The Dutch Navy has successfully completed a live-firing exercise off the U.K. coast, facing simulated swarm attacks, as part of training to tackle real-life threats.
It was the first time that a NATO ally has taken part in Exercise Sharpshooter, which is run by QinetiQ and delivers both live and synthetic training scenarios.
Over three days at MOD Aberporth, the Dutch ship HNLMS Evertsen, located 20 miles off the Welsh coast, was targeted by simulated drone attacks. QinetiQ’s aerial drone target, the Banshee Whirlwind, and the company’s uncrewed surface vehicle, Hammerhead, were used as well as virtual drone attacks.
HNLMS Evertsen successfully completed its objectives, tracking and neutralizing five aerial threats, also hitting and sinking two Hammerhead unmanned surface vehicles.
The threat scenario, designed by QinetiQ-owned Inzpire, required the defense of critical assets in contested waters. Tactical specialists integrated live targets with synthetic threats to represent cruise and ballistic missiles, as well as enemy aircraft, fully testing operating procedures from initial detection to neutralization.
Commander Marcel Keveling, Royal Netherlands Navy, said: “HNLMS Evertsen and the Royal Netherlands Navy are grateful to have trained on such an immersive level. To be able to fire at live targets and keep our crew in a higher state of readiness for multiple days has taught us many lessons we aim to take with us when sailing on an operational level. Especially in the ever-changing world of today we find it important to train as realistically as possible, this exercise was a prime example of that.”
Will Blamey Chief Executive, U. K. Defence, QinetiQ, said: “With interoperability between nations more important than ever, these exercises give the U.K. and its allies the opportunity to train alongside each other, sharing tactics and learnings to improve readiness. By blending live and synthetic training with advanced capabilities, we help allied forces stay battle-ready and make confident decisions in a fast-changing threat environment.”
QinetiQ is a key provider of test and training for the U.K. armed forces. Through the Long-Term Partnering Agreement (LTPA), the company operates 16 sites across the U.K., delivering exercises across land, sea and air.
Earlier this year, the Royal Navy’s HMS Dauntless neutralized drone swarms during another QinetiQ-run Sharpshooter exercise as part of preparation ahead of deploying as part of the U.K.’s Carrier Strike Group.
China has escalated its criticism of Panama after the country’s top court voided a Hong Kong firm’s license to operate ports at either end of the Panama Canal, warning Panama it would “inevitably pay a heavy price” unless it reverses course.
In a commentary posted Tuesday on WeChat, China’s Hong Kong and Macao Affairs Office condemned the Panama Supreme Court ruling as “logically flawed” and “utterly ridiculous,” saying both the Chinese central government and the Hong Kong government oppose the decision.
The ruling annulled contracts held by Panama Ports Co. (PPC), a subsidiary of Hong Kong-based CK Hutchison, to operate the Port of Balboa on the Pacific coast and Cristóbal on the Atlantic side, citing constitutional violations. The decision was widely viewed as a victory for the Trump administration, which has prioritized limiting China’s influence over the strategic waterway.
“The Panamanian authorities should recognize the situation and correct their course,” the Hong Kong and Macao Affairs Office said, adding that continued defiance would carry political and economic consequences.
China’s response marked a sharper tone than its initial reaction. Last week, a Chinese foreign ministry spokesperson said the ruling was inconsistent with Panama’s laws governing port franchises and pledged that Beijing would take necessary measures to protect the rights of Chinese companies.
CK Hutchison said it has launched international arbitration proceedings against Panama, with PPC seeking “extensive damages” over the annulled licenses. The company did not specify the amount sought.
The court decision follows comments made about a year ago by U.S. President Donald Trump, who threatened to seize control of the Panama Canal, calling it vital to U.S. interests and claiming it was effectively being operated by China.
Drone incursions are becoming an increasingly serious problem for the world’s airports. In the United States alone, “The FAA receives more than 100 such reports near airports each month,”said the FAA’s Drone Sightings Near Airports webpage: www.faa.gov/uas/resources/public_records/uas_sightings_report.
Even in their most benign form, drone incursions represent a serious collision risk for aircraft using airports. This is why the push for “counter-drone” solutions is gaining traction in the aviation world — to neutralize (if possible) the threats posed by drones in these airspaces.
So how serious is the current airport incursion situation, why is it happening, and what can be done to counter it? To find out, TSI magazine has brought together three experts in a virtual roundtable discussion.
Michael Hiatt, Epirus
Mark Freeman is the director of customer accounts at QinetiQ Target Systems Canada, a maker of defense and security solutions. “While our primary focus at QinetiQ Target Systems Canada is on maritime and aerial uncrewed platforms for test and evaluation, we work closely with QinetiQ Group’s broader capabilities in counter-drone technologies,” he told TSI. “These include advanced detection, tracking, and mitigation systems designed to protect critical infrastructure and operational environments from evolving drone threats.”
Michael Hiatt, Epirus
Michael Hiatt is chief technology officer at Epirus. Its Leonidas high-power microwave platform is a software-defined, scalable counter-drone solution. “The platform delivers a weaponized electromagnetic interference effect to induce a full kill within a drone’s critical onboard electronics rather than relying on kinetic destruction or RF disruption,” said Hiatt. “This weaponized electromagnetic interference capability means Leonidas is effective where other counter-UAS solutions fall short — particularly against fiber-optic controlled UAS and large swarms.”
Jeffrey Starr, D-Fend Solutions
Jeffrey Starr is chief marketing officer at D-Fend Solutions. It offers RF-cyber counter-drone solutions, specifically designed for sensitive and challenging environments. “Our flagship technology, EnforceAir, moves beyond the ‘brute force’ methods of the past,” Starr said. “Instead of relying on jamming or kinetic projectiles, the technology utilizes radio frequency (RF) cyber technology to detect, locate, and identify rogue drones by analyzing their unique attributes. Crucially, the systems, when allowed by regulations and performed by authorized personnel, can take control of a hostile drone and guide it to a safe landing in a predetermined zone, ensuring continuity and safety.” EnforceAir RF-cyber technology is already protecting critical infrastructure, airports, military facilities, and major events worldwide.
TSI: Just how serious a threat are drones to airports today?
Michael Hiatt: Incredibly serious. The drone threat is not hypothetical — UAS [uncrewed aerial systems] represent a real operational risk to airport security and operational continuity. A single small drone can halt departures, delay arrivals and cause delays that ripple across the entire airspace system.
It only takes one drone to disrupt an entire airport. In September 2025, Copenhagen Airport, the busiest in the Nordic region, halted all takeoffs and landings for nearly four hours after drones were spotted in controlled airspace, grounding flights and diverting traffic while authorities investigated. Frankly, I feel that we’re lucky there hasn’t been an accidental strike resulting in serious loss of life.
Mark Freeman: Drones pose a significant and growing risk to airport operations. Even small consumer drones can disrupt flight schedules, create safety hazards, and cause costly delays. A well-known example occurred at Gatwick Airport in 2018, where drone sightings led to the suspension of flights for over 36 hours, affecting 140,000 passengers and costing millions. This incident highlighted how even unsophisticated drone incursions can have outsized impacts on aviation security.
Jeffrey Starr: The threat is severe and has migrated from the battlefield directly to the homeland. Drones have become a new weapon of choice for bad actors due to their accessibility, low cost, and ability to carry heavy payloads over long distances. For airports, the risk is not just theoretical; it is operational and financial. A single unauthorized drone can cause cascading disruptions.
Just one representative example of many such airport incidents occurred at Luis Muñoz Marín International Airport in Puerto Rico. A drone intrusion there led to the diversion of an incoming flight to the Dominican Republic and caused cascading disruptions for flights across the entire Caribbean region. When a drone halts operations, the economic cost and the safety risks are immediate and serious.
TSI: Is the number of drone incidents at airports increasing?
Freeman: Yes. Global aviation authorities report a steady rise in drone-related incidents near airports. Factors include the proliferation of affordable drones, lack of operator awareness, and deliberate misuse. As drone technology becomes more accessible, the frequency and complexity of incursions are expected to increase.
Starr: Unquestionably. The industry is witnessing a constant and non-stop rise in drone incidents. Since the beginning of last year alone, numerous serious incursions have occurred at major transport hubs and critical sites. The proliferation of drones is driving a commensurate rise in dangerous incidents, and as these devices become cheaper and more capable, the frequency of these disruptions is accelerating.
