This is a topic of much concern to our membership, to ship masters generally, + owners, shippers, ports, in fact all branches of what is now widely known as The Maritime.
Let us start with a definition brought together from a number of sources: Cyber Security is the practice of protecting systems, networks, programmes, and data and the like from digital attack, unauthorized access, malicious activity and, in turn, damage.
In defence of attack by cyber criminals there is a variety of technologies. For example firewalls, processes, and human vigilance defend against evolving threats coming from ransomware and phishing as well as the introduction of AI-related incursions .
Effective cybersecurity ensures data integrity and operational resilience, preventing costly financial, legal, and reputational damages.
Some aspects of cybersecurity
We are all aware of the threats from ransomware, phishing, malware, and data breaches, which are undoubtedly increasing in frequency and sophistication.
For some time industry in all its facets has seen the essential need for protecting personal information, intellectual property, and critical infrastructure.
IBM in a recent news posting indicated that industry growth on security spending is projected to reach USD 377 billion by 2028, with high demand for cyber security professionals.
Common measures adopted by the industry include implementing regular software updates, and employee training.
Per IMO
At IMO the scene is set clearly. Maritime cyber risk refers to a measure of the extent to which a technology asset could be threatened by a potential circumstance or event, which may result in shipping-related operational, safety or security failures as a consequence of information or systems being corrupted, lost or compromised. Examples are legion and include erroneous data being transmitted ashore and corruption of GPS.
Cyber risk management means the process of identifying, analysing, assessing and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders
The overall goal is to support safe and secure shipping, which is operationally resilient to cyber risks.
Guidance
On 4 April 2025 IMO issued this nine-page document: MSC-FAL.1-Circ.3-Rev.3.pdf entitled Guidelines on maritime cyber risk management.
The guidelines provide high-level recommendations on maritime cyber risk management to safeguard shipping from current and emerging cyber threats and vulnerabilities and include functional elements that support effective cyber risk management. These recommendations can be incorporated into existing risk management processes and are complementary to the safety and security management practices already established by IMO.
This document can be accessed using the link here: Guidelines on maritime cyber risk management (Visit external site. Link opens in a new tab.)
Safety Management Systems in general
An earlier one-page document of 2017 was entitled: Maritime Cyber Risk Management in Safety Management Systems. In it administrations were left in no doubt that an approved safety management system should take into account cyber risk management in accordance with the objectives and functional requirements of the ISM Code.
Furthermore, administrations were encouraged to ensure that cyber risks were appropriately addressed in safety management systems and that the necessary precautions that could be needed to preserve the confidentiality of certain aspects of cyber risk management were undertaken. The short Maritime Safety Committee circular is available here: Safety management systems in general (Visit external site. Link opens in a new tab.)
Other guidance and standards: a multi-agency document
One publication available online is that produced in 2020: Guidelines on Cyber Security Onboard Ships Version 4 and supported by BIMCO, Chamber of Shipping of America, Digital Containership Association, International Association of Dry Cargo Shipowners (INTERCARGO), InterManager, International Association of Independent Tanker Owners (INTERTANKO), International Chamber of Shipping (ICS), International Union of Marine Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), Superyacht Builders Association (Sybass) and World Shipping Council (WSC).
To quote the introduction: ‘The purpose of these guidelines is to improve the safety and security of seafarers, the environment, the cargo, and the ships. The guidelines aim to assist in the development of a proper cyber risk management strategy in accordance with relevant regulations and best practices on board a ship with a focus on work processes, equipment, training, incident response and recovery management.’
Shipping is relying increasingly on digital solutions for the completion of everyday tasks. The rapid developments within information technology, data availability, the speed of processing and data transfer present shipowners and other players in the maritime industry with increased possibilities for operational optimisation, cost savings, safety improvements and a more sustainable business.
However, these developments to a large extent rely on increased connectivity often via the internet between servers, IT systems and Operational Technology (OT) systems, which increases the potential cyber vulnerabilities and risks.
