Next Article in Journal
Fatigue Life Prediction of Submarine Pipelines with Varying Span Length and Position
Previous Article in Journal
Vertical Deformation Extraction Using Joint Track SBAS-InSAR Along Coastal California, USA
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
JMSE
Volume 13
Issue 4
10.3390/jmse13040762
jmse-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats

by
Jasmin Ćelić
*,
Marko Vukšić
,
Robert Baždarić
and
Aleksandar Cuculić
Department of Electrical Engineering, Automation and Computing, Faculty of Maritime Studies, University of Rijeka, 51000 Rijeka, Croatia
*
Author to whom correspondence should be addressed.
J. Mar. Sci. Eng. 2025, 13(4), 762; https://doi.org/10.3390/jmse13040762
Submission received: 17 March 2025 / Revised: 9 April 2025 / Accepted: 10 April 2025 / Published: 11 April 2025
(This article belongs to the Section Ocean Engineering)
Browse Figures
Versions Notes

Abstract

:
The maritime industry plays a key role in the global supply chain. Advanced digital technologies bring significant economic benefits to ports and shipowners, but at the same time increase the risks of cyber threats and attacks. This article aims to provide guidelines and examples of good practice that will help in the effective implementation of cyber risk assessment, cyber resilience and cyber sustainability, which are the products of increasingly pronounced challenges. The interconnection of ports requires operators to achieve and maintain a baseline level of cybersecurity to ensure security across the entire port ecosystem. The development of new technologies in areas such as the Internet of Things, cloud computing, artificial intelligence, etc., contributes to the fact that monitoring and control systems in the maritime industry are becoming increasingly exposed to cyber threats and various forms of cyberattacks. The connection of vessels with systems on land in real time presents a necessary element in meeting the intended goals in the digital transformation of the maritime sector. This results in increasingly frequent work on specific software solutions within the maritime sector. With the adoption of new operational technologies (OT) and information technologies (IT), the desire for more efficient supply chains and operations of shipping in general has been realized, but at the same time the level of cybersecurity has decreased. The research results aim to encourage port operators and shippers to develop a series of good practices in order to develop an appropriate level of cybersecurity, resilience, and sustainability.

1. Introduction

The modern maritime industry is undergoing a significant transformation, with an increasing reliance on digitalization, operational integration, and automation. This change is driven by a number of factors, including the need to meet social, environmental, and sustainability priorities, as well as the potential for improved safety and efficiency, all in order to maintain the key role of the maritime industry in world trade, transport, and energy supply, making it an essential part of the global economy [1,2,3,4,5,6].
Within this specific framework, the maritime sector encompasses a diverse range of businesses, such as shipping, ports, offshore oil and gas, and other related maritime industries. Shipbuilders and operators at the forefront of the marine sector aim to innovate by incorporating cutting-edge technology and systems that go beyond conventional de-signs. Their goal is to develop ships with increased capabilities for remote control, communication, and networking [7]. These capabilities are being evaluated through a series of projects for autonomous vessels whose level of automation can vary from manned ships to remotely controlled, partially autonomous to fully autonomous unmanned vessels [8,9]. With the use of artificial intelligence (AI), alternative energy sources and other modern technological achievements, there was an effort to fully automate long-distance navigation [9,10,11]. One of the technologies playing an increasingly important role in this transformation is the low-power wide-area network (LPWAN), particularly LoRa-based systems. These are being recognized for their ability to support long-range, low-energy communication between distributed devices—an especially useful feature in maritime environments. Recent developments like FLoRa [12] and FLoRa+ [13] have introduced new approaches for securely updating firmware over the air, combining beamforming with encryption methods. Although these systems were originally created for large-scale terrestrial IoT networks, their energy efficiency and resilience make them a promising option for future use in vessel monitoring and remote control—particularly in areas where traditional connectivity may fall short. While these advancements have revolutionized the maritime sector, enabling unprecedented levels of connectivity and operational efficiency, they have also introduced a new set of risks—particularly in the realm of cybersecurity. As ships and offshore facilities become more connected to land-based systems due to the growing reliance on modern technology and digital systems in maritime operations, this brings both benefits and increased cyber threats. These threats can have serious consequences for security and economic stability [14].
The industry’s reliance on interconnected digital systems and the growing use of automation and autonomous technologies have exposed it to new vulnerabilities and threats. As a result, maritime stakeholders have made cybersecurity a primary concern to protect their operations, assets, and data from cyber threats. While there have been efforts to identify the primary elements of cybersecurity in the maritime sector and to examine strategies, optimal methods, and technology that might enhance security in this field in the maritime industry, there is still a need for further research, development, and implementation of effective cybersecurity measures [15]. Moreover, it is important to examine the concept of resilience and the intersection of sustainability and cybersecurity. This area has gained significant attention in recent years but remains under-researched in the marine industry. Additionally, there is a need to develop strategies to improve resilience and promote sustainable practices.
Even though cybersecurity, resilience, and sustainability are essential foundations for maintaining the efficient and secure operations of the maritime industry, some of the reasons why maritime cybersecurity is not yet fully explored are the lack of data, complexity of maritime operations, limited awareness and understanding, regulatory framework, lack of standardization, insufficient investment, and skill gap. Although visible progress has been made in the last few years, one of the challenges will certainly be to invest additional efforts in determining the significant obstacles and prospects in order to make the maritime sector adequately aware of possible threats and to ensure the cyber resilience and cyber sustainability of maritime companies, while making proposals for further research and intervention.
IBM revealed [16] that on average it takes companies as long as 207 days (more than half a year) to discover that their cybersecurity has been breached. Then, they need another 70 days to suppress hacker threats and intrusions. So, a total of 277 days will pass until companies fully recover their cybersecurity. This can result in high costs, disruptions in business, and even the loss of clients, customers, and hard-earned reputation. In order to prevent this, it is necessary to establish adequate measures for cybersecurity before the threat is even reported. Cybersecurity in maritime transport is not only a technological issue but also a strategic one. For many companies, investing in cybersecurity is an investment in their future, as well as a major challenge in the effective use of digital technology [14].

