Journal is indexed in following databases:
- SCOPUS
- Web of Science Core Collection - Journal Citation Reports
- EBSCOhost
- Directory of Open Access Journals
- TRID Database - Transportation Research Board
- Index Copernicus Journals Master List
- BazTech
- Google Scholar
2024 Journal Impact Factor - 0.6
2024 CiteScore - 1.9
ISSN 2083-6473
ISSN 2083-6481 (electronic version)
Editor-in-Chief
Associate Editor
Prof. Tomasz Neumann
Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
e-mail transnav@umg.edu.pl
Cybersecurity in Maritime Transport Systems: Threats, Trends, and Countermeasures in the Last Decade
1 Gdynia Maritime University, Gdynia, Poland
ABSTRACT: The increasing digitization and automation of maritime transport systems have introduced significant cybersecurity challenges across both vessel-based and port-based infrastructures. This paper provides a comprehensive overview of the current cyber threat landscape affecting the maritime domain, examining key vulnerabilities in modern maritime systems, including navigation, communication, and cargo handling technologies. It outlines recent trends such as the emergence of autonomous shipping and evaluates their implications for cybersecurity. A detailed classification of cyber threats—ranking from ransomware and phishing to advanced persistent threats and denial-of-service attacks—is presented alongside real-world case studies that illustrate the technical complexity and operational impact of cyber incidents. Furthermore, the paper analyzes the main risk factors contributing to cyber vulnerabilities in the maritime sector. Building on this, it explores state-of-the-art strategies and technologies aimed at mitigating these threats, including intrusion detection systems, blockchain applications, cybersecurity training protocols, and international regulatory efforts. The study concludes with key recommendations for strengthening cyber resilience in maritime operations, emphasizing a proactive and multilayered approach to securing this critical global infrastructure.
KEYWORDS: Cyber Threats, Cyber Resilience, Maritime Cybersecurity, Ransomware, GPS Spoofing / AIS Spoofing, Advanced Persistent Threats (APT), Risk Factors in Maritime Transport, Mitigation Strategies
REFERENCES
Symes, S., Blanco-Davis, E., Graham, T., Wang, J., & Shaw, E. (2024). Cyberattacks on the Maritime Sector: A Literature Review. Journal of Marine Science and Application, 23(4), 689–706. - doi:10.1007/s11804-024-00443-0
Weintrit, A., Neumann, T. (2013). Marine navigation and safety of sea transportation: Maritime transport & shipping, 1-320, 978-131588312-0, CRC Press - doi:10.1201/b14960
Weintrit, A., Neumann, T. (2013). Marine Navigation and Safety of Sea Transportation: Advances in Marine Navigation, 1-313, 978-131588301-4, CRC Press - doi:10.1201/b14961
Weintrit, A., Neumann, T. (2015). Safety of marine transport introduction in: Safety of Marine Transport: Marine Navigation and Safety of Sea Transportation, 1-4, 978-131567261-8, CRC Press - doi:10.1201/b18515
Cyber Trends and Insights in the Marine Environment 2023. (2024). U.S. Coast Guard Cyber Command. https://www.uscg.mil/Portals/0/Images/cyber/CTIME_2023_FINAL.pdf
Cyber Trends and Insights on the Marine Environment 2024. (2025). U.S. Coast Guard Cyber Command. https://www.uscg.mil/Portals/0/Images/cyber/CGCYBER%202024%20CTIME.pdf?ver=AgbTrQoh4Fs91HUmdhd_xA%3d%3d×tamp=1747657640065
