A new report from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) warns that global ports are vulnerable in the wake of escalating cyber threats.
The policy brief highlights that ports, which handle approximately 80% of international trade, “face unprecedented cybersecurity threats from state-linked actors” from Russia, Iran, and China. These actors aim to disrupt operations and potentially inflict significant economic and military harm.
Ports serve as crucial nodes in NATO’s defense logistics network, and recent intelligence reveals a high frequency of cyber attacks on port facilities across Europe and the Mediterranean. A significant proportion of these cyber assaults have been traced back to threat actors originating from Russia, Iran, and China. These nations are allegedly leveraging cyber tools to achieve broader geopolitical objectives by deploying sophisticated and often coordinated cyber campaigns against critical infrastructures.
The report outlines that the nature of these cyber threats is both sophisticated and pervasive. It stresses the pressing need for coordinated policy and security responses to counteract these risks. Cyber attacks have predominantly targeted access control systems and vessel traffic management systems, which are essential for maintaining the smooth operation and safety of port facilities. Such vulnerabilities, if exploited, could lead to severe disruptions in global supply chains and critical military logistics operations.
The vector for these threats expands beyond simple hacking attempts or malware. The CCDCOE identifies the involvement of politically-motivated hacktivists, particularly pro-Russian groups like NoName057. These groups, employing methods such as distributed denial-of-service (DDoS) attacks, have effectively demonstrated the disruptive potential of cyber operations. For instance, one notable incident involved NoName057’s disruption of the Port of Rotterdam’s main website in June 2023, underscoring the group’s ability to impact port operations directly. The group also attacked the ports of Gdynia in Poland, and Felixstowe and Tyne in Great Britain.
The report also cited maritime organizations, logistics providers, and air traffic control systems in at least 11 countries that were targeted by a group linked to Russian military intelligence services.
In Israel, the ports of Ashdod and Haifa and an oil refinery, and Egypt’s Port Said, were attacked by Iran-based groups.
Maritime transportation companies were targeted by China-connected groups using various attack vectors, including infected USB drives.
NATO said at least 45 maritime organizations suffered ransomware attacks in 2024.
The challenge extends further to state-sponsored cyber attacks, notably from Iranian groups under the aegis of the Islamic Revolutionary Guard Corps and China’s increasing pre-positioning of cyber tools on critical infrastructure networks. These actions provide these states with the capabilities to execute disruptive or even destructive cyberattacks, posing a direct threat not only to the economic fabric of affected countries but also to their national security.
NATO’s current maritime strategy, last revised in 2011, is critiqued in the report for lacking formalized frameworks for engagement with commercial port operators. Because critical port infrastructures are predominantly under civilian control yet serve essential military logistics functions, updated strategies are required that integrate cybersecurity measures tailored to address the needs of modern-day maritime operations.
There are several recommendations from the CCDCOE aimed at enhancing the cyber resilience of maritime ports. These include the need for establishing sector-specific intelligence sharing networks, coordinated response mechanisms, and resilience standards. Such measures would facilitate better cooperation between public and private entities while bolstering NATO’s maritime cyber defense posture.
The cost of inaction, according to the CCDCOE, far exceeds the investment necessary for comprehensive maritime cybersecurity. Without a fortified approach, ports remain susceptible to cyber incursions that could disrupt global trade, endanger economic stability, and compromise national security. The report calls for an urgent revision of existing cybersecurity frameworks to incorporate these recommendations, fostering an environment where intelligence sharing, strategic coordination, and robust cybersecurity practices become the norm.
Find more articles by Stuart Chirls here.
Related coverage:
Historic order for U.S.-built LNG carrier could test new rules
Trans-Pacific shippers’ turn to pause as box rates end slide
“It all unraveled quickly”: Family-owned business laments tariff and trade chaos