2. Background

Cyber threats are becoming increasingly sophisticated and prevalent, posing significant risks to the maritime industry. In response to these challenges, the concepts of cyber resilience and cyber sustainability have emerged as crucial considerations for ensuring the security and continuity of maritime operations. This has led to a growing recognition of the importance of cyber resilience and cyber sustainability in the maritime sector [11,15].
After a string of cyberattacks affecting leading maritime companies like Maersk [17], CMA CGM [18] and Cosco [19], and several other known incidents [20], the latest example involves the Port of Rijeka, Croatia, the responsibility for which was claimed by the 8Base ransomware group, who allegedly exfiltrated invoice receipts, accounting documents, personal data, etc. (Figure 1). Cyber threats have become a top priority for maritime regulators.
Cybersecurity in the maritime sector is guided by several international regulations and guidelines to ensure the safety and security of maritime operations. The International Maritime Organization (IMO) has developed guidelines on maritime cyber risk management, which are encapsulated in the MSC-FAL.1-Circ.3-Rev.2 document [22]. These guidelines provide a comprehensive approach to managing cyber risks and enhancing the resilience of maritime operations.
Additionally, the IMO adopted Resolution MSC.428(98) [23], which emphasizes the integration of cyber risk management into safety management systems. This resolution calls for the implementation of cyber risk management strategies by the first annual verification of the company’s Document of Compliance after 1 January 2021.
The European Union Agency for Cybersecurity (ENISA) has also contributed to the cybersecurity framework in the maritime sector by releasing guidelines specifically for ports [24]. These guidelines assist European port operators in identifying and evaluating cyber risks, as well as implementing appropriate security measures. In addition to these efforts, the NIS2 Directive, published in 2022, establishes a mandatory cybersecurity framework for critical entities across the European Union, further strengthening the resilience of maritime infrastructure [25]. Given that the Port of Rijeka is officially recognized as critical infrastructure under both EU and Croatian law (Uredba o kibernetičkoj sigurnosti, NN 135/2024, Annex I. A.2.(c)) [26], compliance with NIS2 is a key requirement. The Directive enhances cyber resilience by introducing stricter risk management and incident-reporting obligations, which are currently a topic of discussion among maritime stakeholders across the EU [27]. Considering the importance of NIS2 in securing maritime systems, its implementation strategies should be closely examined alongside existing frameworks such as the NIST Cybersecurity Framework. Furthermore, the maritime industry faces ongoing discussions on how to effectively integrate NIS2 requirements into existing security frameworks, particularly regarding incident reporting mechanisms and the alignment of compliance strategies across different EU member states. These challenges highlight the need for further industry-wide cooperation and knowledge sharing to ensure a smooth transition to the new regulatory landscape.
In light of the need for broader industry efforts, various maritime organizations, including ICS, IUMI, BIMCO, OCIMF, INTERTANKO, INTERCARGO, InterManager, WSC, and SYBAss, have joined forces to develop guidelines for cybersecurity on ships [28]. These guidelines serve as a framework for establishing awareness and protective measures against cyber threats in the maritime environment.
The International Association of Classification Societies (IACS) has also provided a consolidated recommendation on cyber resilience, known as Rec. 166 [29]. This recommendation applies to computer-based systems that are responsible for control, alarm, monitoring, safety, or internal communication functions within maritime operations.
The International Association of Classification Societies (IACS) has adopted new requirements on cyber safety. These requirements are designed to enhance the cyber resilience of ships by focusing on the secure integration of Operational Technology (OT) and Information Technology (IT) equipment into the vessel’s network. The new Unified Requirements (URs), namely UR E26 and UR E27, cover several key aspects:
  • UR E26: Aims to ensure the secure integration of OT and IT equipment into the vessel’s network during the design, construction, commissioning, and operational life of the ship. It targets the ship as a collective entity for cyber resilience and covers equipment identification, protection, attack detection, response, and recovery.
  • UR E27: Ensures system integrity is secured and hardened by third-party equipment suppliers. It provides requirements for the cyber resilience of onboard systems and equipment and includes additional requirements relating to the interface between users and computer-based systems onboard, as well as product design and development requirements for new devices before their implementation onboard ships.
These requirements will be applied to new ships contracted for construction on and after 1 January 2024, although the information contained therein may be applied in the interim as non-mandatory guidance. This represents a significant milestone in IACS’ work to deliver safer shipping in the face of continuously evolving technological developments [30].
Other resources that support cybersecurity in the maritime sector include the ISO/IEC 27001 Standard [31], which focuses on information security management systems, and the NIST Framework for Improving Critical Infrastructure Cybersecurity [32], which offers general guidelines that can be integrated with sector-specific recommendations to form a comprehensive cybersecurity strategy.
These guidelines and standards collectively contribute to the robustness of cybersecurity measures in the maritime sector, ensuring that operations are protected against the evolving landscape of cyber threats (Figure 2).
However, applying these standards in daily operational contexts—particularly within ports—remains a complex and uneven process, requiring tailored implementation strategies. Guidelines from bodies like the IMO and ENISA provide essential strategic direction, but when it comes to applying those principles within the specific context of a port or shipping operation, things can get tricky. What many operators need is not just theory, but tools they can actually use—and that is where well-established frameworks come in.
One widely adopted model is the NIST Cybersecurity Framework. It is used across many sectors that rely on critical infrastructure and is built around five practical steps. These range from setting goals that align with your risk tolerance and budget, all the way to analyzing your current security level, spotting any gaps, and building a flexible action plan to improve over time [32]. What makes this framework particularly useful is how adaptable it is—it is meant to evolve with your organization.