Jaffe, J., & Floridi, L. (2024). Ransomware: Why It’s Growing and How to Curb Its Growth. Applied Cybersecurity & Internet Governance, 3(2), 38–64. - doi:10.60097/ACIG/192959
Sindiramutty, S. R., Cen, T. Y., Raslan, M. A. H. bin M., Subramaniam, M. R., Xin, L. Y., Kin, S. J., Long, M. S., & Sindiramutty, S. R. (2024). In-Depth Analysis and Countermeasures for Ransomware Attacks: Case Studies and Recommendations. - doi:10.20944/preprints202408.2261.v1
Alhaji, U. M., Adewumi, S. E., & Yemi-peters, V. I. (2025). Classification of Phishing Attacks Using Machine Learning Algorithms: A Systematic Literature Review. Journal of Advances in Mathematics and Computer Science, 40(1), 26–44. - doi:10.9734/jamcs/2025/v40i11960
Jampani, S. K. (2025). Social Engineering 2.0 Deepfake and Deep Learning-based Cyber-attacks (Phishing). IJFMR - International Journal For Multidisciplinary Research, 7(1). - doi:10.36948/ijfmr.2025.v07i01.35527
DDOS Attacks and Analysis of Different Defense Mechanisms – IJSREM. (n.d.). Retrieved May 31, 2025, from https://ijsrem.com/download/ddos-attacks-and-analysis-of-different-defense-mechanisms/
Afek, Y., Berger, H., & Bremler-Barr, A. (2025, January 23). POPS: From History to Mitigation of DNS Cache Poisoning Attacks. arXiv.Org. https://arxiv.org/abs/2501.13540v1
Rolansa, F., Istiyanto, J. E., Afiahayati, A., & Frisky, A. Z. K. (2025). SMOTE tree-based autoencoder multi-stage detection for man-in-the-middle in SCADA. Indonesian Journal of Electrical Engineering and Computer Science, 38(1), Article 1. - doi:10.11591/ijeecs.v38.i1.pp133-144
Kandasamy, V., & Roseline, A. A. (2025). Harnessing advanced hybrid deep learning model for real-time detection and prevention of man-in-the-middle cyber attacks. Scientific Reports, 15(1), Article 1. - doi:10.1038/s41598-025-85547-5
Zhuo, Z., Cai, T., Zhang, X., & Lv, F. (2021). Long short-term memory on abstract syntax tree for SQL injection detection. IET Software, 15(2), 188–197. - doi:10.1049/sfw2.12018
College of Computers and Information Technology, Taif University, Taif, SA., Awadh, N., Zaid, H., College of Computers and Information Technology, Taif University, Taif, SA., Al-ajmani, Dr. S., & Department of Information Technology, College of Computer and Information Technology, Taif University, Taif, SA. (2025). A Robust Framework for Detecting Brute-Force Attacks through Deep Learning Techniques. International Journal of Recent Technology and Engineering (IJRTE), 13(5), 27–42. - doi:10.35940/ijrte.E8182.13050125
Mujtaba, A., Zulfiqar, M., Azhar, M. U., Ali, S., Ali, A., & Khan, H. (2025). ML-based Fileless Malware Threats Analysis for the Detection of Cyber security Attack based on Memory Forensics: A Survey. The Asian Bulletin of Big Data Management, 5(1), Article 1. - doi:10.62019/abbdm.v5i1.289
Guadarrama-Estrada, A. R., Osorio-Gordillo, G. L., Vargas-Méndez, R. A., Reyes-Reyes, J., & Astorga-Zaragoza, C. M. (2025). Cyber–Physical System Attack Detection and Isolation: A Takagi–Sugeno Approach. Mathematical and Computational Applications, 30(1), Article 1. - doi:10.3390/mca30010012
Transportation-Energy-Communication Integrated Management of Ship Cyber-Physical Systems Against Cyber Attacks. (n.d.). Retrieved May 31, 2025, from https://ieeexplore.ieee.org/document/10833774
Swope, C., Bingen, K. A., Young, M., & Lafave, K. (2025). Space Threat Assessment 2025. Center for Strategic & International Studies. https://scispace.com/pdf/kinetic-weapons-nonkinetic-weapons-electronic-weapons-cyber-p1kxo3ufwf.pdf