Some valid points extracted from this document are related here: Cyber security and risk managementnecessitates robust approaches.
Cyber risk management should be an inherent part of a company’s safety and security culture conducive to the safe and efficient operation of the ship and be implemented at various levels of the company, including senior management ashore and onboard personnel.
Cyber risk management should:
- Identify the roles and responsibilities of users, key personnel, and management both ashore and on board.
- Identify the systems, assets, data, and capabilities that, if disrupted, could pose risks to the ship’s operations and safety.
- Implement technical and procedural measures to protect against a cyber incident, timely detection of incidents and ensure continuity of operations.
- Provide a contingency plan which is regularly exercised.
At 64-pages Guidelines on Cyber Security Onboard Ships Version 4 is available using the link here:
Other guidance and standards (Visit external site. Link opens in a new tab.)
Impacts of GNSS Interference on Maritime Safety
The Impacts of GNSS Interference on Maritime Safety Report is a special report by the Royal Institute of Navigation (RIN) Maritime GNSS Interference Working Group revealing the impacts of GNSS Interference in the Maritime sector. Survey data was compiled from over 100 sector experts and 300 vessel ship masters, supported by interviews with dozens of people involved in the operations and supply chain of vessels that regularly encounter GNSS interference.
GNSS interference refers to anything that disrupts a ship’s satellite-based positioning signals usually caused by: Jamming: blocking or overwhelming the satellite signals with noise so the receiver can’t get a position at all; or spoofing: feeding the receiver false satellite signals so it reports a wrong position that looks legitimate.
In 2025, at least two collisions and groundings were reported in mainstream media linked to GNSS interference in regions such as the Baltics, Straits of Hormuz and the Red Sea. With hundreds of vessels being affected daily, the RIN report details for the first time the scale of the problem on modern digital vessels whereby GNSS jamming and spoofing present a significant cybersecurity vulnerability and urgent risks to maritime safety.
Survey data exposes the vulnerability of critically important systems such as Global Maritime Distress and Safety Systems (GMDSS) and other SOLAS-mandated equipment that rely on satellite positioning and timing.
Director of the RIN, Dr Ramsey Faragher, commented: ‘The report has highlighted serious safety concerns and has underlined the fact that these issues are rooted in significant cybersecurity vulnerabilities, and are not just disruptions to navigation.’
Operating within regions of known GNSS interference carries serious safety-of-life and liability implications, as key systems are expected to fail or malfunction with high probability in these conditions. The report also highlights unnecessary dependencies between GNSS receivers and a range of onboard electronics — including RADAR, radios (VHF/MF/HF), NAVTEX, speed logs, ship clocks and satellite communications — many of which do not require GNSS data for their primary function, creating avoidable points of failure and compounding operational risk.
Captain Ivana-Maria Carrioni-Burnett and chair of the RINs Maritime Navigation Group commented: ‘The issue of GNSS interference must be taken seriously. It cannot be overcome by traditional navigation techniques when GNSS receivers are ‘baked in’ to modern ships’ critical systems, including safety systems. These are no longer isolated incidents and pose a real risk to life: people, property and the environment. We must do more to safeguard our seas today and the shipping of tomorrow.’
Captain James Taylor and Fellow of the RIN advised: ‘Despite measures to improve resistance to jamming, spoofing and other harassment measures, the threat is real and growing. And this threat is not only to positioning and navigation; it is to every part of every transport and navigation means and to every part of national infrastructure where timing is derived from space-based timing signals.’
It is understood that the Royal Institute of Navigation will continue to work with report partners (General Lighthouse Authorities of UK and Ireland, IALA, Nautical Institute and others) and regulatory bodies to provide expert guidance to mitigate these issues, and to establish industry-wide adoption of solutions to this problem.
This 120-page report may be downloaded on application here:
Impacts of GNSS interference on maritime safety (Visit external site. Link opens in a new tab.)