Maritime cybersecurity is entering a new phase. Risks now affect ports, vessels and logistics ecosystems in direct and visible ways. As maritime operations become more connected, cyber incidents can interrupt movement of goods, reduce operational visibility and affect essential services across supply chains.
That’s the subject of the most recent episode of Podomation, the official podcast of the International Society of Automation (ISA). Podomation Episode 009: OT Cybersecurity in the Maritime Sector features a discussion that touches upon the rising incident volume, broader exposure and growing complexity of today’s maritime threat landscape. It also highlights that organizations have clear paths to strengthen their resilience through standards and disciplined risk management.
What is Podomation?
Podomation is ISA's podcast showcasing top subject-matter experts in the industrial automation community. Its guests speak on a broad range of topics that matter to automation professionals, including industry 4.0, digital transformation, manufacturing and machine control, instrumentation, connectivity and cybersecurity for operational technology (OT) and continuous and batch processing.
Some episodes are recorded live during ISA events, and others are recorded in studio. No matter where the conversation takes place, each episode highlights the role of automation in making the world a better place — and the impact our community has across industries.
Podomation Episode 009: OT Cybersecurity in the Maritime Sector
In this episode, the speakers discussed the impact of maritime cyber risk on real-world operations. This episode’s featured experts were:
- Marco Ayala, director, Technical - Cybersecurity Center of Excellence (CoE), Global Energy, ABS Consulting
- Steve Mustard, president and CEO, National Automation, Inc.
They began with an overview of documented modern threats in the maritime sector like malware, phishing, GPS spoofing or compromised vendor access, which can create real consequences for commercial activity. A disruption in a port or on a vessel can interrupt delivery schedules and affect the flow of food, fuel, equipment and vital supplies. Maritime infrastructure supports a significant share of global commerce, so cyber risk in this sector carries broad business and economic implications.
This reality shapes how organizations should think about cyber readiness. The speakers emphasized that risk assessment in maritime environments should center on operational consequences, system dependencies, recovery procedures and continuity of service.
Standards provide structure for maritime resilience
The ISA/IEC 62443 series of standards featured prominently in the conversation as a foundational framework for maritime cybersecurity. The standard supports risk-based security planning, segmentation through zones and conduits, security level targets, secure procurement practices and lifecycle management.
The speakers also pointed to the relevance of other standards, including ISA-84 for functional safety, ISA-18 for alarm management and ISA-101 for human-machine interface (HMI) design. Together, these standards help organizations strengthen situational awareness, improve design quality, support safer response to abnormal conditions and align cyber programs with operational realities.
Adoption is progressing in important areas, including new vessel builds that incorporate risk assessment and security control requirements. Continued progress will depend on consistent implementation, qualified assessors and ongoing operational review.
Turning guidance into practice
A strong message throughout the episode was that secure automation depends on trained people. Cybersecurity programs in maritime settings require engineers, operators, technicians, vessel crews, assessors and executives who understand the environment they support.
Hands-on context is key. On-site assessments can reveal password exposure, unsecured ports, unmanaged laptops, weak physical controls and network connections that may not appear in documentation. Direct observation of vessel and port conditions gives organizations a clearer picture of operational risk.
Training also supports better decision-making around change management, patching, vendor access and incident response. Maritime organizations gain value from personnel who understand both cybersecurity principles and the physical realities of OT systems.
Listen to the full conversation
To hear the complete conversation with Steve Mustard and Marco Ayala — including their thoughts on the future of maritime cybersecurity over the longer term — please visit Podomation or search for “Podomation” wherever you listen to podcasts.
Ready for the Next Episode of Podomation?
To see new episodes as soon as they’re ready, make sure to subscribe on your podcast platform of choice. Podomation is available on Spotify, Apple Podcasts and many more. If you enjoy these discussions, please leave us a review on any of these platforms. You can also play back episodes here any time.
