In an era defined by interconnectedness and digital transformation, the role of cybersecurity in modern maritime warfare has grown. The maritime domain is increasingly vulnerable to cyber threats which can have serious consequences to national security. Cybersecurity is no longer just a matter of protecting data, but also protecting critical defence assets, and the ability to project power and maintain freedom of navigation.

As an Admiral in the United States Navy and a former Supreme Allied Commander of NATO, I have often emphasized the importance of cybersecurity in current military operations and have recently called for the United States to create a dedicated Cyber Force as it did for the space domain in 2019. I firmly believe that as online attacks grow in both volume and impact a new branch of the armed forces in the United States is the best way to protect its forces against the contemporary cyber threat landscape.

If I turn my focus to the maritime domain, it is well-documented that both modern navies and supporting maritime infrastructure rely heavily on networked systems and technologies. From navigation and communication to weapon systems and logistics, digital systems are critical and omnipresent. What concerns me is this connectivity also exposes vulnerabilities that adversaries can exploit. I believe cybersecurity must be integrated into every aspect of maritime operations, from ship design to training and exercises.

Significantly, since I was in command at sea, military activity affecting the maritime domain has evolved beyond traditional naval warfare. This shift requires the United States Navy and its allied partners, including the Royal Australian Navy and the Royal Navy (UK), to adapt to this changing landscape by integrating naval capabilities more into a holistic, whole-of-nation approach.

This evolution is exemplified by the rise of hybrid warfare, a strategic approach that blends conventional military operations with unconventional tactics such as cyberattacks, information warfare, and the use of non-state actors. For those of us focused on the Indo-Pacific region, a clear illustration of this shift can be seen in the escalating tensions in the South China Sea. We see nations not only deploying traditional naval vessels but also employing digital espionage, economic pressure, and disinformation campaigns to advance their strategic interests. Countering hybrid threats presents new challenges and necessitates new modes of operation. An adversary can mount an attack from afar and attacks can be mounted by others - not just the direct opponent. Finally, modern marine systems expose novel and expanding attack surfaces that require the development of new capabilities, doctrines, operational plans and processes.

For the Royal Australian Navy, I was pleased to see the Australian Defence Cyber Security Strategy published last year, recognizing the importance of improving the Department of Defence's cybersecurity posture over the next decade. The Strategy outlines how the DOD will combat cyber threats and principles to maintain a strong cyber security posture in a shifting strategic environment. A key challenge I see moving forward will be to keep this Strategy updated to reflect the constantly changing cyber threat.

The rise of autonomous systems in maritime warfare and the additional cybersecurity challenges they bring speak to this evolving landscape. Unmanned underwater vehicles (UUVs), drones, and autonomous surface vessels (ASVs) are becoming increasingly prevalent in naval operations across the globe and I have previously written about the significant role they have played in the current conflict in Ukraine. These systems rely heavily on software and communication networks, making them susceptible to cyberattacks. Effective cyberattacks on autonomous systems can range from subtle spoofing of data to loss of control, creating potential havoc in the maritime theater.

The implications of compromised autonomous systems are profound. A cyberattack that disables or manipulates UUVs or ASVs can disrupt intelligence gathering, mine countermeasures, or even expose covert missions. Ensuring the cybersecurity of autonomous maritime assets is critical not only for military effectiveness but also for minimizing the risk of escalation in maritime conflicts.

To address these challenges, I am seeing more and more navies across the globe investing in cybersecurity measures tailored to maritime operations. These include robust encryption protocols, intrusion detection systems, and secure communication channels. Some are developing cyber resilience strategies that involve rapid response capabilities to mitigate the impact of cyberattacks and swiftly restore operations. However, I believe more needs to be done.

Having now spent considerable time out of uniform and having advised some of the largest companies in the world, I am increasingly convinced that interagency and public-private sector cooperation is crucial in this endeavor. Cybersecurity in modern maritime warfare should not and cannot be confined to the defense sector. It requires collaboration between the military, intelligence agencies, law enforcement, and private sector partners responsible for critical infrastructure and cyber security. More than ever public and private sectors must work together to enhance the cybersecurity of maritime assets.

As a board member of the cybersecurity company Fortinet, I have seen firsthand how a major cyber leader works with governments to share threat intelligence and support national security efforts. Fortinet collaborates with various stakeholders including other industry cybersecurity experts, law enforcement, policymakers, and international law enforcement organizations, such as NATO and INTERPOL to fight cybercrime and thwart nation state actors by providing real time cyber threat intelligence. This type of partnership between Governments and private sector companies is and will continue to be integral to staying ahead of the maritime cyber security threat.

As our respective Navies continue to pivot to deliver on AUKUS and invest in the QUAD and other global strategic alliances, an underpinning focus must be on cybersecurity to protect our most valuable assets.

About:

Admiral James Stavridis is a retired four-star U.S. naval officer. He is currently Vice Chair, Global Affairs and Managing Director of The Carlyle Group, a global investment firm. He is also the Chair of the Rockefeller Foundation board.  Previously he served for five years as Dean of The Fletcher School of Law and Diplomacy at Tufts University. He led the NATO alliance in global operations from 2009 to 2013 as its 16th Supreme Allied Commander with responsibility for operational missions in Afghanistan, Libya, the Balkans, Syria, counter-piracy, and cyber security. He also served as Commander of U.S. Southern Command with responsibility for all military operations in Latin America from 2006-2009. He earned more than 50 medals in his 37-year military career, including 28 from foreign nations.

Fortinet Australia is privileged to have Admiral Stavridis as a member of Fortinet's Corporate Board of Directors providing strategic direction to its defence and national security engagements and solutions across the globe.  The Admiral also chairs the Board's Governance Committee which shares oversight over product security.