U.S. maritime ports are facing very real cyber threats. In recent years, they’ve become prime targets for both cybercriminal gangs and nation-state hackers seeking to disrupt critical infrastructure. The past 18 months have seen an uptick in cyberattacks and alerts involving U.S.ports and the broader Marine Transportation System (MTS). In response, the United States Coast Guard (USCG) has shifted from a longstanding policy of encouragement to enforcement, culminating in baseline cybersecurity requirements to protect the MTS, including ports, from cyber threats. The regulations go into effect July 16, 2025.
This article will review some of the high-profile attacks on U.S. ports leading up to the new mandate, explain why modern ports are vulnerable and recommend proactive steps port authorities can take not just to comply with regulations but to secure their digital infrastructure.
Recent Cyberattacks on U.S. Maritime Ports
With nearly 10 million units of cargo processed annually, the Port of Los Angeles is the busiest container port in the Western Hemisphere. In 2023, it reported blocking approximately 63 million cyber intrusion attempts per month.
In October 2023, the USCG issued a sector-wide alert after observing malicious activity by the Cl0p ransomware gang affecting the MTS. The alert noted that many victims were either directly part of port operations or provided critical services to ports.
In August 2024 a ransomware attack (attributed to the Rhysida group) struck the Port of Seattle, which operates the Seattle-Tacoma International Airport. The breach caught the media’s attention by disrupting port-operated airport systems for weeks, underscoring how a cyberattack can spill over into a transportation hub.
Once ransomware hits, it can encrypt both business data and the software that drives cranes, gates and pumps, effectively paralyzing physical operations.
These incidents illustrate how quickly a lone cyberattack can bring port logistics to a halt. In an era where operational technology (OT) and Internet of Things (IoT) devices run critical port functions, a single breach can reverberate through the supply chain – from cranes and tugboats to long-haul trucks that deliver goods to their final destination.
Why Are U.S. Maritime Ports Vulnerable to Cyberattacks?
Modern ports are high-tech marvels — an intricate blend of traditional heavy machinery and cutting-edge digital systems. However, this fusion of old and new has created an attack surface rife with cyber vulnerabilities. The USCG has noted that network-connected OT in port facilities is increasingly targeted by attackers, and often relies on outdated software and protocols with insufficient access controls.
Port OT systems like crane controllers, industrial sensors and safety instrumented systems often run on outdated technology. Many were installed decades ago and were never designed with cybersecurity in mind. Over time, new digital features get bolted onto these legacy systems. For instance, equipment built in the 1990s or early 2000s might now be connected to the internet for remote access control, maintenance and monitoring.An unpatched vulnerability in a port crane’s software, if exploited, could halt crane movements or even cause erratic behavior, endangering cargo and personnel.
Four issues in particular expose U.S.maritime ports to cyberattacks.
1. Reliance on Chinese Manufacturers
Vulnerabilities aside, overreliance on technology and equipment from PRC-owned manufacturer ZPMC has created documented cybersecurity risk for the U.S. maritime industry. Nearly 70% of all ship-to-shore cranes worldwide are built by ZPMC, which has pressured American ports for remote access to its machines. U.S. officials have voiced concern that these cranes could harbor hidden spyware or backdoors in their control systems.
2. IoT Devices: Unmanaged and Insecure by Design
Another challenge is the explosion of IoT devices across port operations. Today’s smart port uses IoT sensors for everything from tracking container temperatures to monitoring bridge vibrations. Each IoT device — whether it’s a security camera or a smart gate control — is a node on the network. Unfortunately, many such devices ship with weak security. It’s common to find default passwords, unencrypted communications and firmware that hasn’t been updated in years. Attackers know these gadgets can be easy entry points. A single compromised IoT sensor can serve as a pivot point to infiltrate the wider port network if not properly isolated.
3. Ransomware: Low Barriers to Entry
Ransomware attacks remain lucrative for cybercriminals looking for financial gain over notoriety or political impact. Tools such as Ransomware-as-a-Service make it easy for even unsophisticated cybercriminals to exploit vulnerabilities. Critical infrastructure operators that can’t tolerate downtime — such as ports — are especially attractive.
