AUTONEWS

Researchers find training gaps impacting maritime cybersecurity readiness

Whether it's a fire or a flood, a ship's crew can only rely on itself and its training in emergencies at sea. The same is true for crews facing digital threats on oil tankers, cargo ships, and other commercial vessels.

New cybersecurity research from the Georgia Institute of Technology, however, revealed that crews aboard commercial vessels were often not adequately prepared to manage cyberattacks effectively due to systemic training gaps. "A Sea of Cyber Threats: Maritime Cybersecurity from the Perspective of Mariners" was presented at CCS 2025.

The findings are based on interviews conducted by researchers with more than 20 officer-level mariners to assess the maritime industry's readiness to handle cybersecurity attacks at sea.

"Historically, cybersecurity research has focused heavily on cyber-physical systems like cars, factories, and industrial plants, but ships have largely been overlooked," said Anna Raymaker, Ph.D. student and lead researcher.

"That gap is concerning when more than 90% of the world's goods travel by sea. Recent incidents, from GPS spoofing to ships linked to subsea cable disruptions, show that maritime systems are increasingly part of the global cyber threat landscape."

The researchers proposed four practical strategies to strengthen maritime cyber defenses and close the training gaps. Their findings were presented recently at the ACM SIGSAC Conference on Computer and Communications Security (CCS).

1. Make cybersecurity training actually maritime...Many of those interviewed for the study described current cybersecurity training as "boilerplate"—generic modules that don't reflect real shipboard risks.

Researchers recommend(below):

Role-specific instruction: Navigation officers should learn to detect and identify GPS spoofing. Engineers should focus on vulnerabilities in remotely monitored systems.

Bridging IT and Operational Technology: Crews need to understand how attacks on IT systems can trigger physical consequences in operational technology—including collisions, groundings, or explosions.

Hands-on delivery: Replace passive PowerPoints with drills and in-person exercises that build muscle memory.

Accessible standards: Training must account for the wide range of educational backgrounds across crews and be standardized across ranks.

2. Move beyond 'call IT'...At sea, crews can't simply escalate a cyber incident to a shore-based IT department and wait. Operational resilience requires onboard readiness.

Researchers recommend(below):

Vessel-specific response plans: Ships need clear, actionable protocols for threats such as AIS jamming or radar manipulation.

Military-style drills: Adopting MCON (Emission Control) exercises—used by the U.S. Military Sealift Command—can train crews to operate safely without electronic systems.

Stronger connectivity controls: High-bandwidth satellite systems like Starlink introduce new risks. Clear policies and network segregation are essential to prevent new entry points for attackers.

3. Create unified, ship-specific regulations...Maritime cybersecurity regulations are often reactive and fragmented. Researchers argue the industry needs a cohesive, domain-specific framework.

Key recommendations include(below):

A unified global model: Like the energy sector's NERC CIP standards, a maritime framework could mandate baseline controls such as encryption, network segmentation, and anonymous incident reporting.

Rules built for real crews: Regulations designed for large naval operations don't translate well to smaller merchant or research vessels. Standards must reflect actual shipboard conditions.

Future-proofing requirements: Autonomous ships and remotely operated vessels expand the cyber-physical attack surface. Regulations must proactively address these emerging technologies.

4. Invest in maritime-specific cyber research...Finally, the researchers stress that long-term resilience requires deeper technical research focused on maritime systems.

Priority areas include(below):

Real-time intrusion detection systems tailored to shipboard protocols.

Proactive security risk assessments of interconnected onboard systems.

Cyber-physical modeling to better understand cascading failures in complex maritime environments.

The bottom line...Cyber threats at sea are no longer hypothetical. Mariners report real-world incidents ranging from GPS spoofing to ransomware that disrupts global trade.

"Through our interviews with mariners, I saw firsthand how much dedication and pride they take in their work," said Raymaker. "Our goal is for this research to serve as a call to action for researchers, policymakers, and industry to invest more attention in maritime cybersecurity and support the people who risk their lives every day to keep global trade, food, and energy moving."

Researchers conducted interviews with over 20 merchant marine officers and identified several critical shortcomings(below):

"Boilerplate" training: Current training modules are often described as generic and do not reflect the specific real-world risks of a ship.

Reliance on shore support: At sea, crews cannot simply "call IT" and wait for assistance. The lack of onboard response protocols creates a significant vulnerability.

Complexity of new systems: The use of high-bandwidth systems, such as Starlink Maritime, introduces new attack vectors, requiring stricter network control and segregation policies.

IT-OT blindness: Sailors often do not understand how attacks on Information Technology (IT) systems can cause immediate physical damage to Operational Technology (OT) systems, such as propulsion and navigation. Recommendations from researchers...To close these gaps and strengthen operational resilience, Georgia Tech experts suggest four main strategies:

Contextualized training: Replace passive PowerPoint presentations with hands-on exercises and simulations that create "muscle memory."

Job-specific instruction: Navigation officers should focus on detecting GPS spoofing, while engineers should focus on vulnerabilities in remotely monitored systems.

Unified regulation: Creation of a cohesive global model, similar to the NERC CIP standards of the energy sector, that establishes mandatory basic controls.

Military-style training: Adopt practices such as emissions control exercises (MCON), used by the US Military Sealift Command, to train crews to operate safely without relying solely on electronic systems.

These findings serve as a call for policymakers and industry to invest more in maritime cybersecurity to protect global trade.

Provided by Georgia Institute of Technology