Hiatt: Absolutely. In the U.S. and Europe, what were once rare drone sightings are now routine reports that pose increased risks to airport operations. In Europe, high-profile cases like the temporary shutdowns of Copenhagen Airport and Aalborg Airport due to drone incursions highlight a recent spike in disruptive drone activity. In the United States, officials have reported thousands of drone events near major airports since 2021, including hundreds of sightings that forced evasive action by aircraft or contributed to flight delays — and data suggests these events are increasing year-over-year.
TSI: What kinds of drone intrusions are occurring at airports?
Freeman: Intrusions range from accidental incursions by hobbyists unaware of restricted airspace to deliberate disruptions by activists or criminals. More concerning are coordinated attempts to interfere with airport operations or smuggle contraband. The spectrum of threats spans from nuisance-level disruptions to sophisticated attacks targeting critical infrastructure.
Starr: The range of intrusions is dangerously broad. Incidents at sensitive sites broadly may include everything from attacks and collisions to smuggling and espionage. In the airport environment, incidents may manifest as harassment and nuisance disruptions that freeze operations, but the potential for more malicious intent such as surveillance of sensitive areas or even direct targeting of infrastructure, is real. Even clueless operators flying commercially available drones into protected airspace pose risks to aircraft and airports.
QinetiQ Drone Detect and Defeat systems leverages multi-sensor fusion and electronic disruption to neutralize threats safely. QinetiQ image.
TSI: What kinds of actors are flying drones into airport areas, and what are their motivations?
Freeman: Actors include:
• Recreational users unaware of regulations.
• Commercial operators conducting unauthorized filming or inspections.
• Activists seeking publicity through disruption.
• Criminal organizations using drones for smuggling or surveillance.
• State or non-state adversaries testing vulnerabilities or planning attacks.
Motivations range from negligence to deliberate interference with economic or security objectives.
Starr: The actor profile is diverse, which complicates the defense. On one end, there are clueless hobbyists or careless operators who simply don’t understand airspace regulations. On the other end, security teams face hostile groups, criminals, and lone opportunists.
Their motivations vary from simple curiosity to smuggling contraband, conducting hostile surveillance, or attempting terror attacks. There is also the weaponization of build or buy DIY drones, effectively transforming them into flying improvised explosive devices (IEDs). Whether the actor is malicious or just negligent, the outcome for an airport, a stopped runway or a collision, is unacceptable.
Hiatt: Actors range from unaware hobbyists to reckless thrill-seekers to deliberate disruptors and perhaps state or non-state aggressors. Findings of investigations aren’t always shared with the public, so it’s difficult to pinpoint definitive bad actors. That said, the possibility of America’s adversaries leveraging drone technology to disrupt airport operations is incredibly real — and likely already happening in my opinion. With major drone manufacturers removing the restrictions on flying in designated No-Drone zones, I think we’re likely to see more and more accidental incursions.
TSI: What options exist for countering drone intrusions, including products made by your company?
Hiatt: There’s a slew of counter-UAS technologies out there.
The most common is simple EW systems that disrupt the control link or send a “go-home” command to a drone. These basic systems are good against NDAA-compliant drones but minor modifications to the drone’s programming or using fiber-optic control will render those C-UAS solutions all but useless.
Kinetic interceptors (think using a missile to intercept a drone) are perhaps most common in military scenarios, but, for obvious reasons, aren’t well-suited to protect airports from drone incursions.
Lasers offer dazzling precision but also demand perfect conditions — clear skies, uninterrupted line of sight and sustained tracking. They are costly, difficult to maintain and hamstrung by significant maintenance and power burdens.
Then you have what Epirus develops, high-power microwave, which unlocks a number of advantages: software definition allows for incredibly precise target defeat and makes Epirus HPM a safe and low-to-no collateral capability that’s ideally suited for airport security missions. Epirus HPM is also the only effective one-to-many counter-swarm solution. With our Leonidas systems, we could defeat (God forbid) hundreds of rogue drones near an airport with targeted bursts of electromagnetic interference — and without disrupting airliners, air traffic control systems or other nearby infrastructure or personnel.
Freeman: Effective counter-drone strategies combine detection, tracking, identification, and mitigation. Technologies include radar, RF sensors, electro-optical systems, and electronic countermeasures. QinetiQ offers integrated solutions such as Drone Detect and Defeat systems, which leverage multi-sensor fusion and electronic disruption to neutralize threats safely. These systems are designed for deployment at airports and other sensitive sites.
Starr: Legacy technologies like radar, optical sensors, and jammers are often unsuitable for dense airport environments. Radar can be confused by birds; optical sensors need a clear line of sight; and jamming can disrupt critical communications.
The “next generation” option is RF-Cyber, which is where D-Fend Solutions leads. This technology quietly scans frequencies to detect unique drone attributes. Once a threat is verified, the system can disconnect the rogue drone pilot from the drone, and take control, guiding the drone to a safe landing. This allows for a surgical, non-kinetic mitigation that doesn’t disrupt nearby communications and navigation. It is important to note that RF-cyber technology is meant to be used in a way that is performed by authorized personnel and as allowed by local laws and regulations.
TSI: How effective are today’s counter-drone tactics, and which airports are using them?
Freeman: Current counter-drone systems are effective against most commercial drones, but challenges remain with swarm tactics and autonomous platforms. Several major international airports have deployed layered counter-drone solutions, often combining radar, RF detection, and jamming technologies. Effectiveness depends on integration with existing air traffic management and rapid response protocols.
Starr: Legacy tactics are increasingly insufficient as a standalone solution. Jamming is risky because it creates interference, and kinetic methods (shooting drones down) are dangerous in a crowded terminal area due to falling debris.
In contrast, RF-Cyber is highly effective because it focuses on control and continuity. It distinguishes between authorized and unauthorized drones, allowing friendly drones to continue working while mitigating the threat. RF-yber technology is currently deployed at sensitive environments across the world, operating alongside radar and other sensors to provide a “surgical tool” for these areas.
TSI: Given the growing complexity and scale of drone attacks, what do makers of counter-drone systems have to do to keep up with them?
Freeman: Manufacturers must innovate continuously to address evolving threats. This includes:
• AI-driven detection and classification to identify drones quickly and accurately.
• Scalable solutions for swarm scenarios.
• Non-kinetic defeat options that minimize collateral risk.
• Integration with airport security and ATC systems for real-time decision-making.
• Cyber resilience and compliance with aviation safety standards are also critical.
Starr: Operators and providers must shift from a hardware-centric to a software-centric mindset. The threat evolves faster than hardware can be replaced. Drones are becoming smarter, using AI mission planning, complex protocols, and swarm behaviors.
To keep up, systems must foresee the drone future and always stay one step ahead. This means utilizing software-driven solutions that allow for rapid, modular updates to counter new drone models and protocols as they appear. Open architecture is also essential, ensuring systems can integrate seamlessly with existing command-and-control layers to form a robust, multi-layered defense.
Hiatt: I think what’s most important is for counter-drone tactics to evolve as fast as drone threats themselves. Drone manufacturers are moving to encrypted links and more sophisticated antenna systems that are harder to jam or take over with protocol attacks. Custom-built drones are moving to fiber-optic control so there are no control signals to detect or jam. While not on the battlefield today, fully autonomous drones are currently being tested and will likely be available soon.
Counter-UAS systems must be scalable, adaptable and software-driven to enable rapid updates via field software updates. Static solutions can’t keep pace with evolving drone types, autonomy or swarm tactics. Continuous updates and flexible architectures are essential. These are all core capabilities of Epirus’ Leonidas HPM platform.
TSI: What do you see as the future of counter-drone systems for airports, including any new advances that your company is working on?
Hiatt: In my mind, the future of counter-UAS is integrated, layered and non-kinetic. Systems that can address single drones and complex swarm scenarios while remaining safe for people, aircraft and infrastructure should be prioritized by airport security decision-makers and lawmakers alike. Epirus is focused on developing systems that meet all these requirements and I’m confident our technology will prove integral to airport drone defense across the globe.
Freeman: The future lies in networked, autonomous counter-drone ecosystems that combine AI, sensor fusion, and automated response. Advances will include predictive analytics to anticipate incursions and cloud-based coordination across multiple sites. QinetiQ is investing in next-generation detection and defeat technologies, including low-collateral RF disruption and AI-enhanced tracking, to ensure airports remain secure against increasingly sophisticated threats.