Outdated Windows servers running cargo-management software or unpatched databases in terminal offices are prime targets. Once ransomware hits, it can encrypt both business data and the software that drives cranes, gates and pumps, effectively paralyzing physical operations. Unlike an office where employees might work offline temporarily, ports can’t simply “go manual” for long.
4. Supply Chain Security Gaps
Beyond internal systems, supply chain security gaps add another weak link. Most industries have complex supply chains, but few are as visible or global as ports. Their operations are tightly integrated with shipping lines, logistics providers and equipment manufacturers around the world. This means a vulnerability in a third-party system can affect everyone in the chain. That’s not a hypothetical. In 2023, a major technology provider for ship-to-shore cranes suffered a ransomware attack from BlackBasta, While the attack was aimed at the vendor, the effect cascaded to ports relying on that company’s software for crane maintenance.
Navigating U.S.Cybersecurity Requirements for Maritime Ports
For more than two decades, the Maritime Transportation Security Act of 2002 (MTSA) has required ports and maritime facilities to implement security plans. Not until 2020 (33 CFR Part 105 and Part 106), however, did the regulations evolve to include cybersecurity, mandating that facilities address computer system and network vulnerabilities in their Facility Security Assessments and Plans. Since then, the USCG has issued guidance to MTSA-regulated facilities, such as encouraging port facility operators to follow cybersecurity best practices by applying the NIST Cybersecurity Framework (NIST CSF 2.0) and NIST Special Publication 800-82 (SP 800-82r3). NIST CSF 2.0 provides a common language to manage and reduce risk. Using its six functions — Govern, Identify, Protect, Detect, Respond, Recover — is a good way to structure a port’s cybersecurity program. SP 800-82r3 offers detailed technical guidance on securing industrial control systems (ICS), such as PLCs and SCADA systems, which apply directly to port OT environments.
Only in recent years has the USCG sought to codify cyber standards for ports. In January 2025, the agency issued the aforementioned final rule set to go into effect in July. The rule requires ports and terminal operators to:
- Develop and maintain a comprehensive cybersecurity plan and separate cyber incident response plan
- Conduct regular cybersecurity risk assessments and exercises
- Designate a cybersecurity officer and provide cybersecurity training
- Enforce security controls such as access control, whitelists, data encryption and log management, network segmentation and monitoring, and supply chain security
- Report significant cyber incidents to the National Response Center
How Port Authorities Can Prepare for MTS Cybersecurity Compliance
Port authorities can prepare now for compliance by taking these steps. With the effective date looming, hopefully the first few are already under your belt:
- Read the final rule and familiarize yourself with the requirements.
- Conduct a readiness assessment to determine training needs and technology gaps.
- If you’re not already applying NIST CSF 2.0 and SP 800-82r3, they offer the prescriptive roadmap needed to secure your digital port. Adhering to these standards not only helps security, it also demonstrates due diligence. During inspections or audits, being able to show that your cyber controls align with NIST recommendations will put you in a strong position.
- Apart from NIST, look to industry-specific cybersecurity best practices. For example, the MTS-ISAC provides threat intel and best practice information-sharing among ports, and international standards like the IMO’s guidelines for maritime cyber risk management. If you’re not already a member, join today and keep up with their news and events.
Accelerate Compliance with Nozomi Networks
Cybersecurity is no longer an IT sidebar for ports; it’s mission-critical to keeping cargo moving and ensuring national security. Meeting USCG cybersecurity requirements means folding cyber into your existing safety and security culture — from your Facility Security Plan down to employee training — and documenting everything. If you haven’t yet suffered a breach and shored up your defenses, the learning curve may be steep. Many existing maritime regulations pertain to complex tasks that rely on judgment calls by senior marine engineers and operators. Equivalent internal expertise to evaluate security controls, legacy system vulnerability and OT/IoT exposure likely doesn’t exist.
By automating asset inventory, calculating asset risk, prioritizing vulnerability management, detecting threats and anomalies, and assisting with incident response, the Nozomi Networks platform can accelerate regulatory compliance and NIST framework alignment while materially increasing your overall cyber resilience. While it’s impossible to eliminate all risk, being prepared can turn a potential catastrophe into a manageable event.