Another important standard is ISO/IEC 27001. While originally more general, it is being increasingly tailored to the maritime world. It lays out a structured approach for building and maintaining an Information Security Management System (ISMS), and today, you can even find ISO-based training that is specifically developed for ports and vessels [31].
ENISA has also stepped in with its own process that is more aligned with the realities of maritime infrastructure. Their approach follows four key phases: identifying what is critical, evaluating threats, choosing the right protections, and then assessing how mature the organization’s cybersecurity setup actually is [24].
But these high-level models only go so far. In real-world maritime operations, protecting Operational Technology (OT)—like cargo systems, navigation interfaces, or propulsion controls—comes with its own challenges. These systems are often old, custom-built, and not easily updated. So, day-to-day security must include things like regular vulnerability scans, limiting who has access, and isolating networks wherever possible. On top of that, regulatory requirements such as the EU’s NIS2 Directive (which enforces a 24 h breach notification rule) and the U.S. Maritime Transportation Security Act (with its 12 h reporting window) mean that ports need incident response plans that are not just robust, but also legally compliant [25].
And here is something that is often overlooked: having the right technology is just one part of the equation. Without buy-in from leadership and a culture that understands and values cybersecurity, even the best frameworks can fall flat.
These strategies only truly come to life when they are put into action—and some ports are already leading the way. The Port of Los Angeles, for example, teamed up with IBM to launch its Cyber Resilience Center (CRC). It acts as a nerve center for sharing threat intelligence and coordinating responses across port stakeholders. Since going live in 2022, it is improved awareness and helped catch issues before they escalate [33].
Rotterdam has taken a similar path but tailored it to its own context. After dealing with threats like NotPetya, the port hired a dedicated Cyber Resilience Officer and rolled out a 24/7 hotline for incident reporting. That effort sparked the creation of FERM, a collaboration between public and private actors that aims to raise awareness and improve coordination. It is not just Rotterdam that benefits—smaller Dutch ports have also gained from this networked approach [34].
Over in Asia, Singapore’s Maritime and Port Authority (MPA) has been ahead of the curve too. In partnership with ST Engineering, they have launched a round-the-clock Maritime Cybersecurity Operations Centre (MSOC). It keeps tabs on both IT and OT systems, ensuring anything unusual is flagged quickly and dealt with in real time [35].
On the corporate front, Maersk’s experience during the 2017 NotPetya attack still stands as a stark reminder of what is at stake. That single event disrupted global shipping and forced the company to rethink its entire approach to cybersecurity. Since then, Maersk has adopted the NIST framework, reinforced its infrastructure, and set clear recovery goals to minimize future disruption [36].
What all these examples show is that there is no single way to approach maritime cybersecurity—but there are common threads. Multi-layered defense, real-time coordination, leadership commitment, and adaptability are key. These are not just theoretical ideals; they are lessons drawn directly from the field.
In the end, the effectiveness of any cybersecurity system is judged not just by how well it prevents threats, but by how quickly and smoothly operations can bounce back after something goes wrong. These shared characteristics not only reflect best practices but also converge around a broader, unifying concept—cyber resilience.
Cyber resilience refers to how well an organization can anticipate, absorb, respond to, and recover from cyber incidents. In the maritime industry, this concept is especially important due to the increasing reliance on digital tools and interconnected systems. Without resilience, a single cyberattack can disrupt not only port operations but also broader supply chains and logistics networks [37,38,39].
To strengthen cyber resilience, particularly in port environments, the following practical steps can be adopted [37,38,39]:
  • Carry out regular risk assessments, focusing on vulnerable IT and OT systems, with attention to legacy infrastructure still in operation;
  • Introduce layered security controls such as access restrictions, network segmentation, and malware detection to limit potential entry points;
  • Create and rehearse an incident response plan, assigning roles and establishing clear procedures for handling cyber events;
  • Maintain secure backups, ideally with geographically separated storage to ensure recovery if systems are compromised;
  • Invest in staff training, especially for operational teams who may be exposed to phishing or social engineering threats;
  • Engage with external partners, including regulatory bodies and cybersecurity forums, to stay informed and improve coordination during incidents.
These steps are not just about prevention—they help ensure that, if a breach does occur, the impact is manageable and operations can resume swiftly. Building resilience in this way is becoming a baseline requirement for modern maritime infrastructure [37,38,39].
Cyber sustainability refers to an organization’s ability to maintain strong cybersecurity practices over the long term. Unlike short-term fixes or reactive measures, it focuses on building a flexible and strategic approach that can evolve alongside new threats and technologies [39,40].
In the maritime industry, where digital transformation is ongoing, this means cybersecurity should not exist in isolation—it needs to be part of how the entire business is managed. From compliance and risk management to innovation and operations, cybersecurity must be built into the daily functioning of port authorities and maritime companies. Some key principles of cyber sustainability include [39,40]:
  • Embedding cybersecurity into risk management and decision making, not treating it as a separate IT issue;
  • Aligning cybersecurity goals with the organization’s overall strategy, so that protecting digital systems also supports business growth;
  • Assigning clear responsibilities for cybersecurity roles, both technical and non-technical;
  • Using a risk-based approach to focus protection efforts on systems that matter most—like navigation, cargo tracking, and communication networks;
  • Creating a culture of cybersecurity, where everyone in the organization—from operators to executives—understands the risk and knows how to reduce them;
  • Collaborating with external stakeholders, including government agencies, industry bodies, and supply-chain partners;
  • Investing in people by building a skilled workforce that can manage both current and future cyber threats.
Cyber sustainability helps organizations move from simply surviving cyberattacks to adapting and thriving in a high-risk environment. For the maritime sector, this forward-looking mindset is essential to remain competitive, secure, and resilient in the long run [39,40].