Starr: The future is defined by integration and intelligence. There will be a doctrinal shift where RF-Cyber is the forefront of a layered defense, supported by legacy sensors when necessary.
Advanced capabilities will not just stop the drone, but, when permitted, capture intelligence. By recovering rogue drones intact via a controlled landing, security agencies are provided with the drone and forensics that can lead to the apprehension of the rogue drone pilot and the prevention of future attacks. Focus is also being placed on automation and AI, enabling systems to either autonomously or manually identify, track, and mitigate threats with even greater speed and precision. The goal is simple: airspace safety with zero disruption to the passengers and planes that rely on it.
Who will investigate a suspected drug-smuggling vessel that was carrying almost five tonnes of cocaine headed to Australia? A legal grey area has been identified over who will investigate the suspected drug-smuggling vessel loaded with cocaine bound for Australia.
The ship was crewed by 11 Honduran and Ecuadorian nationals. It was intercepted by French armed forces in international waters near French Polynesia in January. The armed forces in French Polynesia (FAPF), the national gendarmerie and the local branch of the anti-narcotics office (OFAST) were involved in the intercept. Further complicating the issue is that the cocaine was being transported on a ship sailing under Togo’s flag.
Police staff posted in the Pacific and members of Taskforce Thunder would seek to work with French Polynesian authorities to identify those linked to the seizure, said Australian Federal Police (AFP) commander Stephen Jay. “I would like to thank the exceptional work of our partners in French Polynesia, who have prevented a significant amount of illicit drugs from reaching Australia,” Jay said. “The harm caused by organized crime syndicates attempting to import illicit drugs into Australia is significant, and extends beyond individual users to a myriad of violent and exploitative crimes.”
Every Airbus airplane is the result of international collaboration and painstaking precision across Europe. But before these airplanes ever climb into the sky, they must complete a remarkable journey of their own — traveling thousands of kilometers by sea from various facilities of the Airbus group. This voyage, as extraordinary as the aircraft itself, is made possible by a unique transport vessel that has attracted global attention not only because of its precious cargo, but because of the six towering white cylinders rising above its deck. Airbus has a fleet of three vessels, each with six Norsepower Rotor Sails. The shipowner is Louis Dreyfus Armateurs (LDA), and it is chartered by Airbus.
These structures are far more than decorative curiosities. They represent a new chapter in maritime innovation and a quiet revolution in how we move heavy cargo across oceans.
The Special Transport Ship: An Unmissable Sight
The vessel built to ferry Airbus parts is unlike any standard cargo ship. Most striking are the six enormous white cylinders — standing upright in two perfect rows — each resembling a futuristic lighthouse or monumental rolling pin. To casual observers, they may look whimsical, even mysterious. But engineers designed them with purpose: to harness wind power, reduce fuel consumption, and demonstrate a sophisticated approach to green maritime technology.
There is no coincidence that highly advanced airplane structural parts such as those of Airbus are transported on an equally advanced ship. Engineers continually seek ways to conserve energy, and detailed calculations showed that using rotor sails would deliver substantial benefits. They are not merely an eye-catching feature — they are a necessity. If energy can be saved, it should be saved.
The Magnus Effect: Physics in Motion
The secret behind these cylinders is rooted in the Magnus effect, a phenomenon first documented in the 19th century by German physicist Heinrich Gustav Magnus, who demonstrated the effect with a rotating brass cylinder and an air blower in 1852. The story says that Isaac Newton (of course) was the first to explain the effect in 1672 after observing tennis players at a Cambridge college. I was not aware that they played tennis in 1672 in Cambridge, but you never know with Newton.
When a cylinder spins rapidly in a moving airstream, it creates a difference in pressure: lower on one side, higher on the other. This produces a force perpendicular to both the airflow and the axis of rotation.
It is the same aerodynamic effect responsible for a swerving football or a sharply curving tennis shot. In maritime engineering, this effect allows a spinning cylinder to function like a sail, causing thrust and reducing reliance on engine propulsion.
Flettner Rotors: Spinning Cylinders at Sea
German engineer Anton Flettner first applied the Magnus effect to shipping in the 1920s, creating what would become known as “Flettner rotors.” These tall rotating columns — powered by electric motors — spin rapidly and interact with the wind to generate propulsion. Although the idea was far ahead of its time, today’s focus on decarbonization, fuel savings, and emissions reduction has given Flettner rotors powerful new relevance. They are now reappearing on modern vessels, including the Airbus fuselage parts and Ariane rocket transport ship.
Norsepower: Pioneers of Modern Rotor Sails
At the forefront of this resurgence is Norsepower, a Finnish company founded in 2012 that has become a global leader in designing, manufacturing, and installing Flettner rotors — now commonly called “rotor sails” — for commercial ships. The term rotor sails was coined by Norsepower, and it is now commonly used in the industry.
I met Norsepower engineers at Europort 2025 in Rotterdam after searching for them for some time; I wanted to learn more about rotor sails directly from the experts. There I discovered that Norsepower is based in Helsinki, Finland — a country known for having the happiest people on Earth. In a way, it made perfect sense: happy people tend to create exceptional things, so the birthplace of modern rotor sails being in Finland felt entirely fitting.
Technical Details: Cylinder Dimensions and an Airbus A320 neo Comparison
The cylinders installed on the Airbus transport ship are impressive by any standard. Each rotor stands nearly 35 meters tall and measures around five meters in diameter.
For perspective, an Airbus A320neo is about 35 meters long and has a fuselage diameter of about four meters. Can you imagine removing the wings from an A320neo and installing it upside down on the ship? And then six of them in two rows of three. It is huge.
How the Rotor Sails Work: Electric Power, Spinning Towers, and Extra Thrust
The Norsepower Rotor Sail is a large cylindrical structure mounted on the ship’s deck. Contrary to a common misconception, wind does not spin the rotor. Instead, an electric motor continuously rotates the cylinder at high speed. The spinning rotor interacts with oncoming wind, and a physics phenomenon called the Magnus effect takes place. It creates a large pressure difference, which produces a strong thrust force at a 90-degree angle from wind direction. In favorable wind conditions, this additional thrust allows the ship’s main engines to be throttled back, saving fuel and reducing emissions. Alternatively, it can be used to achieve higher top speeds. Rotor sails are considered a completely new system installed on the ship.
A typical system includes:
1. The Norsepower Rotor Sails, which generate forward thrust.
2. A foundation structure, sometimes with tilting capability, installed on the deck. Tilting capability is sometimes needed for loading operations and for ships going under bridges.
3. The Norsepower Control panel and automation system, giving the captain full operational control and optimizing savings.
5. A Remote Service Support Agreement, offering round-the-clock technical support and maintenance.
The electric motors spin each rotor at several hundred RPM (up to 225 RPM). As wind sweeps across the deck, the interaction between the rotating cylinder and airflow creates a powerful thrust. By adjusting the direction of rotation and rotor speeds, this force becomes useful propulsion. The result is reduced fuel consumption, lower emissions, and greater operational efficiency. And that is what we want.
Norsepower Sentient Control: Smarter Sailing Through Data
Launched in 2024, Norsepower Sentient Control integrates multiple smart modules to maximize overall system performance. It accounts for complex aerodynamic interactions between the sails, main engine, and ship maneuvering systems.
To achieve optimal performance, the system considers everything from sail aerodynamics to ship hydrodynamics. Intelligent power distribution improves fuel economy by analyzing the Specific Fuel Oil Consumption (SFOC) of both the main engine and auxiliary generators. Norsepower Sentient Control also provides route optimization insights, enabling a more economical voyage. The system can improve sails’ efficiency by an additional 10–25%, which is a lot.
Norsepower is a Finnish company founded in 2012 that has become a global leader in designing, manufacturing and installing Flettner rotors. These are now commonly called “rotor sails” and are being used for commercial ships.
Retrofit Solutions: Greening the Existing Fleet
One of Norsepower’s most compelling advantages is the ability to install rotor sails on existing ships. The Airbus transport vessel was designed for rotors from the outset, but about 60% of Norsepower installations today are retrofits. And that is good news. Transport vessels are built to last a few decades. It is wonderful that such an upgrade can be done on present vessels, which can make them more energy efficient. That can extend their useful life.