Greig, J. (2023, January 17). Ransomware attack on maritime software impacts 1,000 ships. https://therecord.media/ransomware-attack-on-maritime-software-impacts-1000-ships
Kovacs, E. (2023, January 18). Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels. SecurityWeek. https://www.securityweek.com/ransomware-attack-dnv-ship-management-software-impacts-1000-vessels/
Page, C. (2023, January 18). Maritime giant DNV says 1,000 ships affected by ransomware attack. TechCrunch. https://techcrunch.com/2023/01/18/dnv-norway-shipping-ransomware/
Cyber-attack on ShipManager servers – update. (2023, January 23). DNV. https://www.dnv.com/news/cyber-attack-on-shipmanager-servers-update-237931/
LaGrone, S. (2023, April 20). Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction. USNI News. https://news.usni.org/2023/04/20/ransomware-attack-hits-marinette-marine-shipyard-results-in-short-term-delay-of-frigate-freedom-lcs-construction
Ransomware attack on US Navy shipbuilder leaked information of nearly 17,000 people. (n.d.). Retrieved May 31, 2025, from https://therecord.media/fincantieri-shipbuilder-us-navy-wisconsin-ransomware
Arghire, I. (2023, July 5). Japan’s Nagoya Port Suspends Cargo Operations Following Ransomware Attack. SecurityWeek. https://www.securityweek.com/japans-nagoya-port-suspends-cargo-operations-following-ransomware-attack/
Nagoya Port Cyber Attack Japan’s Largest Port Paralyzed 2023. (2023, July 5). https://thecyberexpress.com/nagoya-port-cyber-attack-largest-japan/
Wadhwani, S. (n.d.). Nagoya Port Ransomware Attack—Spiceworks. Spiceworks Inc. Retrieved April 27, 2025, from https://www.spiceworks.com/it-security/security-general/news/nagoya-port-ransomware-attack/
Benjamin, J. (2023, July 11). OT Cybersecurity Breach Disrupts Operations at the Port of Nagoya, Japan | Dragos. https://www.dragos.com/blog/ot-cybersecurity-breach-disrupts-operations-at-the-port-of-nagoya-japan/
Network, M. N. (2025, May 16). Intelligence Firm Confirms GPS Spoofing Responsible For MSC Antonia Grounding. Marine Insight. https://www.marineinsight.com/shipping-news/intelligence-firm-confirms-gps-spoofing-responsible-for-msc-antonia-grounding/
Schuler, M. (2025, May 15). Pole Star Confirms GPS Interference Caused MSC ANTONIA Grounding. gCaptain. https://gcaptain.com/pole-star-confirms-gps-interference-caused-msc-antonia-grounding/
MSC ANTONIA Current Position (Container Ship, IMO 9398216)—VesselFinder. (n.d.). Retrieved May 29, 2025, from https://www.vesselfinder.com/pl/?imo=9398216
UKMTO Ops Centre w [@UK_MTO]. (2025, May 9). 20250509_UKMTO_ADVISORY_INCIDENT 015-25 https://ukmto.org/-/media/ukmto/products/20250509_ukmto_advisory_incident-015-25.pdf?rev=aaa78cfdab39445b8662a9c4232205e3 #maritimesecurity #marsec https://t.co/khaYhYTInP [Tweet]. Twitter. https://x.com/UK_MTO/status/1920869477698191489
SideWinder APT | StealerBot Campaign—CyberStash. (n.d.). Retrieved May 29, 2025, from https://www.cyberstash.com/sidewinder-apt-stealerbot-campaign/
“SideWinder” Intensifies Attacks on Maritime Sector. (n.d.). Retrieved May 29, 2025, from https://www.darkreading.com/cyberattacks-data-breaches/sidewinder-intensifies-attacks-maritime-sector
CVE-2017-11882—Security Update Guide—Microsoft—Microsoft Office Memory Corruption Vulnerability. (n.d.). Retrieved May 29, 2025, from https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2017-11882