3. Tools and Methodology

The number of new cyber threats is constantly increasing. According to Kaspersky Labs [41], 30.77% of the Industrial Control System computers were attacked by malware as of the beginning of 2024. This factual situation has not escaped the maritime sector either, especially in the field of logistics and transport. Every day, the Common Vulnerabilities and Exposures (CVE) program, which aims to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities, publishes new known exploited vulnerabilities and their level of criticality (Figure 3). This is a significant indicator of the degree of danger in which the industrial and maritime sectors are located [41,42].
The authors used two different approaches, Inside-out and Outside-in (Figure 4), to emphasize this problem and demonstrate the need for serious and comprehensive activities in the maritime sector. Various tools and solutions are available for use in both cases. The first approach usually involves a process of vulnerability scanning and penetration testing of the organizational computing environment. We chose Tenable Nessus for this purpose among the various offered tools and solutions, including Burp Suite, OpenVAS, Intruder, Rapid7, Qualys, BeyondTrust, CrowdStrike, WithSecure, and Nmap [43]. We chose Shodan, the Real-Time Network Monitoring System and Network Vulnerability Scanner, for the second approach, which primarily focuses on scanning the computer infrastructure from the outside. Shodan [44] is a kind of web search engine for exposed IT/OT equipment. We considered other similar solutions like Censys, ZoomEye, BinaryEdge, and Fofa in addition to Shodan, but we have not used them in this paper.

4. Results and Discussion

A weak awareness of the dangers that can affect the maritime sector was already demonstrated during the application of the first approach in the IT infrastructure by two representatives of the maritime sector in the largest Croatian port on the Adriatic. The existing level of protection that would prevent potential intruders is relatively low, and the number of existing vulnerabilities and their criticality is truly worrying (Figure 5).
Namely, from the presented results it is evident that the majority of vulnerabilities are of significant importance and that it is necessary to take appropriate measures as soon as possible in order to prevent a potential attack that would lead to data loss or cause other material costs. Further analysis and a conversation with the management showed that there is actually no particular reason for the established situation, only insufficient information about the existing threats and cases that hit the maritime sector, showing how destructive they can be.
As part of the Outside-in approach, it was decided to globally search for devices that could be of importance (such as AIS and GPS) using known National Marine Electronics Association (NMEA) sequences in already existing similar research [45,46]. By searching with the help of AIS messages (e.g., AIVDM, AIVDO, ABVDM, etc.), only 67 devices connected to the Internet were found, which represents a relatively small sample size and, therefore, was not considered statistically significant. In contrast, using queries that contained GPS NMEA messages such as ‘$GPRMC’ and ‘$GPGGA’ identified a much larger number of devices, as shown in Figure 6. Although previous experiences have shown that the number of detected devices belonging to vessels is on average between 2 and 3% [45,46], we could not validate these data with any degree of certainty, which was similarly the case with the search for exposed industrial protocols (e. g. Modbus, Fieldbus, Profinet, HartIP, etc.) and associated ports (e.g., 502, 1089–1091, 34,962–34,964, 5094, etc.).
The final search, which focused on leading marine equipment brands, revealed that certain computers designed for web-based and remote troubleshooting were found to be fully exposed to the internet.