These retrofits come with engineering challenges: the ship’s structure must be strong enough to handle the substantial forces produced by the rotor sails. In many cases, structural reinforcement is required. Despite these challenges, the installation process is relatively straightforward, and energy savings — typically 5–25%, depending on route, wind, number and size of sails, etc. — are realized immediately. In some conditions, vessels can even turn off their main engines entirely, achieving 100% fuel savings, though this is not typical and requires extremely favorable winds. Of course, the crew of such a retrofitted vessel should be trained to operate the ship under new circumstances. Therefore, Norsepower also provides one day of crew training to ensure that energy savings begin from day one, with additional training available upon request.
A modern feature is remote diagnostics. If a malfunction occurs, Norsepower engineers can remotely access the ship’s system, troubleshoot the issue, and even update software. This capability allows predictive maintenance, health monitoring, and alerting — and enables Norsepower to remotely advise the crew to make needed smaller repairs when required. Norsepower receives about 1,000 real-time data streams per customer ship. The data is used for everything that helps Norsepower enhance the product and its efficiency, e.g., troubleshooting, R&D, real-time optimization of thrust power, preventive maintenance, compliance, financial reporting, etc.
Norsepower has installed systems on tankers, bulk carriers, cruise ships, RoRo and RoPax vessels, general cargo ships, and ferries. Their strongest customer base is in Europe, Japan, and major Asian shipyards.
Environmental Benefits: Lower Energy Use and Fewer Emissions
By capturing wind power through the Magnus effect, rotor sails enable ships to burn less fuel and emit fewer pollutants. For the Louis Dreyfus Armateurs ship carrying Airbus cargo, this capability is more than a technological achievement — it is a meaningful commitment to a greener future. Across global shipping, small improvements in efficiency accumulate into enormous reductions in carbon emissions, making innovations like rotor sails crucial to sustainable maritime transport.
A Hopeful Course Toward Sustainable Seas
The image of white cylinders spinning above a ship is more than an engineering curiosity. It symbolises the ingenuity and optimism driving the maritime sector toward cleaner, more sustainable technologies. Thanks to companies like Norsepower and the enduring brilliance of the Magnus effect, every voyage not only carries cargo — it charts a course toward a more responsible future for global shipping. Airbus and LDA, in their own way, have pioneered that journey.
Looking Ahead: Airbus, New Fleets, and a Changing Industry
A new generation of low-emission vessels will transport aircraft components for Airbus. These ships will rely on a combination of six 35-meter Norsepower Rotor Sails and dual-fuel engines running on maritime diesel oil and e-methanol. Advanced routing software will optimize transatlantic passages, maximizing wind propulsion and avoiding drag from adverse ocean conditions.
The IMO has set ambitious goals for achieving net-zero emissions. Wind propulsion is increasingly recognized as an essential element of the future energy mix for ocean-going ships. “We are proud to be part of the energy transition through our partnership with Norsepower,” said Mathieu Muzeau of Louis Dreyfus Armateurs, who highlighted the importance of offering innovative solutions and driving sustainable change.
By 2030, this new transatlantic fleet is expected to produce 50% fewer CO2 emissions compared to 2023. The rotor sails will incorporate the new patented Norsepower Sentient Control system, featuring real-time force measurement and individual rotor management. This allows optimization of complex aerodynamic and hydrodynamic interactions. Extensive CFD analyses and wind-tunnel testing were performed to perfect the design.
Heikki Pöntynen, CEO of Norsepower, calls the fleet-wide arrangement “a game changer for the entire auxiliary wind-propulsion industry.” It was the largest deal ever made for mechanical sails and the first to fully integrate Norsepower Sentient Control. “We thank LDA and Airbus for being forerunners of this industry,” he added, expressing optimism for continued collaboration.
Norsepower has the ability to retrofit rotor sails on existing ships and about 60% of their installations are retrofits.
Around the world, maritime infrastructure is apparently under attack.
In 2022, a suspected covert operation widely believed to have involved deep-sea explosives ruptured three of the four Nord Stream gas pipelines in the Baltic Sea. In 2023, the Chinese container ship Newnew Polar Bear dragged its anchor across the Gulf of Finland for more than 100 miles, ripping open a natural gas pipeline and a telecommunications cable. And in 2024, the Chinese bulk carrier Yi Peng 3 dragged its anchor through the Baltic Sea — severing two fiber-optic cables linking Finland, Germany, Sweden and Lithuania.
While intent remains disputed and formal attribution has not been publicly assigned, these incidents highlight possible “Gray Zone” warfare attacks that are taking place against maritime infrastructure today. A Gray Zone attack is one whose origin is uncertain, and has enough ambiguity attached to it that it stays below the threshold of declared war against the attacker. But the threat to equipment, commerce, and national security is very real — and growing in severity every day.
So what can be done to protect maritime infrastructure; not just submerged pipelines and cables, but floating oil platforms and ships, especially when hostile actors are increasingly hiding behind the veil of routine civilian traffic? To find out, TSI spoke with three experts in the field.
Nate Knight is the press and marketing contact for Maritime Information Systems, Inc./MotionInfo. Their Maritime Information Systems (MIS) division focuses on tracking ships, protecting subsea cables, and environmental monitoring (such as their “StationKeeper” project, which protects whales from ship strikes).
Lasse Krabbesmark is the product manager for Maritime Security, and Kartheeban Nagenthiraja is the director for business development (critical infrastructure) for Systematic. Systematic is a Danish software developer of “SitaWare,” a suite of command-and-control systems used by navies and intelligence agencies worldwide to integrate sensor data and monitor maritime threats.
Maritime infrastructure includes assets such as floating offshore platforms, fixed oil and gas installations, offshore wind farms, liquefied natural gas (LNG) terminals, subsea pipelines and cables, port approaches, anchorage zones and associated support infrastructure.
TSI: When we speak about attacks on maritime infrastructure, what precisely are we talking about, and who is behind them?
Nate Knight: In terms of asking “what” is at risk, the categories of attacks on maritime infrastructure include assets such as floating offshore platforms, fixed oil and gas installations, offshore wind farms, liquefied natural gas (LNG) terminals, subsea pipelines and cables, port approaches, anchorage zones, and associated support infrastructure. These assets are often geographically dispersed, difficult to physically secure, and essential to national energy, communications, and transportation systems.
Lasse Krabbesmark
Lasse Krabbesmark: The “who” part of your question is actually very hard to answer. We have seen a lot of these threats, especially here in our region around Denmark. We have seen a lot of situations with cables being cut in one way or another. One example is the Yi Peng 3, where a Chinese-flagged bulk carrier dragged an anchor and severed critical cables for telecommunication. We have also seen cable cutting between Finland and Germany, and the very notable situation with the Nord Stream pipelines back in 2022.
These incidents do have the characteristics of Gray Zone warfare, because it is very hard to detect who actually did it. I mean, you can see the particular ship that did it, but who is behind these attacks and why do they do it?
Well, typically it is done to cause some sort of destabilization without triggering a real military response. These Gray Zone attacks can happen in multiple vectors. It can be physical sabotage, such as the cable cuts, but also cyberattacks. There are a lot of cyberattacks going on right now.
Knight: Threats increasingly stem from deliberate human actions rather than purely environmental or accidental causes. These include unauthorized vessel proximity, intentional anchoring over pipelines or cables, tampering with equipment, surveillance by hostile actors, and in some cases sabotage. Recent global incidents involving damaged subsea cables, suspicious vessel loitering near offshore energy assets, and intentional interference with maritime operations highlight the growing vulnerability of these systems. Many of these assets to be secured are also in international or near-international waters where heavy traffic as well as disputes can arise. Nations are as big a concern as “lone wolves” to many companies.
TSI: What technological remedies exist to deter and protect against these attacks — and is AI playing a role in countering them?
Krabbesmark: In terms of detection, if we look at the Yi Peng 3 case, it was AIS — the Automatic Identification System for shipping — that actually tracked the movement of that ship.
If we look at Danish waters, around 4,000 to 5,000 ships pass through every year. It is too much for a human operator to get a view of the entire picture on their own. What AI can do is detect patterns and identify anomalies in the way that these ships are operating.
