry often limits its understanding of cybersecurity to computers and IT systems. In reality, it spans multiple disciplines, including law, criminology, politics, organisational behaviour, psychology, and human factors. In a maritime context, cybersecurity affects every aspect of operations—from ports, shipyards, and inland waterways to supply chains and critical infrastructure like subsea communication cables, offshore platforms, and underwater sensors.
The Role of Cyberspace in Maritime Threats
Cyberspace serves as both a facilitator and a gateway for illicit maritime activities, such as human trafficking, smuggling, and terrorism financing. Increasingly, vessels and ports rely on IoT-enabled systems, including navigation controls, cargo handling, port security, and environmental monitoring. These interconnected devices, while boosting efficiency, also open multiple attack vectors for hostile states, criminals, or other malicious actors.
IoT Vulnerabilities and Spoofing Risks
Extensive testing has revealed serious weaknesses in maritime IoT systems, including the potential for device spoofing, where false vessel positions are created. In one example, a buoy fitted with an inexpensive Raspberry Pi was used to simulate a vessel’s location. Risks also extend to personal electronic devices used on board—such as laptops, smartphones, and smartwatches—which can introduce comparable threats to built-in systems.
Regulatory Action and Legal Accountability
The IMO’s updated 2025 Guidelines on Maritime Cyber Risk Management provide an industry framework, further expanded upon by legally enforceable requirements from the EU and UK. The EU’s NIS 2 Directive, Cyber Resilience Act, and the UK’s forthcoming Cyber Security and Resilience Bill place direct responsibility on company directors for the cybersecurity of their organisations and supply chains. Non-compliance can now result in criminal liability, even for companies outside Europe with just one EU or EEA customer.
RINA’s Leadership in Maritime Cybersecurity
The Royal Institution of Naval Architects (RINA) has launched a Maritime Cybersecurity Task Force to unite global expertise and promote best practices. RINA also endorses the Maritime Cyber Baseline certification developed by IASME, supporting stronger cyber protections across the sector and aligning with the UK’s Cyber Essentials program.
Did you subscribe to our daily Newsletter?
It’s Free Click here to Subscribe!
Source: Royal Institute of Naval Architects