5. Research Gaps and Future Directions

Despite the increased awareness of cybersecurity within the marine sector and the establishment of more defined regulatory frameworks, substantial gaps remain in both academic research and practical implementation. Addressing these gaps through focused research initiatives could facilitate the development of more intelligent, customized solutions that align with the specific requirements of the maritime industry [37,38,39,40].
A prominent issue is that current cybersecurity standards are predominantly based in IT environments. Although beneficial, many of them do not effectively transition to Operational Technology (OT) systems utilized in ports and aboard vessels. These systems are frequently antiquated, vendor-specific, and intricately interwoven into real-time processes, rendering them especially susceptible. Consequently, there is a want for more pragmatic, empirically validated models that consider the specificities of various vessel types and terminal configurations [31,32,37,38,39,40].
Another aspect requiring focus is the human dimension of cybersecurity. While training programs are extensively promoted, there remains a deficiency in comprehensive understanding of individuals’ behavior in these situations concerning security. Cultural disparities, elevated employee turnover, and the routine stresses associated with port operations complicate the establishment of enduring security practices [37,38].
It is important to acknowledge that much of the existing guidance is tailored for major entities with substantial resources. This excludes a significant segment of the industry—Small and Medium Enterprises (SMEs)—which frequently have difficulties in adopting similarly intricate systems. There is a distinct necessity for more economical and scalable strategies that would facilitate equitable conditions and broaden protection universally [40].
Next, it needs to be considered how to assess cyber resilience. Currently, the majority of compliance tools provide a superficial perspective. What is lacking are specific, consistent metrics—such as the speed at which an organization can identify a threat, the duration required for recovery, or its adaptability in response to disruption. Investigations aimed at developing and testing such indicators would provide operators with a more precise understanding of their current status and avenues for enhancement [38,39].
In line with the broader need for improved resilience assessment, an area that remains largely unexamined in maritime cybersecurity involves side-channel attacks. These types of attacks take advantage of physical characteristics of systems—such as electromagnetic signals, mechanical vibrations, or acoustic output—to obtain information that would otherwise be protected by standard security protocols. Studies have shown, for instance, that data can be compromised through electromagnetic emissions from fingerprint sensors [47], subtle vibrations generated during human–device interaction [48], or even power variations observed during wireless charging [49]. This is particularly relevant for operational technology (OT) in maritime settings, where systems are often older, physically accessible, and integrated in ways that make them difficult to isolate or harden. Although the risks posed by side-channel attacks are well documented in other sectors, they have yet to be meaningfully explored within maritime environments, representing a concrete gap where applied research is urgently needed.
Anticipating the future, the proliferation of automation in the maritime sector introduces an additional dimension of complexity. From autonomous vessels to remotely controlled ports, these technologies present totally new categories of dangers. Addressing these issues necessitates proactive research—not only concerning the technical hazards but also regarding effective responses, regulation, and governance of these advanced systems. In addition to these technical blind spots, emerging maritime technologies themselves present new layers of risk.
By addressing these research problems in a concentrated and cooperative manner, the marine cybersecurity sector may transition from a reactive stance to establishing a more resilient, future-proof digital infrastructure for the whole industry. This underscores the necessity for ongoing collaboration, pragmatic guidance, and progressive regulation—principles that have informed the evolution of this research.

6. Conclusions

The research results were intended to encourage port operators and ship owners to develop a set of good practices to develop at least a basic level of cybersecurity. All the more so since the European Commission has adopted the proposal for a regulation on cybersecurity requirements for products with digital elements, known as the Cyber Resilience Act, which strengthens cybersecurity rules to ensure safer hardware and software products. This European law was formally approved by the European Parliament on 12 March 2024. However, it officially entered into force on 12 November 2024 and was published in the Official Journal of the European Union on 20 November 2024 [50,51]. All of the above should influence the appreciation and use of examples of good practice and recommendations that would include:
  • The identification of cyber-related assets and services in a systematic manner that includes maintaining asset inventory, identifying dependencies, and implementing automation;
  • Adopting a comprehensive approach for identifying and assessing cyber risks that includes cyber-threat intelligence (CTI), risk indicators, and business impact analysis, involves all relevant stakeholders, and is integrated at the organizational level;
  • Prioritizing the implementation of security measures in accordance with a risk-based approach that takes into account the effectiveness of security measures and relevance to identified risks, based on a security-by-design approach;
  • The implementation of an awareness-raising program on cybersecurity and the importance of technical training at the level of the entire organization;
  • The development of a comprehensive cybersecurity program that includes senior management commitment;
  • Conducting cybersecurity maturity self-assessments to determine priorities for improvement and allocation of budget and resources.
The research first of all wanted to emphasize that the key maritime infrastructure, above all the surveillance and management systems, is increasingly exposed to the risks of various cyberattacks, and that it should be given much more attention than is the case today.

Author Contributions

Conceptualization, J.Ć.; investigation, M.V., R.B. and A.C.; methodology, J.Ć., M.V., R.B. and A.C.; supervision, J.Ć.; writing—original draft, M.V., R.B. and A.C.; writing—review and editing, J.Ć. All authors have read and agreed to the published version of the manuscript.

