Op-Ed: An evolving tide of cyber threats

Marco Ayala

Marco Ayala, technical director, Global Energy for ABS Consulting, offers a critical analysis of the industrial control systems and cybersecurity landscape’s escalating risk, pinpointing what’s at stake for the nation’s largest energy hub.

Note to editors: A version of this story was published by the Greater Houston Port Bureau.

As someone who’s spent decades knee-deep in industrial control systems and cybersecurity—starting way back with instrumentation and evolving into teaching International Society of Automation (ISA)/IEC 62443 OT security courses—I’ve seen how major ports like Houston are the beating heart of global trade.

Port Houston handles massive cargo volumes each year, with public terminals alone processing a record 53 million short tons in 2024 and showing strong 6% growth through late 2025, putting full-year figures on track to approach or exceed 56-57 million short tons. When factoring in the broader Houston Ship Channel ecosystem, which includes more than 200 private facilities, the total waterborne tonnage routinely surpasses 300 million short tons annually. This makes it the U.S.’s largest hub for energy (petroleum, refined products, LNG) and chemicals/petrochemicals by far.

This immense scale makes sense considering the Gulf Coast region’s criticality as the nation’s most prominent industrial complex. That means it’s also a prime target in today’s threat landscape, with known vulnerabilities to cyber intrusions and supply chain risks.

In 2025, maritime security extended past patrols and fences to confront a tangled web of physical risks, cyber intrusions and hybrid attacks from nation-states, cyber criminals and “advanced persistent threat” (APT) groups. Drawing from years spent instructing operations teams about modern OT vulnerabilities, the following lessons based on credible sources give a clear picture of what’s at stake.

The Big Risk Picture for Maritime Security Today

Maritime security has always focused on keeping seas open and safe. But lately, safety and risk conversations are getting a lot more complicated.

Take the United Nations Security Council debate back in August 2025: authorities zeroed in on prevention, innovation and teaming up internationally to tackle emerging threats. I remember similar talks in my InfraGard and government circles, where we stress how global cooperation is key, especially for global chokepoints such as the Red Sea, South China Sea and Panama Canal. A report from November 2025 highlighted ongoing tensions in the Panama Canal from drought and politics, plus beefed-up Chinese presence in the South China Sea. Even with ceasefires, the Red Sea is still dicey. For Houston, where so much of our cargo ties into energy exports, any hiccup there hits home hard. I’ve advised on secure systems for chemical sectors that rely on these routes because disruptions not only cause delays but also cascade into supply chain nightmares worldwide.

The U.S. bumped up maritime security in its 2025 National Security Strategy, putting a spotlight on free navigation and protecting those key passages. It’s a smart move, especially with hybrid threats on the rise—think physical sabotage mixed with digital hacks. Taiwan’s 2025 National Ocean Policy expanded to cover non-traditional areas like cybersecurity, which mirrors what the I’ve pushed in my trainings: you can’t secure the seas without securing the systems running them.

On the exercise front, NATO’s MARSEC-25 in October 2025 worked on getting allies in sync, while SEACAT 2025 in Southeast Asia used tools like SeaVision to boost monitoring. Such drills are crucial. I’ve trained National Guard units in Cyber Shield exercises, and it’s the same principle—practice makes resilient.

Smart tech is changing the game, too. The Inmarsat Future of Maritime Safety Report for 2025 dug into distress signals and vessel weak spots, showing how AI and satellites are spotting threats faster. Consequently, those same tools can be turned against us if not locked down properly. The paradox here is that the most secure system is one that doesn’t exist, and over-reliance on tech without safeguards is asking for trouble.

Why Managing Cyber Risk Matters

Ports are going digital at breakneck speed globally—automated cranes, real-time tracking, you name it—and that’s opened up a Pandora’s box of cyberrisks.

Rising issues include ransomware, malware, spying and even jamming GNSS systems. The U.S. Coast Guard (USCG) stepped up with a January 2025 rule requiring cyber plans, drills and dedicated officers at facilities. They followed it with an April alert on foreign meddling in port gear and networks. As an ISA Fellow, I’ve hammered home these points in OT cybersecurity classes: that without solid incident response, a breach can shut down operations just like NotPetya did to Maersk years ago.

NATO’s CCDCOE brief this year pushed for tailored intel sharing in the sector, noting ports handle 80% of world trade but are wide open to cyber hits. ABS Consulting’s early 2025 outlook pegged AI attacks and OT flaws as big worries. In Houston, where we deal with petrochemicals, these aren’t abstract—I’ve consulted on systems where a cyber glitch could mean environmental disasters.

But what’s keeping OT cyber professionals like me up at night? It’s tracking how these digital threats bleed into physical ones. That said, it’s worth noting that Houston’s pilots, navigating in and out through Galveston Bay, lean heavily on skilled visual piloting rather than over-relying on tech. They use sight lines, ranges and on-scene judgment for safe transits, with tools like AIS mandated as operational aids—not primaries—especially when managing restricted visibility (which may trigger suspensions or daylight-only requirements) or for widebody vessels often limited to daylight hours. This human expertise adds a layer of resilience against tech disruptions.