We did this kind of analysis after the Yi Peng 3 cut a cable between Estonia and Finland. Using AIS, we analyzed how it behaved when it sailed into the Baltic Sea. We could actually see when the Yi Peng 3 decreased speed and changed course when it was in Danish waters, just over a cable between Denmark and Sweden.
On the way going into the Baltic, the Yi Peng 3 actually tried to cut a cable into Denmark. That was detected by AIS running the ship’s track post-event in Finland, and it was not detected by the operators at the time.
Unfortunately, we had the data, but we lack the real-time integration and automatic response triggering. And that was just AIS. We also need a lot of other sensors to get the full picture. We need to include radar as well, because AIS can be spoofed, it can be jammed, and it can be manipulated to send out what you want to send out. Radar is a lot harder to do anything with because it is observing what is going on in the real world.
We need to include satellite navigation because that can detect the vessels out of range for radars. We also have the possibility to add Distributed Acoustic Sensing (DAS), which is a cable monitoring system, on our subject cable infrastructure and our fiber optic cables. Then, we need to apply pattern analysis algorithms across it.
Overall, we need to apply a correlation between all of this. If we can do that, then we will be able to find out who did the thing that we are interested in. However, before the owners of critical infrastructure will agree to include additional sensors, they need the right incentive to do this integration. I think a lot of it comes down to having the right legislation and the right legal framework to tell the owners and operators of critical infrastructure that they need to, one, monitor the area around their critical infrastructure — both on the surface and below the surface — and two, share it with the authorities that are responsible for protecting that critical infrastructure.
Knight: Detection relies on layered sensor systems such as AIS, radar, ADS-B (in aviation-adjacent environments), acoustic sensors, satellite data, and time-series telemetry. AI plays a role in filtering massive data streams, identifying anomalous behavior, distinguishing routine traffic from potential threats, and prioritizing alerts to operators. Machine learning models are particularly good at recognizing patterns like loitering, course deviations, or repeated boundary incursions that would otherwise be missed.
Liquefied Natural Gas (LNG) terminals face significant security risks due to their high-value, hazardous nature, making them potential targets for terrorism, sabotage and cyberattacks. Key risks include catastrophic fires, explosions from intentional breaches, supply chain disruptions and cyber breaches of control systems.
TSI: How well have these deterrence and defense remedies worked to date?
Knight: Deterrence is most effective when detection is paired with a visible, timely response. These include automated warnings, targeted digital messaging to vessels or operators, enforcement notifications, and integration with regulatory or security agencies. AI supports these efforts by enabling faster decision-making, reducing false positives, and ensuring that interventions are proportionate and well-timed rather than reactive or overly broad.
When properly deployed, these systems have proven effective in reducing non-compliant behavior and increasing operator awareness. The most successful implementations combine technology with clear operational protocols and human coordination. MotionInfo has experienced significant success with this system, achieving a nearly 100% message reception rate and nearly 90% adherence from the vessel.
Krabbesmark: Typically, at least in Denmark, the owners of critical infrastructure are not allowed to react to a threat physically. They can just report it and then sit back and wait. That goes for most countries. We do not allow the operators to shoot down aircraft that are approaching their infrastructure.
That is a good thing. I do not think the owners of critical infrastructure should be allowed to shoot down potential threats because that is a lot of responsibility to put on them. After all, if they do not know for sure that it is really a threat to their infrastructure, then accidents are bound to happen.
Kartheeban Nagenthiraja
Kartheeban Nagenthiraja: I completely agree. Energy infrastructure owners would not like to have this responsibility to act on threats because they do not have the experience, the capability, the personnel, and so on. But they are willing to invest in equipment and share their data with national defense agencies, if those agencies will take the responsibility to do something to neutralize the threat. So, there is a willingness from the private owners to invest in these kinds of technologies and build the technology framework to have this kind of assurance.
In September 2025, multiple undersea telecommunications cables in the Red Sea were severed, causing significant internet disruptions and latency issues across parts of the Middle East, Asia, and Africa. The damaged systems, including are critical for connecting regional traffic. While initially the incident caused concern regarding regional conflicts, early analysis suggested the damage was more likely caused by commercial shipping activity.
TSI: What future threats to maritime infrastructure do you anticipate, and what needs to be done to protect against them?
Knight: Future threats will likely involve more sophisticated probing of infrastructure, increased use of unmanned systems, and blended physical–cyber tactics. Addressing these risks requires greater integration between sensor networks, stronger data-sharing frameworks, and continued investment in analytics that can adapt to evolving threat behaviors rather than static rule sets.
Krabbesmark: Now that drones are becoming increasingly cheap, we might see swarm attacks on critical infrastructure by drones in different ways. We might also see our cables being targeted at greater depths because Remotely Operated Vehicle (ROV) technology is becoming more and more accessible. So perhaps we will see cable cuts at two to four-kilometer depths.
We also might see multi-domain coordination so that a cyberattack on, for instance, some monitoring system will be coordinated with a physical attack, so it is impossible to find the adversary afterwards. Another option is to stage a small physical attack on infrastructure that will render that infrastructure inaccessible in the cyber domain so that the owners of the infrastructure cannot really do anything.
You might also see that instead of focusing on specific critical infrastructure like cables and turbines, some adversaries will focus on economic choke points — for instance, a harbor entrance. Coming from a background in mine warfare, I know how hard it is to find a sea mine at the bottom of the ocean. If some adversary drops a mine in the entrance to a great harbor, then that harbor is closed for a very long time. And if they combine it with throwing in some old refrigerators or debris to clutter up the picture and make the mine-hunters look for a lot more objects, then it will be closed for even longer. It is just a question of how creative you are in your attack vectors.
TSI: Finally, do we need to rethink the design of maritime infrastructure to build deterrence and defense into future projects?
Knight: Yes. Future infrastructure projects should incorporate security and monitoring as core design elements rather than add-ons. This includes built-in sensor integration, data connectivity, and defined response pathways. Designing with deterrence in mind from the outset reduces long-term risk, lowers operational costs, and improves resilience across the asset’s lifespan.
Krabbesmark: We need to rethink both the legislation around it and also how the infrastructure itself will be built. So, first of all, we need some sort of legal requirement for mandatory surveillance around critical infrastructure. It could either be the operators putting it up or providing a platform for the military or the defense forces to set up monitoring systems on the infrastructure.
We also need to centralize the responsibility to make sure that it is just a single authority that is responsible for end-to-end protection of critical infrastructure. It must not be split between agencies because then we will not be able to react in time.
We must also ensure that we invest in AI and data analytics to be able to detect the threats coming from this vast amount of data inputs. We will not be able to monitor it all with just human operators. We also must ensure greater international cooperation and coordination because these threats are international. It was a Chinese ship passing through Danish waters that ended up cutting a cable in Finnish waters.
Finally, we must be transparent about our capabilities. That will make adversaries think twice before they do something — if they know that what they potentially will do will be recorded and they will be put to trial afterwards. Luckily, we do see some of these things being implemented. For instance, Poland has put out a tender for a new wind farm, and they have put in requirements that the sensors should be installed there as well. So, it is definitely coming.
How Advanced Analytics Are Transforming Risk Management at Sea
Maritime piracy and illegal, unreported and unregulated (IUU) fishing remain persistent threats to global trade, critical supply chains, and the security of seafarers. Despite years of multinational naval deployments, best management practice (BMP) guidance, and improved vessel hardening, adversaries continue to exploit vast sea spaces, limited patrol coverage, and opaque “dark” vessel activity. In 2026, artificial intelligence (AI) and advanced analytics have matured into operational imperatives, enabling transport security professionals to shift from reactive response to proactive, intelligence-led risk management.
The scale of the challenge is staggering. The International Maritime Bureau’s 2025 Piracy and Armed Robbery Report documented 132 confirmed incidents worldwide, with Southeast Asia’s chokepoints and West Africa’s Gulf of Guinea remaining epicenters of violence against merchant shipping. IUU fishing exacerbates this picture, costing legitimate fisheries $36 billion annually while enabling sanction evasion, human trafficking, and arms smuggling networks. Traditional countermeasures — static naval patrols, citadel hardening, and route risk advisories — struggle against adaptive threat actors who leverage AIS spoofing, drone spotters, unmanned surface vessels (USVs), and mothership tactics.