Funding

This research was funded under the project line ZIP UNIRI of the University of Rijeka, for the research project “Cyber security, resilience and sustainability in the maritime industry” (UNIRI-ZIP-2103-17-22).

Data Availability Statement

The original contributions presented in this study are included in the article. Further inquiries can be directed to the corresponding author.

Conflicts of Interest

The authors declare no conflicts of interest.

Abbreviations

EDREndpoint Detection and Response
IDSIntrusion Detection System
IPSIntrusion Prevention System
SIEMSecurity Information and Event Management
SOARSecurity Orchestration, Automation and Response
SOCSecurity Operations Center
XDRExtended Detection and Response

References

  1. Hirata, E.; Watanabe, D.; Lambrou, M. Shipping Digitalization and Automation for the Smart Port. In Supply Chain Recent Advances and New Perspectives in the Industry 4.0 Era; IntechOpen: London, UK, 2022. [Google Scholar] [CrossRef]
  2. MacKinnon, S.N.; Weber, R.; Lundh, M. The rise of digitalisation and automation in the shipping industry and their impacts on training and system safety. S. Afr. J. Marit. Educ. Train. 2023, 2, 83–96. [Google Scholar] [CrossRef]
  3. Korniyenko, O. Trends of digital technologies in maritime management. Екoнoміка та Управління Націoнальним Гoспoдарствoм 2023, 81, 51–56. [Google Scholar] [CrossRef]
  4. Rusinov, I.A.; Gavrilova, I.A.; Uami, A. Digitalization and the future of the ship broker. Научнoе Обoзрение: Теoрия И Практика 2020, 10, 1885–1893. [Google Scholar] [CrossRef]
  5. Karunasena, C.; Widyalankara, R.C.; Sedrick, P.; Disanayaka, S.M.; Perera, H.; Medagama, P. Optimization of Digital Transformation in Shipping. In Proceedings of the OCEANS 2022—Chennai, Chennai, India, 21–24 February 2022; pp. 1–5. [Google Scholar] [CrossRef]
  6. Kastelan, N.; Vidan, P.; Assani, N.; Miličević, M. Digital Horizon: Assessing Current Status of Digitalization in Maritime Industry. Trans. Marit. Sci. 2024, 13, 316753. [Google Scholar] [CrossRef]
  7. Alcaide, J.I.; Llave, R.G. Critical infrastructures cybersecurity and the maritime sector. Transp. Res. Procedia 2020, 45, 547–554. [Google Scholar] [CrossRef]
  8. Akpan, F.; Bendiab, G.; Shiaeles, S.; Karamperidis, S.; Michaloliakos, M. Cybersecurity Challenges in the Maritime Sector. Network 2022, 2, 123–138. [Google Scholar] [CrossRef]
  9. Gu, Y.; Goez, J.C.; Guajardo, M.; Wallace, S.W. Autonomous vessels: State of the art and potential opportunities in logistics. Int. Trans. Oper. Res. 2021, 28, 1706–1739. [Google Scholar] [CrossRef]
  10. Gu, Y.; Wallace, S.W. Operational benefits of autonomous vessels in logistics—A case of autonomous water-taxis in Bergen. Transp. Res. Part E Logist. Transp. Rev. 2021, 154, 102456. [Google Scholar] [CrossRef]
  11. Negenborn, R.R.; Goerlandt, F.; Johansen, T.A.; Slaets, P.; Valdez, O.A.; Vanelslander, T.; Ventikos, N.P. Autonomous ships are on the horizon: Here’s what we need to know. Nature 2023, 615, 30–33. [Google Scholar] [CrossRef] [PubMed]
  12. Sun, Z.; Ni, T.; Yang, H.; Liu, K.; Zhang, Y.; Gu, T.; Xu, W. FLoRa: Energy-efficient, reliable, and beamforming-assisted over-the-air firmware update in LoRa networks. In Proceedings of the 22nd International Conference on Information Processing in Sensor Networks, San Antonio, TX, USA, 9–12 May 2023; pp. 14–26. [Google Scholar]
  13. Sun, Z.; Ni, T.; Yang, H.; Liu, K.; Zhang, Y.; Gu, T.; Xu, W. Flora+: Energy-efficient, reliable, beamforming-assisted, and secure over-the-air firmware update in lora networks. ACM Trans. Sens. Netw. 2024, 20, 1–28. [Google Scholar] [CrossRef]
  14. Karas, A. Maritime Industry Cybersecurity: A Review of Contemporary Threats. Eur. Res. Stud. J. 2023, XXVI, 921–930. [Google Scholar] [CrossRef]
  15. Kavallieratos, G.; Katsikas, S.; Gkioulos, V. Cyberattacks against the autonomous ship. In Computer Security; Springer: Berlin/Heidelberg, Germany, 2018; pp. 20–36. [Google Scholar] [CrossRef]
  16. IBM. Data Breach Action Guide. Available online: https://www.ibm.com/reports/data-breach-action-guide (accessed on 1 June 2024).
  17. Maersk’s Cargo Operations Hit Hard by Cyberattack. Available online: https://www.maritime-executive.com/article/maersks-cargo-operations-hit-hard-by-cyberattack (accessed on 1 June 2024).
  18. IMO and CMA CGM Work to Recover from Cyberattacks. Available online: https://www.maritime-executive.com/article/imo-and-cma-cgm-work-to-recover-from-cyber-attacks (accessed on 1 June 2024).
