The NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) has released a new policy brief evaluating the cybersecurity posture, challenges, and best practices for maritime port infrastructure across NATO and partner countries. The research was supported by threat intelligence contributions from Silobreaker, a security and threat intelligence technology company, whose data and analysis informed the report’s assessment of the threat landscape and its policy recommendations.

Christened “Addressing State-Linked Threats to Critical Maritime Port Infrastructure,” the brief highlights increasing risks from state-linked cyber actors, financially motivated criminals, and politically driven hacktivists. It underscores the strategic significance of ports, which manage 80% of global trade and serve as vital nodes in NATO’s defense logistics. According to the findings, nearly all surveyed countries reported cyber incidents within the last five years, with access control and vessel traffic management systems identified as primary vulnerabilities.

Many of these attacks have been linked to Russia, Iran, and China, involving espionage, disruption, and pre-positioning for future malicious activities. Ransomware groups and hacktivist collectives have also caused disruptions to port operations, emphasizing the necessity for coordinated civilian-military responses. The report indicates that NATO’s current maritime strategy does not adequately reflect contemporary cyber threats. Given that most ports operate under civilian control, enhanced coordination between NATO and civilian port operators is deemed essential for defending against both physical and cyber threats.

To address these concerns, the report recommends updating NATO’s Alliance Maritime Strategy to more fully integrate cybersecurity. It also suggests establishing structured threat intelligence-sharing networks, designating dedicated NATO and port cybersecurity liaisons, and forming international maritime cybersecurity working groups. The survey, which informed the brief, was conducted between November 29, 2024, and February 14, 2025, gathering responses from military and government entities in nine countries. During this research period, cyber threat intelligence companies, including Silobreaker, provided relevant data and threat reports.

Silobreaker specializes in providing insights on emerging risks and opportunities in near real-time. Its platform automates the collection, aggregation, and analysis of data from open and dark web sources, enabling intelligence teams to produce actionable reports. The NATO CCDCOE, located in Tallinn, Estonia, is an accredited hub for NATO allies and partner nations focused on enhancing cyber defense capabilities, offering expertise across strategic, legal, operational, and technical domains.