A new policy brief by the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) highlights the increasing cybersecurity threats facing maritime ports, warning of growing risks posed by state-linked actors and coordination gaps across civil and military port operations.
Maritime ports—responsible for moving around 80% of the world’s trade—are coming under increasing pressure from hostile cyber activity, according to the CCDCOE’s July 2025 policy brief titled Addressing State-Linked Cyber Threats to Critical Maritime Port Infrastructure. The report paints a sobering picture of a digital battlefield now reaching deep into NATO’s strategic infrastructure.
Backed by real-time intelligence contributions from Silobreaker and EclecticIQ, the policy brief presents evidence of frequent and sophisticated cyberattacks on ports across Europe and NATO partner countries. The survey, conducted between November 2024 and February 2025, involved responses from military and government port operators in nine countries—nearly all of which reported significant cyber incidents over the past five years.
The report identifies access control systems and vessel traffic management systems as the most common attack targets. These are not just digital choke points—they’re the heartbeat of any port’s operational continuity. A breach in these systems could mean more than financial damage. In a military context, it could disrupt force mobility and delay supply chain logistics in moments of crisis.
Among the threat actors, the brief highlights state-linked groups tied to Russia, Iran, and China, along with financially motivated ransomware groups and ideologically driven hacktivist collectives. These actors are increasingly turning their focus toward maritime facilities as geopolitical tensions rise across multiple theaters.
What’s particularly troubling, according to the CCDCOE, is the mismatch between NATO’s current maritime strategy and today’s cyber threat landscape. While ports are undeniably part of NATO’s logistical backbone, most critical infrastructure remains under civilian control. This divide creates obstacles when NATO forces need to coordinate cybersecurity operations with privately owned or locally governed port facilities.
The policy brief also calls attention to the fragmented nature of threat intelligence sharing. Many ports operate in silos, both nationally and internationally. There’s no standardized mechanism for real-time intelligence exchange among governments, militaries, and commercial stakeholders. As a result, attackers often exploit the communication lag between these entities.
To address these weaknesses, the CCDCOE offers several recommendations. Chief among them is a call to revise NATO’s maritime strategy to place cybersecurity front and center. This includes establishing structured civil-military liaison networks and integrating private sector port operators into operational planning frameworks.
The report also advocates for dedicated working groups focused on maritime cybersecurity, both at national and alliance levels. These groups would be tasked with developing standards for operational technology (OT) and information and communication technology (ICT), which are increasingly targeted in attacks.
Another urgent proposal is the creation of real-time threat intelligence networks—trusted environments where port authorities, military commands, and private companies can securely exchange cyber threat data. This is where contributions from Silobreaker and EclecticIQ come into focus. Their threat intelligence capabilities were instrumental in helping CCDCOE identify the scale and scope of current risks. Both firms are widely used by global security teams for real-time monitoring of threat actors and vulnerabilities.
The idea of assigning civil-military cybersecurity liaisons—officers embedded within NATO command structures who can directly coordinate with local port authorities—is also gaining traction. These roles would help bridge the current divide between civilian operators and NATO planners during cyber incidents or conflicts.
With cyberattacks becoming more frequent and complex, the CCDCOE warns that the cost of inaction is mounting. Ports are no longer just economic assets—they’re now contested domains. And like any frontline, they require real-time intelligence, coordination, and resilience to withstand the next wave of digital threats.