  19. Cosco Reports Cyberattack at Its U.S. Operations. Available online: https://www.maritime-executive.com/article/cosco-reports-cyberattack-at-its-u-s-operations (accessed on 1 June 2024).
  20. Meland, P.H.; Bernsmed, K.; Wille, E.; Rødseth, Ø.J.; Nesheim, D.A. A Retrospective Analysis of Maritime Cyber Security Incidents. TransNav Int. J. Mar. Navig. Saf. Sea Transp. 2021, 15, 519–530. [Google Scholar] [CrossRef]
  21. X.com. X (Formerly Twitter). Available online: https://x.com/H4ckManac/status/1864945385375940903 (accessed on 1 January 2025).
  22. IMO. Guidelines on Maritime Cyber Risk Management. MSC-FAL.1-Circ.3-Rev.2. Available online: https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/MSC-FAL.1-Circ.3-Rev.2%20-%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20(Secretariat).pdf (accessed on 1 June 2024).
  23. IMO. Maritime Cyber Risk Management in Safety Management Systems. Resolution MSC.428(98). Available online: https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/Resolution MSC.428(98).pdf (accessed on 1 June 2024).
  24. ENISA (europa.eu). Guidelines—Cyber Risk Management for Ports. Available online: https://www.enisa.europa.eu/publications/guidelines-cyber-risk-management-for-ports?v2=1 (accessed on 1 June 2024).
  25. NIS2 Directive: New Rules on Cybersecurity of Network and INFORMATION SYSTEMS. Shaping Europe’s Digital Future. Available online: https://digital-strategy.ec.europa.eu/en/policies/nis2-directive (accessed on 3 April 2025).
  26. Uredba o Kibernetičkoj Sigurnosti. Available online: https://narodne-novine.nn.hr/clanci/sluzbeni/2024_11_135_2217.html (accessed on 3 April 2025).
  27. PricewaterhouseCoopers. New European NIS2 Directive: Stricter Requirements for Cyber Security. PwC. Available online: https://pwc.to/3vMm1rh (accessed on 3 April 2025).
  28. Guidelines on Cyber Security on Board Ships (Ver. 4). Available online: https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/ANNEX Guidelines on Cyber Security Onboard Ships v.4.pdf (accessed on 1 June 2024).
  29. Recommendation on Cyber Resilience—IACS. Available online: https://www.steamshipmutual.com/sites/default/files/downloads/articles/2020/IACS-Recommendation-on-Cyber-resilience-No-166-2020_04.pdf (accessed on 1 June 2024).
  30. Safer and Cleaner Shipping—IACS. Available online: https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/ (accessed on 1 June 2024).
  31. ISO/IEC 27001:2022; Information Security, Cybersecurity and Privacy Protection—Information Security Management Systems—Requirements. Available online: https://www.iso.org/standard/27001 (accessed on 1 June 2024).
  32. NIST. Cybersecurity Framework. Available online: https://www.nist.gov/cyberframework (accessed on 1 June 2024).
  33. Port of Los Angeles—Cyber Resilience Center—World Port Sustainability Program. Available online: https://sustainableworldports.org/project/port-of-los-angeles-cyber-resilience-center/ (accessed on 5 April 2025).
  34. Rahman, S.R. Dutch Seaports, FERM Unveil Nationwide Cybersecurity Platform. Port Technology International. 11 December 2024. Available online: https://www.porttechnology.org/news/dutch-seaports-ferm-unveil-nationwide-cybersecurity-platform/ (accessed on 5 April 2025).
  35. O’Dwyer, R. Maritime Cybersecurity Operations Centre Opens in Singapore. Smart Maritime Network. 16 May 2019. Available online: https://smartmaritimenetwork.com/2019/05/16/maritime-cybersecurity-operations-centre-opens-in-singapore/ (accessed on 5 April 2025).
  36. Swinhoe, D. Rebuilding After NotPetya: How Maersk Moved Forward. CSO Online. 9 October 2019. Available online: https://www.csoonline.com/article/567845/rebuilding-after-notpetya-how-maersk-moved-forward.html (accessed on 5 April 2025).
  37. Nganga, A.; Scanlan, J.; Lützhöft, M.; Mallam, S. Enabling cyber resilient shipping through maritime security operation center adoption: A human factors perspective. Appl. Ergon. 2024, 119, 104312. [Google Scholar] [CrossRef] [PubMed]
  38. Bolbot, V.; Kulkarni, K.; Brunou, P.; Banda, O.V.; Musharraf, M. Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis. Int. J. Crit. Infrastruct. Prot. 2022, 39, 100571. [Google Scholar] [CrossRef]
  39. Dimakopoulou, A.; Rantos, K. Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0. J. Mar. Sci. Eng. 2024, 12, 919. [Google Scholar] [CrossRef]
  40. Kechagias, E.P.; Chatzistelios, G.; Papadopoulos, G.A.; Apostolou, P. Digital transformation of the maritime industry: A cybersecurity systemic approach. Int. J. Crit. Infrastruct. Prot. 2022, 37, 100526. [Google Scholar] [CrossRef]
