< Back
maritime

Tags:

Maritime SOC Detect and respond
14 May 2025

Maritime industry: how to navigate in safe waters in the face of cyber threats?

The digital transformation of the maritime sector has led to major technological advances, including real-time monitoring of ship status using IoT, route optimisation using artificial intelligence, automated management of port operations, and more. While these innovations have revolutionised the maritime industry, they have also considerably increased the attack surface of companies. 

What cyber threats does your maritime organisation face? What are the best practices to adopt to increase your level of cybersecurity while meeting the new regulatory requirements of the sector?

 

The maritime industry is facing an unprecedented wave of cyber attacks

A study was carried out in the first half of 2024 on a sample of 1,800 ships. This includes cargo ships, cruise liners, research vessels, superyachts, oil tankers and offshore supply vessels. During this period, ships were faced with: 

  • 14.8 billion security events
  • 900,000 suspicious e-mails (phishing or malware)
  • 23,400 proven malware attempts
  • 178 ransomware attempts
  • 79 major cybersecurity incidents

 

This data illustrates the colossal volume of cyber attacks carried out against players in the maritime industry. These attacks can have far-reaching consequences: the average cost of a successful cyber attack against a maritime organisation is around $550,000. 

Certain methods are particularly popular among cybercriminals. The tactic known as "initial access" is the most commonly used, accounting for 48% of attacks. Using this method, cybercriminals attempt to obtain a point of entry into the network, often via phishing or the use of stolen identifiers. 

Furthermore, 34% of attacks targeting maritime companies make use of "Command & Control" tactics, the aim of which is to enable the attacker to control the system remotely, in order to exfiltrate data or carry out malicious actions. 

At the same time, new operating methods are becoming more accessible to target players in the maritime industry. This is particularly the case with jamming: the cybercriminal emits parasitic radio signals to disrupt or block GPS and AIS communications, which makes it impossible to geolocate ships or transmit information to them.

Another emerging cyber attack is GPS Spoofing, which involves sending falsified GPS signals to mislead a ship, potentially rerouting it and compromising the safety of its crew and passengers.

 

New regulatory frameworks to strenghthen maritime cybersecurity

A number of regulatory frameworks have been enacted to improve the level of cybersecurity for players in the maritime industry. 

This is the case with the European NIS2 directive, which came into force in October 2024 and concerns 18 strategic sectors of activity, including research and transport. Maritime activities are therefore inevitably affected. 

This legislative framework requires the organisations concerned to adopt enhanced security measures. It includes the implementation of risk and security incident management, the obligation to train employees in best cybersecurity practices, and technical measures such as data encryption, multi-factor authentication and vulnerability scans. 

ISO 23806:2022 provides an additional framework for enhancing the cybersecurity of systems onboard ships, particularly those operating in sensitive or international environments, and can sometimes be a contractual requirement for players in the maritime industry. This standard recommends the implementation of cybersecurity governance, emphasises risk analysis and proposes the adoption of protective measures such as network segmentation or the implementation of enhanced access controls.

The International Maritime Organisation has also provided guidelines for the industry in circular MSC-FAL.1/Circ.3/Rev.2. In particular, this document recommends that the management of maritime companies establish a cyber culture within their organisation, put in place mechanisms to detect cyber events and incidents, as well as measures to ensure the recovery of systems required for maritime operations or services that have been compromised.

At a time when national and international regulatory frameworks are evolving rapidly, the challenge for maritime companies is twofold: to comply with these regulations while protecting their activities against increasingly complex and advanced cyber attacks. 

 

How can you strengthen the cyber-resilience of your maritime business?

To protect your business from modern cyber threats, it's essential to put in place a robust cybersecurity governance structure. Thales supports organisations through its Consulting Services pillar, which covers governance, compliance, training and technical audits. This support is particularly crucial in the maritime sector, where the interconnection of systems, regulatory requirements and operational challenges require appropriate security measures. From the definition of cybersecurity responsibilities and the implementation of rigorous compliance frameworks, to specialised training and in-depth technical audits, Thales helps maritime players to strengthen their resilience in the face of emerging cyber threats.

In addition to the Consulting services offered by Thales, you can strengthen your resilience against cyber threats with our Detect & Respond solution. With 11 SOCs worldwide, Thales provides 24/7 surveillance and Cyber Threat Intelligence to anticipate attacks targeting the maritime sector.

 

With the "SOC on a Ship" offer, Thales goes even further by providing on-board surveillance directly on ships, thus guaranteeing immediate local detection of threats, even in isolated environments. Using the MITRE ATT&CK framework, an EDR and a SIEM, our experts effectively identify and neutralise attacks based on methods as initial access or command & control, which are particularly widespread in the maritime sector.

 

For example, Thales is working with two Dutch companies specialising in maritime dredging to equip their infrastructures and fleets with a complete cyber detection chain, including our SOC on a Ship solution. This partnership includes OT risk assessment, discovery of assets onboard ships, and 24/7 monitoring of security events, with real-time alerts and reports. This approach allows businesses to benefit from converged IT/OT MDR, log management, threat analysis and continuous monitoring of specific cases, strengthening their resilience to cyber threats.

 

Finally, Thales enables you to integrate advanced cybersecurity solutions, strengthening the protection of your critical assets against cyber threats. In the maritime sector, where onboard and land-based systems are increasingly connected, it is essential to ensure that cybersecurity is adapted to complex environments. Thales draws on its expertise to ensure that your security systems are perfectly compatible with all your equipment and operations, while complying with international regulations.

 

This approach enables maritime players to secure their operations, detect threats in real time and ensure business continuity, even in the event of a cyber attack.

Thales Cybersecurity offers you an end-to-end cybersecurity package that covers all these issues. Our solutions protect you from cyber threats targeting the maritime sector, including the most complex and emerging tactics, ensuring that your assets and operations are protected under all circumstances.

 Contact us to discuss your maritime cybersecurity issues!