Nation-State Actors: The Heavy Hitters

Nation-states are the pros in this arena, often mixing cyber ops with real-world muscle. A CSIS report from October 2025 drew parallels to incidents like the Colonial Pipeline ransomware attack, showing how cybercriminals—often operating from safe havens in adversarial nations—target critical infrastructure for economic disruption.

The 2022 Nord Stream blast was a wake-up call on hybrid attacks against underwater infrastructure—attribution’s tough, responses even tougher. AWS noted in 2025 that state actors are now peeking into ship CCTV and more. For U.S. ports, foreign technologies could leak cargo intel straight to adversaries. NATO’s July 2025 warning on European port hacks exposed those gaps. Additional geopolitical safety risks like pro-Palestinian hacktivists using AIS data to harass Israeli ships could spill over to our allies.

Table One: Seven Aspects, APTs, Cybercriminals (Source: Marco Ayala, 2025)

Cybercriminals and APTs: The Opportunists and Sneaks

Then there are the cybercriminals and APTs, chasing cash or secrets. Ransomware is exploding in 2025, with ABS Consulting reporting big breaches in transport causing operational and financial shutdowns. The International Chamber of Shipping’s 2024/2025 barometer ranked cyber as a top peril. See Table One (above).

APTs like SideWinder or China’s APT41 are ramping up against shipping, slipping in via malware or supply chains. Cyble’s July 2025 dive counted at least a dozen APTs hitting the industry amid tensions. They’re after creds, certs and data, often paving the way for ransomware. Hacktivists pile on, messing with ports for causes. In Houston’s OT-heavy world, one breach in petrochemical controls is a safety nightmare.

These groups evolve fast, so staying ahead means constant vigilance.

What’s Changing from 2025 and How to Fight Back

Industries have seen a jump in attacks this year. Industrial Cyber noted hacktivists and states ramping up, including through GPS tricks. And just this month, French authorities nabbed a Latvian crew member for planting malware—a remote access tool—on the Italian ferry Fantastic (owned by Italian shipping company Grandi Navi Veloci) while it was docked in Sète. The tool could’ve let outsiders remotely control the ship, but thankfully, the company spotted it, neutralized the threat without any real damage and tipped off law enforcement. The crew member was charged with hacking on behalf of a foreign power, with suspicions pointing toward Russian interference, as French Interior Minister Laurent Nuñez called it a “very serious matter” involving foreign meddling. A Bulgarian crewmate was questioned but let go. This kind of insider threat hits close to home for me. I’ve drilled teams on spotting these threats in OT environments, and it shows how even passenger vessels aren’t immune as cyberrisks blend with potential physical sabotage.

Globally, the Cyprus-Israel-Greece summit in December 2025 pledged a Maritime Cybersecurity Center. In India, IIT Kanpur’s training and the new Bureau of Port Security focus on risks and sharing intel.

USCG’s Cyber Protection Teams are hunting state actors, and insurers are demanding better coverage. ABS Consulting’s 2025 take stressed endpoint security for offshore rigs. Closer to home, through InfraGard Houston and National, we’ve been pushing similar defenses.

Port Futures Advisory: Threats Aren’t Letting Up

From my vantage point advising on port futures and training teams, the threats aren’t letting up; if anything, they’re getting sharper and more targeted. Windward’s 2026 Maritime Forecast paints a picture of ongoing instability, with global trade routes caught in geopolitical tugs-of-war, like persistent Red Sea disruptions and Russia’s expanding “dark fleet” using spoofed AIS and shady transfers to dodge sanctions. What worries me is the blend of cyber and physical—think undersea cable sabotage or AI-fueled data leaks from blurred enterprise-consumer tools, making maritime ops even riskier.

In transportation, the NMFTA’s 2026 Trends Report warns of a surge in cyber-enabled cargo theft, where AI amps up social engineering for fake bills of lading or deepfake calls, compressing breaches to under an hour. Ransomware will evolve beyond encryption to pure extortion, hitting supply chains hard, while OT-IT gaps invite hybrid attacks on telematics and smart systems. Experts predict nation-states and criminals will ramp up on critical infrastructure such as ports and logistics, using GPS jamming and one-day exploits for cyber-physical chaos.

It’s not all doom: with IMO’s updated guidelines kicking in and regs like CIRCIA demanding quick reporting, the industrial sector will see more automated defenses and collaborations. But an honest assessment is that the key will be treating cyber as a full-spectrum issue—more targeted yes, but with the right prep, the maritime and offshore industries can stay one step ahead.

Steering Toward Safer Waters

Tackling cybersecurity means having a well-rounded strategy. Invest in AI monitoring, build public-private ties and stay compliant with regulations such as the USCG’s cybersecurity requirements. Training is a crucial, and transformative, step.

While threats keep morphing, defenses can too. By leaning on innovation and staying alert, major ports and OCS facilities can keep their edge in trade, even in rough waters.