  41. Kaspersky ICS CERT. Statistics. Available online: https://ics-cert.kaspersky.com/statistics/ (accessed on 1 June 2024).
  42. CVE Security Vulnerability Database. Available online: https://www.cvedetails.com/ (accessed on 1 June 2024).
  43. Tenable Nessus 10.7.x User Guide. Available online: https://docs.tenable.com/nessus/10_7/Content/PDF/Nessus_10_7.pdf (accessed on 11 September 2024).
  44. Matherly, J. Complete Guide to Shodan; Shodan LLC: Seattle, WA, USA, 2016. [Google Scholar]
  45. Amro, A. Cyber-Physical Tracking of IoT devices: A maritime use case. NISK Nor. Informasjonssikkerhetskonferanse 2021, 3, 1–16. [Google Scholar]
  46. Tam, K.; Hopcraft, R.; Moara-Nkwe, K.; Misas, J.; Andrews, W.; Harish, A.; Giménez, P.; Crichton, T.; Jones, K. Case Study of a Cyber-Physical Attack Affecting Port and Ship Operational Safety. J. Transp. Technol. 2022, 12, 1–27. [Google Scholar] [CrossRef]
  47. Ni, T.; Zhang, X.; Zhao, Q. Recovering fingerprints from in-display fingerprint sensors via electromagnetic side channel. In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Copenhagen, Denmark, 26–30 November 2023; pp. 253–267. [Google Scholar]
  48. Cao, H.; Liu, D.; Jiang, H.; Cai, C.; Zheng, T.; Lui, J.C.; Luo, J. HandKey: Knocking-triggered robust vibration signature for keyless unlocking. IEEE Trans. Mob. Comput. 2022, 23, 520–534. [Google Scholar] [CrossRef]
  49. Ni, T.; Zhang, X.; Zuo, C.; Li, J.; Yan, Z.; Wang, W.; Zhao, Q. Uncovering user interactions on smartphones via contactless wireless charging side channels. In Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 21–25 May 2023; pp. 3399–3415. [Google Scholar]
  50. Zirnstein, Y. Better cybersecurity due to increased regulation? The final European Cyber Resilience Act—The first comprehensive, horizontally applicable approach for more cybersecurity in digital products. Comput. Law Rev. Int. 2024, 25, 65–72. [Google Scholar] [CrossRef]
  51. Official Journal of the European Union—European Sources Online. Available online: https://www.europeansources.info/eso_tax_series_titles/official-journal-of-the-european-union/ (accessed on 3 April 2025).
Jmse 13 00762 g001
Figure 1. The cyberattack targeting the Port of Rijeka [21].
Figure 1. The cyberattack targeting the Port of Rijeka [21].
Jmse 13 00762 g001
Jmse 13 00762 g002
Figure 2. Common maritime sector IT/OT systems exposed to cyberattacks.
Figure 2. Common maritime sector IT/OT systems exposed to cyberattacks.
Jmse 13 00762 g002
Jmse 13 00762 g003
Figure 3. The number of known exploited vulnerabilities is constantly increasing [42].
Figure 3. The number of known exploited vulnerabilities is constantly increasing [42].
Jmse 13 00762 g003
Jmse 13 00762 g004
Figure 4. Approaches for determining the vulnerability of IT/OT infrastructure.
Figure 4. Approaches for determining the vulnerability of IT/OT infrastructure.
Jmse 13 00762 g004
Jmse 13 00762 g005
Figure 5. The results of penetration and vulnerability testing of the IT infrastructure of maritime companies in the Port of Rijeka, Croatia: (a) example 1; (b) example 2.
Figure 5. The results of penetration and vulnerability testing of the IT infrastructure of maritime companies in the Port of Rijeka, Croatia: (a) example 1; (b) example 2.
Jmse 13 00762 g005
Jmse 13 00762 g006
Figure 6. Results of Shodan web search engine: (a) Query string “$GRPMC”; (b) Query string “$GPGGA”.
Figure 6. Results of Shodan web search engine: (a) Query string “$GRPMC”; (b) Query string “$GPGGA”.
Jmse 13 00762 g006
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Ćelić, J.; Vukšić, M.; Baždarić, R.; Cuculić, A. The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats. J. Mar. Sci. Eng. 2025, 13, 762. https://doi.org/10.3390/jmse13040762

AMA Style

Ćelić J, Vukšić M, Baždarić R, Cuculić A. The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats. Journal of Marine Science and Engineering. 2025; 13(4):762. https://doi.org/10.3390/jmse13040762

Chicago/Turabian Style

Ćelić, Jasmin, Marko Vukšić, Robert Baždarić, and Aleksandar Cuculić. 2025. "The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats" Journal of Marine Science and Engineering 13, no. 4: 762. https://doi.org/10.3390/jmse13040762

APA Style

Ćelić, J., Vukšić, M., Baždarić, R., & Cuculić, A. (2025). The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats. Journal of Marine Science and Engineering, 13(4), 762. https://doi.org/10.3390/jmse13040762

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop