Before the Mayday: Cyber Attacks at Sea
Find Threat Talks on
Before the Mayday: Cyber Attacks at Sea
Cyber attacks don’t stop at data centers.
They now target ships, navigation systems, and global trade routes.
From GPS spoofing to insider threats, the maritime industry is quietly becoming one of the most exposed pieces of critical infrastructure on the planet – while still relying on legacy systems, weak segmentation, and outdated assumptions about risk.
In this Threat Talks episode, Lieuwe Jan Koning speaks with Professor Stephen McCombie, one of the world’s leading experts in maritime cybersecurity, about why cyber attacks at sea are no longer hypothetical – and why the warning signs are already here.
This isn’t about if.
It’s about what happens before the Mayday.
What you’ll learn
• Why maritime cyber risk is fundamentally different from IT security on land
• How legacy ships and modern connected vessels create dangerous attack surfaces
• What Stuxnet taught us about cyber attacks causing real-world physical damage
• Why insider threats and low awareness make the maritime sector uniquely exposed
• How real incidents – not theory – reveal what attackers actually do at sea
• What prevention, exercises, and Zero Trust thinking look like in maritime reality
Your cybersecurity experts
Lieuwe Jan Koning
Co-Founder and CTO
ON2IT
Professor Stephen McCombie
Professor of Maritime IT Security
NHL Stenden University of Applied Sciences
Episode details
Could Stuxnet happen again – this time at sea?
In this episode, Professor Stephen McCombie explains why the answer is yes – and why the maritime industry may be even more vulnerable than many organizations realize.
Ships operate remotely, rely on aging OT systems, and often lack the basic cyber hygiene found in modern enterprise environments. At the same time, newer vessels introduce always-on connectivity, shore-managed systems, and significantly larger attack surfaces.
The result is a perfect storm.
Drawing on real cases from the Maritime Cyber Attack Database (MCAT), this conversation walks through:
• Insider attacks aboard military and commercial vessels
• GPS spoofing used as a geopolitical weapon
• State-sponsored interference with navigation and AIS systems
• How cyber incidents at sea rapidly become physical safety risks
This is not just an IT problem.
It’s a critical infrastructure problem – with global economic consequences.
The playbook for defense
• Awareness first: You can’t defend against risks leadership doesn’t acknowledge
• Learn from real incidents: Openness beats silence every time
• Exercise decision-making: Boards must feel cyber pressure before it’s real
• Basic prevention: Segmentation, authentication, updates – no shortcuts
• Zero Trust thinking: Assume compromise, limit blast radius, protect what matters
Cyber attacks at sea don’t start with alarms.
They start quietly – long before the distress call.
Act before the Mayday.
Get your Hacker T-shirt
Join the treasure hunt!
Find the code within this episode and receive your own hacker t-shirt for free.
