Securing Sea & Road: Cyber Threats in Maritime & Logistics

The shipping, trucking, and logistics sectors are increasingly in the crosshairs of cyber attackers. In the past few years, both major and minor incidents have shown that no size or mode of transport is immune. Whether it is a vessel navigating global trade routes or a fleet hauling freight across the country, every connected system represents a potential attack surface.

Emerging Threat: The ‘Coinbase Cartel’ and the Rise of Leak-Only Extortion

In mid-September, a cyber-criminal group calling itself “Coinbase Cartel” emerged with a new form of extortion that does not rely on encrypting systems. Instead, they steal sensitive data and threaten to publish it, a “leak-only” model that bypasses many traditional ransomware defenses.

Early attacks have focused on the transportation and logistics sector, targeting supply chain intermediaries, brokers, and carriers. These organizations manage highly valuable operational and shipment data across interconnected networks of third-party vendors, which creates multiple entry points for attackers.

Because the group does not disrupt operations, victims often remain unaware of a breach until their data is weaponized. The group exploits exposed credentials, insider access, and weak cloud segmentation to infiltrate systems, then uses staged leaks and “proof packages” to pressure payment. They have even advertised insider collaboration opportunities to expand access.

This approach highlights a growing shift in cybercrime: attackers no longer need to shut systems down to inflict damage. For transportation and logistics providers, where uptime, data integrity, and reputation are paramount, this type of attack can be just as damaging as ransomware, if not more so.

Other recent examples include:

• Estes Express Lines (2023): One of the largest less-than-truckload (LTL) carriers, where each customer pays only for the portion of trailer space their shipment uses, was hit by a cyberattack that forced manual operations for weeks.
• Americold (2023): The cold-chain logistics leader suffered a ransomware attack that disrupted warehouse systems and exposed sensitive data.
• KNP Logistics / Knights of Old (U.K., 2023): A ransomware incident so severe it contributed to the company’s collapse, showing how downtime can cripple operations.
• Ward Transport & Logistics (2024): A regional carrier that experienced a cyber-attack, slowing operations and affecting customer communications.
• Central Freight Lines (2020): A breach that added to operational strain and was cited as one of several challenges leading up to the company’s closure.
• Port of Houston (2021): A nation-state actor exploited a vulnerability in a web application, attempting to gain access to port control systems. Quick response prevented operational shutdowns.
• U.S. Coast Guard Marine Transportation System (2024): Reported increasing ransomware and phishing campaigns targeting vessels, terminals, and ship-to-shore control systems.

These events highlight a simple truth: Cyber threats do not discriminate by size or geography. Every connected truck, vessel, warehouse, and dispatch center is a potential target. The key question is not whether your organization will face a cyber incident, but how prepared you are to respond. That is where cybersecurity frameworks come in. They help structure defenses, guide response, and ensure compliance across the entire supply chain.

Cybersecurity Frameworks for Maritime and Logistics Operations

Maritime shipping and trucking companies share similar challenges: connected fleets, operational technology (OT), satellite tracking, and complex data networks. The following cybersecurity frameworks and guidelines provide structure for protecting these interconnected systems while aligning with U.S. and international regulations.

NIST Cybersecurity Framework (CSF)

NIST CSF is the best starting point for any transportation organization. It is adaptable, risk-based, and scalable, which makes it suitable for both fleets and ports. Its six core functions (Govern, Identify, Protect, Detect, Respond, and Recover) cover the full cybersecurity lifecycle. Many U.S. agencies, including the Federal Motor Carrier Safety Administration (FMCSA) and the U.S. Coast Guard (USCG), reference NIST standards in their own policies. To strengthen your security posture, you can pair the NIST CSF with:

• NIST SP 800-53: For detailed, control-level implementation guidance.
• NIST SP 800-171: For companies handling federal or defense-related logistics.

Together, these provide a strong foundation for compliance and operational resilience.

ISO/IEC 27001

ISO 27001 certification offers a formal, auditable way to manage information security. It covers everything from risk management and access control to incident response and continuous improvement. In global logistics and maritime trade, ISO certification can be a competitive advantage. Many shippers, ports, and international partners prefer working with ISO-certified vendors because it demonstrates a structured and verifiable commitment to cybersecurity. For logistics companies with global operations, ISO 27001 builds trust and credibility throughout the supply chain.

CIS Controls (Center for Internet Security)

CIS Controls provide a practical, prioritized roadmap for improving cybersecurity, especially for smaller IT or OT teams that need clear, actionable steps. They focus on everyday defensive measures like:

• Maintaining an asset inventory
• Securing system configurations
• Managing patches and vulnerabilities
• Monitoring network activity

These controls are designed for quick wins and measurable improvements. They also complement NIST CSF, making them ideal for organizations that want tactical actions within a broader strategic framework.

TSA, FMCSA, and USCG Guidance: Transportation-Specific Cybersecurity

While frameworks like NIST and ISO provide the foundation, sector-specific guidance from federal agencies brings those principles into the real-world context of trucks, ships, and terminals.

Transportation Security Administration (TSA)

The TSA plays a significant role in shaping cybersecurity standards for surface transportation, pipelines, railways, and ports. In recent years, the TSA has issued security directives requiring operators of critical infrastructure, especially pipeline and rail systems, to:

• Implement stronger cybersecurity controls
• Conduct regular vulnerability assessments
• Report incidents within specific timeframes

For ports and intermodal terminals, the TSA’s cybersecurity directives align closely with the Maritime Transportation Security Act (MTSA). Under the MTSA, maritime facilities must include cybersecurity assessments and mitigation plans in their official security programs. These steps ensure that cyber threats are treated as safety threats, protecting both commerce and critical infrastructure.

