The Coast Guard’s final cybersecurity rule, now in effect, and the looming training mandate by January 2026, are pushing the marine transportation system to confront cyber risk as an operational reality. Two industry voices—one from maritime technology and the other from safety and risk management—agree on the solution: to achieve resilience, the industry must move beyond checklists and embrace engineered controls, measurable hygiene, and contracts that enforce accountability.
### The Challenge of Visibility
One of the toughest challenges in maritime cybersecurity is gaining practical visibility of onboard operational technology (OT) systems. Daniel Ng, CEO of CyberOwl (now part of DNV), highlights this issue: “One of the toughest challenges in cybersecurity for shipping is how to simplify gaining visibility of both connected and presumably unconnected operating technology (OT) systems.” By collaborating with original equipment manufacturers (OEMs), CyberOwl aims to push security data logging and delivery consistently from design through operation, reducing the need for fragile retrofits and providing owners with a clearer evidentiary trail.
### Security Operations Centers (SOCs)
Ng argues that the fear of implementing a Security Operations Center (SOC) often stems from enterprise pricing that doesn’t align with maritime economics. “Putting in place a SOC service does not have to be as hard or expensive as people imagine,” he says, suggesting a minimum viable capability where a complete SOC isn’t feasible. He recommends configuring alerts for a few safety-critical use cases, focusing on network bridging and remote access, and maintaining a “zero-hour” incident response arrangement. However, he cautions that this stopgap usually costs more over time than a right-sized SOC that shuts incidents down early and steadily improves hygiene.
### Attack Vectors
The attack landscape is stark. Ng notes that USBs represent 75% of all malware incidents in 2024, a trend continuing into 2025. Physical USB locks are ineffective, as crews can easily bypass them. Remote access as an ingress route has also risen from 4% in 2023 to 13% in 2024. The practical solution remains straightforward: segment critical systems and implement effective USB controls.
### Detecting Threats and Building Defenses
CyberOwl’s OT Security Manager addresses the “evidence problem” by mining maintenance documents and spreadsheets to build a defensible inventory with 60-70% accuracy without installing software onboard. Crews then verify the remainder through targeted walkthroughs or scans, while AI flags inconsistencies. Medulla, CyberOwl’s cybersecurity monitoring platform, turns this baseline into a hygiene scorecard mapped to IMO guidance, IACS E26 and E27, and NIST, allowing crews to produce a ready-to-show evidence pack in minutes.
Ng urges the industry to look upstream at how E26 plays out in practice. He concludes that while E26 is imperfect, it’s a reasonable step. The issue lies in implementation, particularly at shipyards where cybersecurity often receives less attention. He cautions that some yards simplify network architecture for convenience, hindering fleetwide harmonization and locking in design choices that may not serve the operator.
### Procurement and Contracts
Procurement is where behavior changes fast. “We’re seeing an increasing number of charterparty contracts demanding minimum-level cybersecurity, particularly in the oil and gas segments,” Ng says. He advocates for OEM supply-and-service contracts to spell out responsibilities, liabilities, and incident support for safety-critical systems where owners lack direct control over vendor equipment.
### From Rules to Readiness
Michael DeVolld, Senior Director for Maritime Cybersecurity at ABS Consulting, emphasizes that cybersecurity resonates best when integrated into daily work: “Cyber resonates best when integrated into the policies and procedures crews already use, not treated as something separate.” He points to tabletop exercises alongside fire or spill drills and real-world cases where cyber events disrupted navigation, cargo operations, and port logistics.
DeVolld widens the lens to the economy, noting that cyber risks are not just corporate but systemic. “Too often, cyber is seen as an IT issue, not a supply chain crisis. The Suez Canal blockage is a telling parallel. It wasn’t a cyber incident, but one ship that caused billions in losses and cascading congestion. A cyberattack could create the same disruption, only faster and across multiple ports or vessel classes.”
### Training and Technology
Training is both the near-term test and the long-term project. “I see a split in how operators approach the 2026 training deadline,” DeVolld says. “Some are leaning in early, working with the Coast Guard and experienced consultants to understand the intent and tailor training to operations. Others assume their corporate off-the-shelf training will check the box, and that could result in