Dualog puts identity at the foundation of maritime cyber security

Cyber threats are increasingly being driven by compromised identities and weak access controls rather than sophisticated malware attacks, as attackers exploit unmanaged credentials to gain access to vessel and company systems, warns leading digital communication provider Dualog.



According to threat intelligence gathered across the sector, more than 80% of alert activity in monitored maritime environments now originates within crew network zones, with attackers relying on stolen, reused or poorly managed credentials instead of technical exploits.



"The shape of the threat has changed," said Geir Inge Jensen, Chief Information Security Officer at Dualog and ISO committee member for Ships and Marine Technology standardisation. "Most incidents we support don't start with an exploit. They start with valid credentials used by the wrong person. A reused password, a vendor account that should have been disabled months ago, a shared admin login nobody can attribute."



Ships have historically had weaker identity hygiene than corporate networks ashore, he added. Shared accounts on bridge systems, generic vendor logins, no MFA, and no central directory remain widespread. The rollout of Low Earth Orbit (LEO) connectivity has compounded the exposure, with crew networks at sea now resembling hotel WiFi in both bandwidth and threat profile.



"This isn't a crew failure," Mr Jensen said. "Seafarers have a hard job. The right response is design, not blame."



Regulators and insurers are arriving at the same conclusion. IMO guidance, IACS Unified Requirements E26 and E27, NIS2, and USCG/MTSA oversight all now require governance, access control, segmentation, and monitoring. Cyber insurance premiums rose sharply in 2025, with expanding exclusions for incidents tied to poor access hygiene.



Mr Jensen said the findings highlight the need for maritime operators to place greater focus on identity management, access governance and visibility across onboard and shoreside systems, as traditional perimeter-focused cyber security strategies become less effective against credential-driven attacks.



Through its own maritime-focused identity and access management solution Digital Identity, Dualog is leading the conversation in cyber security. The platform is designed to give shipping companies secure control over who can access onboard and shoreside systems. giving shipping companies a single place to manage who has access to what across a fleet, designed for the connectivity reality of ships. It federates with existing identity providers, supports MFA, and continues to work when the satcom link drops.


For fleet IT teams, the practical change is visibility and control. Every login is attributable to a real person, leaving crew and finished vendor engagements can be deprovisioned centrally, shared accounts can be retired, while audit trails exist by default. With Dualog Identity, shipping companies gain the foundation needed for modern cyber security at sea: clear ownership of access, alignment with regulatory expectations, and the confidence that every action across the fleet can be traced to a real person.