The Coast Guard’s final cybersecurity rule, now in effect, and the upcoming training mandate due in January 2026, are pushing the marine transportation system to confront cyber risk as an operational reality. Two industry voices—one from a maritime technology company and the other from a safety-and-risk leader—agree on the solution: to achieve resilience, the industry must move beyond checklists and embrace engineered controls, measurable hygiene, and contracts that create accountability.
CyberOwl, now part of DNV and based in Singapore, is tackling a critical challenge for shipowners: gaining practical visibility of onboard operational technology (OT). Daniel Ng, CEO of CyberOwl, highlights the difficulty in simplifying the visibility of both connected and presumably unconnected OT systems. “One of the toughest challenges in cybersecurity for shipping is how to simplify gaining visibility of both connected and presumably unconnected operating technology (OT) systems,” Ng says. As part of DNV, collaboration with original equipment manufacturers (OEMs) has become more meaningful, aiming to push some responsibility upstream so security data is consistently logged and delivered from design through operation. This approach reduces the need for fragile retrofits and provides owners with a clearer evidentiary trail.
Ng argues that the fear of implementing a Security Operations Center (SOC) often stems from enterprise pricing that doesn’t fit maritime economics. “Putting in place a SOC service does not have to be as hard or expensive as people imagine,” he says, if costs are predictable on a per-vessel/per-day basis. He recommends a minimum viable capability where a complete SOC is not feasible, focusing on configuring alerts for a few safety-critical use cases with onboard equipment, particularly network bridging and remote access. Keeping a “zero-hour” incident response arrangement ensures a maritime-experienced team can deploy quickly. However, Ng cautions that this stopgap usually costs more over time than a right-sized SOC that shuts incidents down early and steadily improves hygiene.
The attack picture is clear. “Unfortunately, the top vector is still USB,” Ng notes. “This represents 75 percent of all the malware incidents we saw during 2024. That trend continues in 2025 so far.” Physical USB locks do not fix the problem; they are “a poorly understood control that is clearly not working” because crews can unlock them. Ng warns that inspecting for them encourages security theater and distracts from controls that lower risk. Remote access as an ingress route is also rising, from four percent of the incidents in 2023 to 13 percent in 2024, a byproduct of digitalization and supply chain exposure. The practical prescription remains simple and effective: segment critical systems and implement USB controls that work in practice rather than appearance.
CyberOwl’s solution to the “evidence problem” is to make proof easy to produce. The company’s OT Security Manager mines maintenance documents and spreadsheets to build a defensible inventory to roughly sixty to seventy percent accuracy without installing software onboard. Crews then verify the remainder through targeted walkthroughs or scans while AI flags inconsistencies. Medulla, CyberOwl’s cybersecurity monitoring platform, turns that baseline into a hygiene scorecard mapped to IMO guidance, IACS E26 and E27, and NIST, so crews can produce a ready-to-show evidence pack in minutes. Ng also urges the industry to look upstream at how E26, which sets minimum requirements for the cyber resilience of ships, plays out in practice. He concludes that while E26 is imperfect, it’s a reasonable step. The issue is where implementation begins, at the shipyard. Many newbuilds come from yards where cybersecurity receives less attention, and that mindset flows to owners who must operate and maintain the result. He cautions that some yards simplify for convenience by pushing a single template for network architecture, securing class approval, and then telling owners it’s the only way to safeguard a ship. That approach hinders fleetwide harmonization and locks in design choices that may not serve the operator. Procurement is where behavior changes fast. “We’re seeing an increasing number of charterparty contracts demanding minimum-level cybersecurity, particularly in the oil and gas segments,” Ng says. He wants OEM supply-and-service contracts to spell out responsibilities, liabilities, and incident support for safety-critical systems where owners lack direct control over vendor equipment, such as black boxes.
Michael DeVolld, Senior Director for Maritime Cybersecurity at ABS Consulting, emphasizes that cybersecurity resonates best when integrated into the policies and procedures crews already use, not treated as something separate. He points to tabletop exercises alongside fire or spill drills and real-world cases where cyber events disrupted navigation, cargo operations, and port logistics. “At the end of the day, cyber connects best when framed in the same terms crews already live by –