A new report from NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) has issued a stark warning that global ports are dangerously vulnerable to escalating and sophisticated cyberattacks from state-linked actors, specifically naming Russia, China, and Iran as primary threats. The policy brief highlights that these vital hubs, which handle approximately 80% of world trade and serve as crucial nodes in NATO’s defense logistics network, face an unprecedented risk of disruption.
The report details a high frequency of cyber assaults on port facilities across Europe and the Mediterranean, with threat actors targeting critical operational systems such as vessel traffic management and access control. A successful attack on these systems, the report stresses, could inflict significant economic and military harm, disrupting global supply chains and compromising military logistics.
NATO’s DIANA program brings startups into the future of defense
The methods of attack are varied and pervasive, ranging from ransomware and malware delivered via infected USB drives to coordinated state-sponsored campaigns. The CCDCOE cited specific examples, including disruptive denial-of-service (DDoS) attacks on the ports of Rotterdam, Felixstowe, and Gdynia by the pro-Russian hacktivist group NoName057. It also noted that groups linked to Russian military intelligence have targeted maritime and logistics firms in at least 11 countries, while Iran-based actors have attacked ports in Israel and Egypt. The report also identified a Chinese strategy of pre-positioning cyber tools on critical infrastructure networks, giving them the capability to execute disruptive attacks at will.
The paper critiques NATO’s own maritime strategy, last updated in 2011, as lacking a formal framework for cybersecurity engagement with commercial port operators, which are typically under civilian control yet serve essential military functions.
To counter these threats, the CCDCOE recommends establishing sector-specific intelligence sharing networks, creating coordinated response mechanisms, and implementing updated resilience standards. The report concludes with an urgent call to action, stating that “the cost of inaction far exceeds the investment necessary for comprehensive maritime cybersecurity.”
