Maritime Risk & Threat Assessment: From Awareness to Action
On August 29, 2025, Norway’s key security actors gathered in Ålesund to discuss one critical question: What does today’s threat picture really mean for the maritime industry?
Representatives from PST, NSM and Norma Cyber outlined the current maritime threat landscape—from espionage and cyberattacks to export control challenges. Their message was clear: risks are no longer abstract policy issues, but operational realities that every shipyard, supplier and shipowner must take seriously.
The Maritime Challenges Ahead
The seminar highlighted intertwined challenges demanding urgent attention. PST and NSM pointed to the broader security picture: espionage targeting Norwegian technology, increasing activity from state and non-state actors, and persistent vulnerabilities in critical infrastructure. The message was unambiguous—these threats are real, they are growing, and they directly affect the maritime industry.
Export control is also becoming more complex, especially for smaller companies. Here the new Directorate for Export Control and Sanctions (DEKSA) is a vital first point of contact. For many, learning how to work effectively with DEKSA will be key to staying compliant while remaining competitive internationally.
From Norma Cyber we learned that OT hacktivism incidents are increasing rapidly, while ransomware levels have remained relatively stable in recent years. Today many attacks are not highly sophisticated—but with AI advancing, attackers are expected to expand their capabilities. Cybersecurity and supply chain vulnerabilities remain pressing concerns: awareness is growing, but resilience and compliance are still uneven.
A Toolbox Within the Cluster
The seminar showed that it’s not only about identifying threats—it’s also about applying the tools already available:
- DNV’s Cyber Security Maturity Assessment: benchmarks practices against recognized standards, identifies gaps, and outlines clear improvements.
- NTNU’s Norwegian Cyber Range: enables companies to simulate attacks, train responses, and test new products before launch.
- The NEMONOOR Project: where GCE Blue Maritime is directly involved, helping companies integrate cybersecurity into daily operations.
These are not abstract concepts but practical instruments ready to be applied. The toolbox exists—the real challenge is ensuring companies use it.
The conclusion was clear: risks are real, regulations are tightening, and cyberattacks are evolving. Awareness is not enough—companies must build resilience and make active use of the tools at hand.