The potentially catastrophic threat of GPS spoofing in shipping
GPS spoofing or jamming of the world’s largest vessels is posing a very-real risk, says IMarEST Fellow, Captain Peter McArthur.
Recent research from cyber intelligence firm Cyble suggests that cyberattacks targeting the maritime and shipping industry are exploiting geopolitical tensions with: “The trend [becoming] particularly pronounced in the last year.”
It also revealed that: “Electronic interference, including GPS jamming and spoofing, is escalating in critical maritime chokepoints like the Persian Gulf and Strait of Hormuz, posing a serious threat to vessel safety and operational reliability.”
Detailing the threat, Captain Peter McArthur describes how perpetrators deploy a device – which can be relatively inexpensive to acquire and located some distance away – to overpower the real GPS satellite signals intended for a vessel and instead relay bogus positional information.
“A ship might appear on maps to be miles away from its true location,” Captain McArthur explains. “It might seem to be moving in circles, jumping between ports or even on land. Ship tracking services (like MarineTraffic) may show bizarre routes. In the most recent reports, merchant ships were noted to (quite impossibly) be travelling at supersonic speeds.”
Captain McArthur outlines the motivations for GPS spoofing may include hiding a ship’s real location, “for example, illegal fishing, smuggling or sanctions evasion”, creating confusion or misleading authorities, testing cybersecurity weaknesses in maritime navigation systems, and as a sabotage or prank. “Rare but possible,” he says of the latter.
Back in the 1990s
Captain McArthur believes that the risks associated with the ready incorporation of digitisation in shipping from the 1990s onwards were “seriously underestimated”.
“The global commercial shipping sector [is] not yet sufficiently cognisant or prepared for the full scale and complexity of GPS spoofing threats,” he reasons. “This attitude of ‘Get the technology in, it saves money, and we can reduce crew numbers’ sadly mirrors (and in several instances, was the precursor for) what happened in other industries (like healthcare and manufacturing).
“The stakes are uniquely high in the maritime sector as it is often considered to be ‘out of sight, therefore out of mind’. The reality is, a single compromised vessel could block a port, create an environmental disaster or disrupt global trade – think what happened with the Ever Given incident in the Suez Canal, in 2021.
“Unfortunately, the rapid introduction of IT and automation was accompanied by poor planning and a notable lack of preparatory foresight.” He asserts that “concerningly”, the emergence of AI has, “Dramatically increased the potential for vulnerabilities to be exploited, not only by creating new ones, but by making it much easier for malicious actors to find, understand and exploit existing ones.
“AI is leaving even the most knowledgeable seafarers behind and those who were only just coping with digitisation are increasingly bewildered with the potential (and associated blind spots) that AI introduces.”
Particularly given the growing AI capacity, Captain McArthur considers malicious actors in this area as having serious potential to cause mass disruption of global trade, port chaos and logistical meltdown, environmental disaster, military and national security threats, and hybrid warfare or cyberterrorism.
“The moment someone puts an idea into AI, it goes into the very rapidly-growing corpus of AI knowledge and its capacity to self-speculate. The rate of growth and the capacity to speculate as to scenarios, grows exponentially. The risk is astronomical.
“The worst-case scenario of maritime GPS spoofing could be a large-scale, co-ordinated attack that disrupts global shipping lanes, ports and naval operations, leading to severe economic, environmental and geopolitical consequences.”
Building up a defence
The research from Cyble backs up the worries of Captain McArthur and others. “Driven largely by rising geopolitical tensions and military manoeuvres, these [GPS jamming] disruptions increase the risk of collisions, navigational errors, and maritime incidents, while also undermining regional security and the safe flow of global trade,” it states.
Indeed, the recent MSC Antonia grounding in the Red Sea has been linked to GPS jamming, with Pole Star Global agreeing with analysis from AI specialists Winward that GPS interference was likely to blame.
Captain McArthur says that AI need not be the on the side of ‘bad actors’. “With foresight, AI can also be used defensively – for anomaly detection, predictive maintenance and cyber threat analysis,” he states. “However, the accessibility it offers is what worries experts, especially when paired with open-source tools, lax cybersecurity and vulnerable legacy systems onboard ships.”
To effectively minimise GPS vulnerabilities in shipping, Captain McArthur is urging both ship operators and the IMO to adopt “complementary but distinct measures” such as deploying multi-sensor navigation systems, training crew to recognise spoofing symptoms, implementing real-time GPS anomaly detection tools, using redundant or backup PNT (positioning, navigation and timing) sources, and enhancing cyber hygiene.
In addition, standardising spoofing incident reporting, introducing a mandatory GNSS (Global Navigation Satellite System) resilience requirement, and developing a unified reporting and information-sharing mechanism is recommended.
Finally, pushing for GNSS signal authentication standards and supporting GNSS-alternative navigation infrastructure, as well as incentivising innovation via classification and insurance is on Captain McArthur’s wish list.
“GPS spoofing is not just a technical nuisance — when combined with the growing risks of AI incorporation, it must be viewed as a local and strategic threat, capable of disrupting local, regional and global trade, destabilising geopolitics, and endangering lives at sea,” concludes Captain McArthur.
“If the maritime community waits for a high-profile disaster before it decides to act, it will be too late. A proactive, layered, and a globally coordinated response is not just preferable, it's imperative.
“Every day that this situation persists represents a double-retrograde step in that the risk grows by a day, and [the] industry loses a day to the growing risk. On this basis alone, the threat is not going to go away any time soon.”
IMarEST is involved in a working group centred on GNSS jamming and spoofing led by the Royal Institution of Navigation (RIN). Discover how get involved on IMarEST Connect.
Tell us what you think about this article by joining the discussion on IMarEST Connect.
Main image: MSC Antonia container ship sailing the Amazon River in Brazil before its grounding in 2025. Credit: Shutterstock.
Inline image: Ever given container ship at anchor in the Great Bitter lake half through the Suez canal after it ran aground.