Federal Motor Carrier Safety Administration (FMCSA)

The FMCSA regulates and promotes safety within the trucking and bus industries, and in recent years, it has begun linking cybersecurity directly to regulatory compliance. Fleet systems such as Electronic Logging Devices (ELDs), telematics, and dispatch platforms collect and manage sensitive operational data, including driver identification, vehicle routes, and engine performance. A cyber incident involving these systems could result in falsified records, service disruptions, or even unsafe vehicle operations. To prevent this, FMCSA emphasizes the use of only approved ELDs, regular firmware and software updates, continuous monitoring for tampering or unusual activity, and strict data security standards for third-party vendors. FMCSA now treats cybersecurity as an integral part of overall safety management, recognizing that protecting data is just as crucial as protecting drivers and vehicles on the road.

FMCSA Cybersecurity Alignment Table

The table below illustrates how FMCSA focus areas align with the NIST CSF version 2.0 and CIS Controls, helping carriers and logistics providers turn regulatory expectations into practical, measurable security actions:

U.S. Coast Guard (USCG)

The USCG is the primary cybersecurity authority for maritime operations and port facilities. Through the MTSA, the Coast Guard requires vessel and port operators to:

• Conduct cybersecurity vulnerability assessments
• Include cyber risk management measures in security plans
• Report incidents that could affect port or vessel safety

The USCG also issues ongoing guidance through its Navigation and Vessel Inspection Circulars (NVICs), which help maritime operators integrate cybersecurity into day-to-day operations. These measures ensure that cybersecurity is not treated as an IT issue but rather a core part of vessel safety, environmental protection, and operational continuity.

Together, the TSA, FMCSA, and USCG form a unified framework for safeguarding both information systems and operational technology (OT), helping fleets, terminals, and vessels remain secure in an increasingly connected transportation network. While broad cybersecurity frameworks like NIST CSF, ISO 27001, and CIS Controls provide a solid foundation for managing risk, they do not always address the unique operational realities of the transportation sector. Trucks, vessels, and intermodal facilities each operate under different safety standards, compliance obligations, and technology environments. That is where sector-specific guidance from federal agencies such as the TSA, FMCSA, and USCG becomes essential. These agencies take national cybersecurity policies and translate them into practical, industry-focused requirements that align with the everyday challenges of transportation and logistics operations.

CISA Cross-Sector Cybersecurity Performance Goals (CPGs)

The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cross-Sector Cybersecurity Performance Goals (CPGs) to help critical infrastructure sectors, such as transportation and maritime, quickly assess and strengthen their cyber resilience. Built on the NIST CSF, the CPGs simplify its principles into clear, actionable steps that organizations can implement without needing a full-scale audit. These goals establish a baseline for cybersecurity maturity, allowing companies to evaluate their current defenses, identify gaps, and prioritize improvements in a practical, results-driven way. For transportation and logistics providers, this means a faster path to measurable progress, especially for those balancing complex IT and OT systems. Many logistics and maritime organizations now use the CPGs to benchmark their security posture, justify cybersecurity investments, and communicate readiness to insurers, auditors, and executive leadership. Simply stated, CISA’s CPGs turn broad cybersecurity guidance into focused, achievable actions that help critical infrastructure operators improve resilience where it matters most.

Putting It All Together

A resilient cybersecurity strategy weaves these frameworks together into a cohesive program:

1. Use NIST CSF as your foundation.
2. Apply CIS Controls for daily, tactical implementation.
3. Pursue ISO/IEC 27001 certification to demonstrate global compliance.
4. Follow TSA, FMCSA, and USCG guidance for transportation-specific requirements.
5. Leverage CISA’s CPGs to track your maturity and progress over time.

By the end of the first year, your organization should aim to:

• Build an asset inventory and risk register
• Establish cybersecurity policies and procedures
• Implement multi-factor authentication (MFA), patching, and access controls
• Complete employee cybersecurity training
• Test your incident response plan
• Verify regular, secure backups
• Conduct a maturity risk assessment for audit or insurance readiness

Final Takeaway: Cybersecurity as an Operational Lifeline

Cybersecurity in transportation is not just about protecting IT systems anymore. It is about keeping operations safe, reliable, and moving. The same digital systems that power freight networks and guide ships through ports are now top targets for increasingly sophisticated cyberattacks. Whether you oversee a regional fleet, a global carrier, or a maritime terminal, the goal is the same: protect data integrity, maintain uptime, and ensure safety across every connected system.

Adopting frameworks like NIST CSF, ISO 27001, and CIS Controls, along with guidance from TSA, FMCSA, and USCG, helps embed cybersecurity into the daily culture of safety and operational discipline. These frameworks are not just about compliance. They also build resilience, strengthen customer confidence, and keep goods and vessels moving securely in a hyperconnected world.

The rise of data-theft groups like the Coinbase Cartel underscores why a complete cybersecurity strategy is essential. Protecting uptime alone is no longer enough. Today, the real challenge is protecting data and visibility across the entire supply chain ecosystem. Every investment in cybersecurity is an investment in your reliability, your reputation, and the long-term stability of your operations.

Enhance Your Transportation Cybersecurity with Compass

Compass IT Compliance helps maritime, transportation, and logistics organizations strengthen cybersecurity across both IT and operational environments. From vulnerability assessments and penetration testing to framework alignment and incident response planning, our experts deliver practical, compliance-driven solutions that reduce risk and improve resilience. Whether you manage a port, a regional carrier, or a nationwide logistics network, we can help you build a cybersecurity program that keeps your operations secure and compliant. Contact us today to learn more.