AI addresses this asymmetry by turning the maritime domain’s biggest asset — its data deluge — into a decisive advantage. Every AIS transmission, radar sweep, satellite pass, and environmental sensor reading becomes a data point in continuously learning threat models. Modern platforms fuse Automatic Identification System (AIS) data, coastal and vessel radar, electro-optical/infrared (EO/IR) sensors, satellite synthetic aperture radar (SAR), high-resolution optical imagery, vessel monitoring systems (VMS), weather APIs, and historical incident databases — enhanced by 5G connectivity, low-Earth orbit (LEO) satellite networks, and tactical edge computing for ultra-low latency processing.
Rather than static hotspot charts and manual pattern recognition by overworked watchstanders, security teams now leverage transformer-based models, multimodal foundation models, and spatiotemporal graph neural networks (GNNs) that identify anomalous vessel behavior, recognize attack precursors, and forecast risk spikes with probabilistic confidence intervals and uncertainty quantification.
These systems don’t just flag anomalies; they attribute risk to specific behavioral drivers through explainable AI (XAI) techniques like SHAP values and LIME explanations, enabling operators to understand and trust model outputs.
Vessel-Behavior Analytics: The First Line of Defense
Supervised deep learning models — including gradient-boosted trees (XGBoost, LightGBM, CatBoost), convolutional neural networks (CNNs) for trajectory heatmaps, recurrent neural networks (RNNs/LSTMs) for sequential AIS prediction, and transformer architectures (BERT-like models adapted for maritime time series) — classify individual vessel tracks as “normal” or “suspicious” with vessel-class-specific thresholds. Core features include speed over ground (SOG), course over ground (COG), rate of turn (ROT), loitering duration and patterns, AIS transmission gaps (duration, frequency, location), geospatial proximity to historical incident clusters, chokepoints, and traffic separation schemes (TSS).
Advanced implementations incorporate vessel identity resolution across spoofed MMSI signals, matching SAR wakes to AIS positions, and RF emission fingerprinting to deanonymize “dark” targets. In practice, a bulk carrier executing unannounced speed reductions from 18 knots to 4 knots followed by station-keeping near historical attack locations in the Singapore Strait, or a dhow-class small craft conducting high-speed stern approaches (closing CPA <0.2 nm, TCPA <5 min) against prevailing traffic flow off Nigeria, triggers automated risk escalation. The system surfaces a risk probability (e.g., 87th percentile), dominant feature attributions (loitering: 42%, night operations: 28%, route deviation: 19%), and recommended actions (increase speed to 20+ knots, muster citadel, notify MRCC).
For evolving threats where labeled training data lags reality, unsupervised and self-supervised methods dominate. Graph neural networks (GNNs) model maritime traffic as dynamic spatiotemporal graphs where nodes represent vessels (with embeddings for type, size, flag) and edges capture interaction patterns: relative bearings, CPA/TCPA violations, formation flying suggestive of mothership-pirate skiff operations, coordinated spoofing across vessel clusters, and vessel-to-vessel transshipment signatures (parallel courses, reduced speed, side-by-side positioning).
Variational autoencoders (VAEs) and diffusion models learn route-specific baselines across TSS boundaries, exclusive economic zones (EEZs), fishing exclusion zones, and port approach corridors. Anomalies surface as vessels executing deliberate AIS spoofing (position jumps >10 nm), coordinated vessel formations maintaining formation through EEZ boundaries, complex transshipment patterns just beyond 12 nm territorial limits, or “stop-start” loitering synchronized with drone overflight windows. Self-supervised learning on unlabeled AIS/SAR/EO datasets — pretraining on billions of track segments — enables detection of zero-day tactics without historical ground truth, critical as threat actors rapidly adapt to enforcement patterns like increased drone interdiction or VMS enforcement.
Probabilistic Forecasting: Temporal Risk at Scale
Advanced time-series models combine classical approaches (Prophet, SARIMA) with deep learning: Long Short-Term Memory (LSTM) networks with attention mechanisms, temporal convolutional networks (TCNs), and N-BEATS architectures decompose piracy incidents into long-term trend, multi-scale seasonality (intraday/nasal/weekly/annual), exogenous shocks (geopolitical events, monsoon phases, oil price shocks), and spatial autocorrelation effects via graph convolutions. Causal inference layers (DoWhy, CausalML) isolate intervention effects from naval deployments, BMP adoption rates, and economic drivers.
Real-time digital twin platforms simulate “what-if” scenarios for patrol allocation, convoy optimization, dynamic rerouting, and escort requirements, incorporating vessel vulnerability scores (deadweight tonnage, freeboard height, citadel status), asset availability (naval vessel positions, UAV endurance), metocean forecasts (sea state, visibility), and real-time traffic density. Federated learning frameworks enable flag states, regional navies, and commercial operators to collaboratively train global threat models while preserving data sovereignty and commercial confidentiality.
Operational AI Platforms: 2026 Production Deployments
The market has consolidated around scalable, enterprise-grade platforms with proven operational pedigrees. Marinode-AI 360° Maritime Security Suite delivers vessel-level threat probabilities (0-100 scale) via multimodal fusion of AIS Class A/B, SAR (Sentinel-1/6, Capella Space), EO (PlanetScope, Maxar), VMS, and open-source intelligence (OSINT). Edge-deployable TensorFlow Lite models run on vessel ECDIS/INS systems for GPS-denied environments, achieving <100ms inference on NVIDIA Jetson Orin modules. Windward MaritimeAI TrakWatch behavioral anomaly platform tracks “dark activity” through RF emissions (AIS decoder fingerprints), SAR wake analysis, and automatic identification correlation across spoofed identities. Deployed by INTERPOL, 15+ navies, and 200+ shipowners for real-time piracy/IUU tasking, with 98.7% recall on historical incidents. ShipIn FleetVision™ v2.0 onboard AI processes 4K CCTV/thermal/radar feeds to detect unmanned surface vessel (USV) mothership launches, Group 1-3 drone overflights, small-boat swarming tactics, and swimmer divers with <2-second latency alerts to bridge, engine room, and CSO dashboards. YOLOv10 + RT-DETR object detection achieves 95% mAP@0.5 on maritime threat classes. xAIS Dark Pool Analytics SAR-based ML pipelines (YOLOv8 + U-Net variants for vessel segmentation, RF wake matching) detect unlit fishing fleets, reefer transshipments, and stateless trawlers at night. Integrated into USCG C4I, EU MRCC, and BIMCO security portals for automated suspect handoff to patrol assets. Orbital Insight SeaVision Pro containerized ML pipelines (anomaly detection, spoofing identification, IUU vessel matching to sanctions lists) process 100M+ daily vessel positions with 99.2% dark vessel recall and 92% precision. Kubernetes-orchestrated deployments scale from cloud to sovereign edge.
National and Regional Deployments Scaling Rapidly
Indonesia’s AI Maritime Surveillance Backbone — operational since Q3 2025 — fuses 200+ coastal radars, 50 AIS stations, LEO SAR/EO constellations (Sentinel Hub), and hydrophone arrays into a unified battlespace management layer supporting Bakamla, TNI-AL, and Polair tasking across 17,000+ islands. Similar architectures roll out in Nigeria’s Deep Blue Project 2.0 (Gulf of Guinea focus), Philippines’ NAWAS 2.0 (archipelagic anti-piracy), and Singapore’s iVAMSC (Malacca Strait traffic management with AI threat overlay).
Layered Architecture for Transport Security Operations
Production systems deploy across four integrated layers with strict human-in-the-loop governance: global baseline screening (VAEs/GNNs) across all traffic for coarse anomaly ranking and initial triage; vessel-centric risk scoring (XGBoost + LSTM transformers) with XAI feature attribution and confidence bounds; tactical decision support (reinforcement learning for patrol/escort optimization, digital twin simulation); and human-AI teaming fusion with augmented reality overlays, voice-actuated querying, and compliance logging for watchstanders.
Deep Blue Project 2.0 deployed Windward + xAIS analytics across 40 Nigerian Navy patrol vessels, achieving 73% reduction in successful boarding attempts through predictive rerouting of 1,200+ tanker transits. Mario Eisenhut image.