SideWinder APT | StealerBot Campaign. (2024, October). Cyber Stash. https://www.cyberstash.com/wp-content/uploads/2024/10/SideWinder-APT-StealerBot-Campaign.pdf
Dixon (g_dixon), G. (2023, May 25). Ship AIS data spoofed to draw pro-war Russian Z symbol in Black Sea. TradeWinds | Latest Shipping and Maritime News. https://www.tradewindsnews.com/technology/ship-ais-data-spoofed-to-draw-pro-war-russian-z-symbol-in-black-sea/2-1-1456329
Spoofed AIS Signals Form Symbol of Russian Invasion. (n.d.). The Maritime Executive. Retrieved May 30, 2025, from https://maritime-executive.com/article/spoofed-ais-signals-form-symbol-of-russian-invasion-off-crimea
Courtnell, J. (2023, October 2). AIS Spoofing Research Unveils 4 Main Typologies: A Complete Guide. Pole Star Global. https://www.polestarglobal.com/resources/ais-spoofing/
Mass AIS Spoofing Event “Moves” Dozens of Ships to Crimean Airport. (n.d.). The Maritime Executive. Retrieved May 30, 2025, from https://maritime-executive.com/editorials/mass-ais-spoofing-event-moves-dozens-of-ships-to-crimean-airport
Rotterdam: Europe’s Largest Port Targeted in Cyberattack Linked to Pro-Russian Hackers. (2023, June 14). Tech Times. https://www.techtimes.com/articles/292580/20230614/rotterdam-europe-largest-port-cyberattack-pro-russian-hackers.htm
Port of Rotterdam Targeted in Cyberattack—Maritime Gateway. (n.d.). Retrieved May 30, 2025, from https://www.maritimegateway.com/port-of-rotterdam-targeted-in-cyberattack/
Dutch ports’ websites offline for hours, days due to pro-Russian cyber attacks | NL Times. (2023, June 14). https://nltimes.nl/2023/06/14/dutch-ports-websites-offline-hours-days-due-pro-russian-cyber-attacks
Dark Web Profile: Killnet - Russian Hacktivist Group. (2022, December 16). SOCRadar® Cyber Intelligence Inc. https://socradar.io/dark-web-profile-killnet-russian-hacktivist-group/
Major Cyber Attacks Targeting Transportation & Logistics Industry. (2025, March 28). SOCRadar® Cyber Intelligence Inc. https://socradar.io/major-cyber-attacks-transportation-logistics-industry/
EUROPEAN CYBER REPORT. (2025). Link11. https://www.link11.com/wp-content/uploads/2025/03/Link11_European_Cyber_Report_EN_2025-2.pdf
Desk, iHLS N. (2025, May 8). Massive Surge in DDoS Attacks Targets Spain and Europe Amid Rising Hacktivist Campaigns. iHLS. https://i-hls.com/archives/129199
Russian GRU Targeting Western Logistics Entities and Technology Companies | CISA. (2025, May 21). https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a
Greenberg, A. (n.d.). Russian Hackers Are Trying to Brute-Force Hundreds of Networks. Wired. Retrieved May 30, 2025, from https://www.wired.com/story/fancy-bear-russia-brute-force-hacking/
Coast Guard Cyber Command. (2023). 2022 Cyber Trends and Insights in the Marine Environment (CTIME) Report. United States Coast Guard. https://www.uscg.mil/Portals/0/Images/cyber/2022CTIMEReport_Final.pdf?ver=lFYiLZqt4dbVf2RFTgL15g%3d%3d×tamp=1685643398263
Citation note:
Cichocki R., Wójcik P.: Cybersecurity in Maritime Transport Systems: Threats, Trends, and Countermeasures in the Last Decade. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 19, No. 3, doi:10.12716/1001.19.03.03, pp. 715-722, 2025
Authors in other databases:
Rafał Cichocki:
orcid.org/0000-0002-5004-5587
58507160800
orcid.org/0000-0002-5004-5587
58507160800
Przemysław Wójcik:
orcid.org/0009-0004-2248-8622
orcid.org/0009-0004-2248-8622
Other publications of authors:
File downloaded 2 times
