The Third Era of Maritime Cyber Risk: AI-Powered Attacks Threaten Vessel Safety

The maritime industry has entered a critical juncture. What began as digitization for logistical optimization and fuel efficiency has fundamentally transformed the threat landscape facing vessel operators. Security experts now characterize the industry as entering the "Third Era" of maritime risk—a period defined not by accidental malware or data theft, but by weaponized artificial intelligence targeting operational systems that directly impact navigation and crew safety.

For decades, maritime security relied on the "air gap" concept: the assumption that critical shipboard systems such as engines and navigation were safe because they operated independently of internet connectivity. This assumption is now demonstrably false. Modern vessels function as floating data centers, with Information Technology (IT) and Operational Technology (OT) systems increasingly interconnected. Bridge systems such as Electronic Chart Display and Information Systems (ECDIS) frequently run on legacy operating systems—Windows 7, even Windows XP—that no longer receive security patches. Many vessels update these critical systems using "sneakernet," where crew members physically transfer data via USB drives from internet-connected administrative computers to the bridge. This simple process bypasses all firewall protections, creating a direct pathway for dormant malware to execute within the ship's central nervous system.

The convergence of IT and OT has created an expansive attack surface. Researchers in 2025 observed widespread GPS jamming and spoofing in the Black Sea and Strait of Hormuz—attacks that generated what analysts describe as "ghost fleets." These artificial vessel positions, created through generative adversarial networks (GANs), trick collision avoidance systems into dangerous course corrections. Simultaneously, other attackers disable satellite communications (VSAT) on multiple vessels simultaneously. In March 2025, one group disabled VSAT on 116 Iranian-linked vessels in a single coordinated attack, severing the digital connection between ships and shore-based management.

What distinguishes this era is the speed and scale afforded by adversarial AI. Automated systems can now scan maritime company directories, identify satellite communication vulnerabilities, and generate polymorphic malware that constantly modifies its signature to evade detection—all without human intervention. Research has already demonstrated "Ransomware 3.0" prototypes that autonomously navigate entire attack chains from system reconnaissance to data exfiltration.

Beyond code-based attacks, AI-driven deepfake technology presents an equally grave threat. In an industry built on voice verification and trust-based procedures, deepfakes are lethal weapons. A vessel captain might receive a video call from a person appearing to be their fleet manager—with voice and facial features precisely replicated—ordering an emergency fund transfer or unscheduled port deviation. Traditional verification methods are rendered obsolete.

The regulatory environment is beginning to respond. The International Association of Classification Societies (IACS) has mandated new cybersecurity standards (UR E26 and E27) for vessels contracted after January 1, 2024. UR E26 treats the entire vessel as an integrated "system of systems," requiring OT security to be embedded in design phase rather than bolted on afterward. UR E27 holds equipment manufacturers accountable, mandating multi-factor authentication and fail-safe mechanisms. These regulations shift the industry from voluntary guidelines to mandatory baseline standards.

However, many operating vessels predate these requirements. Vessel owners must implement immediate defenses: network segmentation following IEC 62443 standards (separating navigation, propulsion, administration, and crew zones); zero-trust identity management with hardware tokens rather than SMS codes; and crew training in analog navigation and manual engine control as contingency procedures.

The industry's transition to autonomous vessels amplifies these risks. Autonomous navigation relies on sensor fusion—the mathematical consensus of radar, LiDAR, AIS, and camera data. Adversarial machine learning (AML) can "delude" these AI models. Physical patches or digital overlays applied to navigation aids can render them invisible to computer vision or cause misclassification. The same GAN technology creating ghost fleets in AIS data can generate false vessel trajectories that trick collision avoidance algorithms.

Cybersecurity in maritime is no longer an IT problem—it is a Safety of Life at Sea (SOLAS) issue. A compromised email server is an inconvenience; a compromised engine control system can cause collision, grounding, or environmental catastrophe. As 2026 unfolds, the era of "security through obscurity" is definitively over. Ships are no longer safe simply because they are remote. Robust cybersecurity must be integrated into vessel design, crew training, and operational procedures as a matter of fundamental safety engineering.