Operational Case Study: Gulf of Guinea 2025
Deep Blue Project 2.0 deployed Windward + xAIS analytics across 40 Nigerian Navy patrol vessels, achieving 73% reduction in successful boarding attempts through predictive rerouting of 1,200+ tanker transits. AI-identified risk corridors enabled six-hour advance positioning of fast-attack craft, neutralizing 14 mothership operations before skiff deployment. ROI exceeded 18:1 through avoided ransoms ($120M+), reduced insurance uplifts, and seized IUU cargoes.
Challenges and Technical Mitigation Strategies
Data quality remains paramount: AIS manipulation (spoofing, shutdowns, meaconing) requires robust sensor fusion with SAR/RF/EO backups and anomaly-aware imputation (Kalman smoothers, transformer in-fillers). Model drift from evolving threat tactics demands continuous learning with human feedback loops (RLHF), concept drift detection (ADWIN, DDM), and online retraining on edge TPU clusters. False positive fatigue is mitigated through adaptive alerting thresholds, crew preference profiles, and gamified feedback interfaces.
Regulatory gaps around AI decision liability are closing: IMO MSC.1/Circ.1693 Annex (2025) mandates maritime AI governance frameworks, including audit trails, fallback procedures, and cyber resilience certification (IEC 62443-4-2). Sovereign AI concerns drive hybrid cloud/edge architectures with homomorphic encryption for multi-party computation. Compute constraints at sea are solved via 4/8-bit quantization (GPTQ, AWQ), knowledge distillation, and inference optimization (TensorRT-LLM, ONNX Runtime).
Modern platforms fuse Automatic Identification System (AIS) data, coastal and vessel radar, electro-optical/infrared (EO/IR) sensors, satellite synthetic aperture radar (SAR), high-resolution optical imagery, vessel monitoring systems (VMS), weather APIs, and historical incident databases – enhanced by 5G connectivity, low-Earth orbit (LEO) satellite networks, and tactical edge computing for ultra-low latency processing. Mario Eisenhut image.
Strategic Implications for the Transport Security Ecosystem
For company security officers (CSOs), charterers, protection-and-indemnity (P&I) clubs, and hull insurers, AI establishes defensible, auditable risk baselines that materially reduce exposure. Premium models now incorporate data-driven rerouting compliance scores, while BIMCO/INTERTANKO voyage clauses increasingly mandate AI threat monitoring integration with contractual penalties for non-compliance. War risk premiums in the Gulf of Guinea dropped 22% in Q4 2025 for AI-enabled fleets.
Forward-leaning operators gain competitive advantage through predictive fleet protection: pre-positioning armed security teams via dynamic tasking, hardening high-value LNG carriers with adaptive citadel automation, and negotiating voyage clauses based on real-time risk telemetry rather than historical averages. Seafarer welfare improves through reduced exposure time in risk corridors and confidence in automated early-warning systems.
The Path Forward: AI as Maritime Security Infrastructure
AI will not replace warships, citadels, LRADs, or armed guards, but it fundamentally changes how transport security professionals employ them. The most effective organizations treat predictive maritime analytics as core infrastructure — integrated across fleet management systems (FMS), voyage data recorders (VDR), vessel traffic services (VTS), and multinational coordination centers like Djibouti Combined Task Force 151 or EU NAVFOR Atalanta.
The competitive divide will separate those who view AI as a compliance checkbox from those who weaponize it as a force multiplier. Forward-thinking shipowners embracing this shift today will navigate tomorrow’s threat landscape with unprecedented foresight, materially enhancing seafarer safety, strengthening supply chain resilience, and securing the arteries of global maritime trade against actors who thrive in the shadows.
Cyberattacks on the transportation sector have surged nearly 50% over the past five years. But the headline statistic obscures what attackers are pursuing: data. Customer records, shipment manifests, logistics intelligence, employee information, payment credentials and increasingly, sensitive government and defense data flowing through supply chains. The transportation industry has spent decades fortifying network perimeters. The problem is that data no longer stays inside them.
Data now moves continuously across cloud-based logistics platforms, third-party vendors, IoT sensors, connected vehicles and AI-powered systems. It crosses borders, jurisdictions and organizational boundaries every second of every day. The traditional security model — build walls, monitor the gates — was designed for a world where sensitive information lived on servers you controlled. That world is gone. And regulators, adversaries and customers have all noticed.
Data Exposure Landscape
The transportation sector has become a prime target precisely because of the data it holds and how that data moves. Nearly two-thirds of supply chain cyberattacks now target transportation and warehousing operations. Ransomware accounts for roughly 40% of all attacks on the sector — and modern ransomware operators don’t just encrypt systems. They exfiltrate data first, creating leverage for extortion even when victims have solid backups.
The average breach now costs transportation organizations nearly $4 million. But the exposure goes beyond direct financial loss. Fleet telematics systems constantly transmit location and operational data. Connected vehicles run on over 100 million lines of code and communicate with central platforms in real time. IoT sensors across ports, railyards and distribution centers generate continuous data streams. Every one of these touchpoints represents data flowing outside traditional perimeter controls.
The third-party dimension makes this worse. Most companies are now linked to at least one third party that has experienced a data breach. Yet only about one-third of organizations have meaningful visibility into how their partners handle sensitive data. Transportation supply chains are long, complex and deeply interconnected. Your data doesn’t just live in your environment — it lives in your vendors’ environments, your partners’ environments and their vendors’ environments.
Why Perimeter Security Fails Transportation
The legacy security model made a fundamental assumption: sensitive data stays inside the network, so protecting the network protects the data. For transportation organizations in 2025, that assumption is catastrophically wrong.
Consider where transportation data lives and moves. Cloud-based logistics platforms manage shipments, inventory and customer information across distributed infrastructure. Third-party vendors — hundreds or thousands of them in a typical supply chain — process, store and transmit data according to their own security practices. Connected vehicles and IoT devices transmit operational and customer data continuously, often over cellular networks entirely outside corporate infrastructure. And AI systems increasingly process sensitive information across jurisdictions, creating data flows that traditional controls can’t track or govern.
Recent incidents tell the story. In 2023 and 2024 alone, ransomware attacks on fleet management providers forced trucking companies to revert to paper logs when electronic logging devices went dark. Third-party software breaches cascaded across major airports, grounding flights and exposing passenger data. Transit authorities lost customer names, addresses and banking information over prolonged intrusions. In each case, the data these organizations depended on wasn’t behind their firewalls — it was in vendor environments, cloud platforms, or systems entirely outside their perimeter controls.
This creates a governance gap that mirrors what we see across industries. Organizations have invested heavily in monitoring — they can observe data moving through their systems. But they lack the controls to enforce policy when data leaves their environment. They know where data is stored but often have no idea where it’s being processed, especially when AI and cloud services are involved. Watching isn’t the same as protecting.
Compliance Reckoning
Regulators have taken notice. The compliance landscape for transportation data security is tightening rapidly and organizations relying on perimeter-centric approaches will find themselves exposed.
The Transportation Security Administration has proposed comprehensive cyber risk management requirements for surface transportation operators. The rule mandates data governance frameworks, not just network security controls. Organizations must demonstrate how they protect sensitive information throughout its lifecycle — not just while it sits on internal servers.
The Cyber Incident Reporting for Critical Infrastructure Act requires covered entities to report substantial cyber incidents within 72 hours and ransom payments within 24 hours. When a breach occurs, regulators will want evidence of what happened, what data was affected and what controls were in place. Organizations with fragmented logging across dozens of systems will struggle to answer those questions under deadline pressure.
For defense contractors in the transportation sector — and the logistics supply chain touches defense more than most realize — C MMC 2.0 requirements became effective in November 2024. Over 300,000 contractors must now demonstrate specific maturity levels for handling Federal Contract Information and Controlled Unclassified Information. The framework doesn’t care about your firewall. It cares about how you protect data.
The evidence problem compounds all of this. Cross-industry research shows that roughly one-third of organizations lack evidence-quality audit trails and over 60% have fragmented logs scattered across systems. When regulators or auditors ask what happened to specific data, these organizations can’t answer with confidence. That’s not a defensible position in 2026’s regulatory environment.
Data-Centric Security: What Must Change
Protecting transportation data requires a fundamental shift in approach. The perimeter isn’t coming back. Data-centric security must replace it.
Shift protection to the data itself. Classification, tagging and policy enforcement must follow data wherever it moves — across clouds, vendors, devices and borders. If a file containing customer PII leaves your environment, the protections should travel with it.
Demand visibility into third-party data handling. You cannot protect what you cannot see. Contracts and questionnaires are insufficient. Organizations need continuous visibility into how partners process, store and secure shared data. The roughly one-third of organizations with this visibility today have a significant advantage over those flying blind.
Consolidate audit trails. Fragmented logs across dozens of systems aren’t evidence — they’re a liability. Unified, evidence-quality audit trails enable both incident response and regulatory compliance. When something goes wrong, you need to reconstruct what happened in hours, not weeks.
Extend sovereignty controls to processing. Knowing where data is stored isn’t enough. With AI and cloud services, data may be processed in jurisdictions you never intended. Organizations need visibility into where data is processed, trained and inferred — not just where it sits at rest.
Prioritize containment over monitoring. Watching data move is necessary but insufficient. Purpose binding, granular access controls and the ability to cut off data flows when something goes wrong — these containment capabilities matter more than dashboards showing what already happened.
Implement Zero Trust for data access. Every access request should be verified regardless of network location. Transportation organizations implementing Zero Trust architectures report 40% faster incident response and significantly improved threat detection. The principle applies to data access, not just network access.
Data Is the Mission
Transportation’s digital transformation has made data the operational core of the industry. Logistics optimization, safety systems, customer experience, regulatory compliance — all of it depends on data flowing to the right places at the right times. That dependency is permanent and growing.
Protecting network perimeters while data flows freely through vendors, clouds, connected devices and AI systems is security theater. It creates the appearance of protection without the substance. Adversaries have recognized this. Regulators have recognized this. The organizations that fail to recognize it will learn through painful experience.
In 2026, the question won’t be whether your network was secure. It will be whether your data was protected — wherever it went, whoever touched it and whatever systems processed it. The transportation organizations that treat data protection as the primary mission, not an infrastructure afterthought, will be the ones that maintain customer trust, satisfy regulators and survive the breach attempts that are certainly coming.
The perimeter era is over. The data protection era has begun.
About the Author
Frank Balonis is chief information security officer and senior vice president of operations and support at Kiteworks, with more than 20 years of experience in IT support and services. Since joining Kiteworks in 2003, Frank has overseen technical support, customer success, corporate IT, security and compliance, collaborating closely with product and engineering teams. He holds a Certified Information Systems Security Professional (CISSP) certification and served in the U.S. Navy. He can be reached at fbalonis@kiteworks.com.
Aviation security has long focused on keeping external threats out — the passenger with a weapon, the infiltrator at the gate or the cybercriminal probing systems from afar. Yet one of the most persistent and complex vulnerabilities lies inside the airport perimeter: the trusted employee. From ground handlers to mechanics, flight attendants, IT administrators and contractors, the modern aviation ecosystem relies on thousands of individuals with authorized access to critical areas and systems. When even one abuses that trust, through corruption, negligence, coercion or ideology, the results can be catastrophic.
Recent analyses highlight that insider misuse is not hypothetical. Incidents involving unauthorized access, smuggling, data theft and attempts to aid extremist networks have reaffirmed that the “enemy within” remains a challenging security threat.
The term “insider threat” once referred mainly to employees with malicious intent — those deliberately acting against the interests of their organization. Today, the definition has broadened to include unintentional insiders whose errors, complacency or manipulation by others create opportunities for exploitation.
Insiders in aviation may act for financial gain, ideological motives, coercion, or simple negligence. Many threats emerge not from criminal intent but from the erosion of vigilance and ethical boundaries. Airports and airlines, by their nature, depend on trust — yet that very trust is what adversaries exploit.
1. Hiring and Background Checks
The foundation of insider threat mitigation begins before day one. Rigorous pre-employment vetting and ongoing revalidation ensure integrity over time. Continuous evaluation programs, now standard in many sectors, use automated systems to flag new risks or behavioral red flags. Modern screening doesn’t end with a fingerprint card; it includes social media vetting, financial reviews, and intelligence-driven risk scoring.
2. Separation of Duties and Least Privilege
Security is not just about access to buildings but about what employees can do once inside. Least-privilege access ensures that individuals only perform functions required by their role, limiting exposure if one credential is compromised. Dynamic access control, adjusting privileges based on schedule, role changes, or incomplete training, adds another layer of prevention against misuse.
3. Behavioral Detection
Artificial intelligence and machine learning now power anomaly detection systems that flag unusual access patterns, badge use at odd hours or system log anomalies. These tools can identify early signs of insider activity while preserving privacy through structured oversight.
Technology alone cannot detect every insider threat. The most effective programs are built on behavioral intelligence, the combination of human judgment, organizational psychology and leadership culture. If you see something, say something.
Human Reliability Programs (HRPs), utilized in the nuclear and defense industries, incorporate psychological evaluation, peer accountability and wellness tracking. In aviation, a simplified version can focus on three pillars: stability, support and self-reporting. Employees who experience personal crises, financial stress or workplace conflict are more likely to become targets of manipulation. An HRP encourages them to seek confidential support before they become security risks.
Behavioral Observation Training equips supervisors and coworkers with the skills to identify subtle warning signs, such as sudden isolation, unexplained wealth or unusual shift swaps, and report them through anonymous channels. When reporting mechanisms are non-punitive and trusted, information flows freely, allowing for early intervention.
The most forward-thinking airlines and airports are now adopting fusion-cell concepts, modeled after national intelligence agencies. These centers bring together HR, IT security, operations and law enforcement liaisons to analyze both digital and human indicators in real time.
For example, an employee accessing an aircraft maintenance database at 3 a.m. might not trigger an alarm by itself. But when that activity aligns with financial distress data or behavioral changes noted by a supervisor, the system can escalate for immediate review. This holistic perspective, connecting departments that rarely talk, transforms fragmented security into a predictive security approach.
No insider threat program can succeed without leadership buy-in and cultural ownership. Security must move from being a department to being a mindset. Leaders who routinely visit secure areas, engage with staff and discuss integrity expectations humanize security and build credibility.
Quarterly “Security Climate” surveys can gauge whether employees feel safe reporting misconduct or observing favoritism, pressure or unclear rules, all precursors to insider complacency. Recognition programs, such as “Integrity in Action” awards, publicly celebrate employees who demonstrate ethical courage, reinforcing that prevention is everyone’s job.
Airlines that treat insider threat as a shared mission, rather than a top-down compliance exercise, are the ones most likely to catch the subsequent breach before it starts.
Aviation can draw powerful insights from energy, finance and defense, industries which manage similar high-trust environments. The Department of Energy’s “Two-Person Integrity Rule,” could be mirrored in sensitive airport zones, ensuring no one is ever alone with critical assets. Financial institutions’ predictive risk algorithms, which blend HR and performance data, could help identify those under stress long before it leads to sabotage or smuggling.
Partnerships among airlines, airports, and intelligence agencies will be crucial in the years to come. Shared watchlists, unified background-check databases and cross-jurisdictional risk-scoring systems can close the gaps that allow an insider dismissed in one location to resurface in another.
As global instability grows, the aviation industry must confront a sobering truth: the subsequent breach may not come from a passenger’s bag, but from a staff member’s badge. The path forward lies in balance — harnessing data analytics and behavioral science while nurturing a culture where security is personal. From recruitment to retirement, every employee must see themselves as part of the safety shield.
Iran temporarily closed parts of the Strait of Hormuz to conduct live-fire naval drills (“Smart Control”), marking a rare, high-stakes signal amid rising tensions with the U.S.. Although only for several hours, this action in the vital 33km-wide chokepoint—which carries 20% of global oil—heightened fears of a wider conflict
The Iranian state media said on Tuesday, February 17 that navigation through sections of the Strait of Hormuz, one of the world’s busiest shipping lanes, would be temporarily restricted. The waterway was closed for several hours due to military drills, a move that comes as U.S. talks with Tehran begin in Geneva, Switzerland.
The Strait of Hormuz is critical to global energy flows, with much of the world’s oil and gas shipments passing through the shipping lane. Even short disruptions can heighten market anxiety and reroute vessel traffic, according to shipping experts.
“There is no alternative route to the Strait of Hormuz,” said Jakob Larsen, chief safety and security officer at shipping association Bimco, in a piece by The National. He said that recent regional instability has already forced vessels to divert, pointing to a sharp decline in Red Sea and Bab Al Mandeb traffic following Houthi attacks.
