Cybersecurity for Florida Ports and Maritime Operations
Florida's seaport network ranks among the most economically significant in the United States, handling cargo, cruise passengers, and logistics operations across 15 deepwater ports. Cybersecurity threats targeting maritime infrastructure have escalated in both frequency and sophistication, with documented incidents affecting port operational technology (OT), vessel navigation systems, and cargo management platforms. This page describes the regulatory landscape, operational threat categories, and professional frameworks governing cybersecurity in Florida's port and maritime sector.
Definition and scope
Maritime cybersecurity covers the protection of information technology (IT) and operational technology systems used in the planning, coordination, and physical execution of port and vessel operations. In Florida, this encompasses the 15 deepwater seaports overseen by the Florida Ports Council, cargo terminal operators, cruise line homeport facilities, intermodal logistics networks, and the vessel traffic services that support them.
The scope extends to industrial control systems (ICS), supervisory control and data acquisition (SCADA) systems, automated crane and berth management platforms, electronic chart display and information systems (ECDIS), and the administrative networks connecting port authorities to federal customs and border systems. Cybersecurity obligations at these facilities derive from overlapping federal and state authority, and the sector sits at the intersection of Florida's broader critical infrastructure cybersecurity framework and federal maritime law.
What this page does not cover: Cybersecurity for inland waterway operations outside Florida's jurisdictional waters, offshore drilling platforms regulated exclusively under federal offshore statutes, and general cargo logistics companies with no direct port facility presence fall outside the primary scope of this reference. Federal maritime law preempts Florida state law in areas of vessel safety and navigation; Florida-specific obligations addressed here apply to shore-side port authority operations and facilities.
How it works
Maritime cybersecurity governance in Florida operates through a layered structure of federal mandates, port authority policies, and voluntary frameworks. The primary federal authority is the U.S. Coast Guard (USCG), which under the Maritime Transportation Security Act of 2002 (MTSA, 46 U.S.C. § 70101 et seq.) requires covered facilities to maintain Facility Security Plans (FSPs). Since 2020, USCG has required that FSPs address cybersecurity as a component of physical security planning following Navigation and Vessel Inspection Circular (NVIC) 01-20.
The operational framework most commonly applied at Florida seaports aligns with the NIST Cybersecurity Framework (CSF) and the BIMCO/ICS Guidelines on Cyber Security Onboard Ships, which address vessel-side controls. Shore-side OT security is further informed by IEC 62443, the international standard series for industrial automation and control system security.
A standard port cybersecurity program proceeds through the following phases:
- Asset inventory — Cataloging all IT and OT assets, including legacy programmable logic controllers (PLCs), terminal operating systems (TOS), and networked physical access controls.
- Risk assessment — Mapping attack surfaces using threat models that account for both nation-state and criminal threat actors with documented interest in maritime chokepoints.
- Segmentation and access control — Isolating OT networks from corporate IT networks; implementing role-based access to cargo management and customs declaration systems.
- Incident detection — Deploying intrusion detection across both IT and OT segments, with specific attention to anomalous commands in SCADA environments.
- Response and recovery planning — Aligning port continuity plans with USCG FSP requirements and CISA's Maritime Cybersecurity Framework.
- Compliance reporting — Submitting required notifications to USCG and, where applicable, Florida's cybersecurity incident reporting channels under the Florida Cybersecurity Act (§ 282.318, Florida Statutes).
The regulatory obligations applicable to Florida port authorities as state entities also intersect with the Florida Department of Management Services cybersecurity standards, which govern IT security for government-operated infrastructure.
Common scenarios
Florida maritime operations face cybersecurity scenarios that differ from general enterprise environments due to the integration of physical operational systems with networked controls.
Cargo system manipulation: Terminal operating systems that manage container tracking, weight declarations, and customs clearance are high-value targets. Attackers who compromise these systems can alter manifests to facilitate smuggling or cause port congestion by corrupting container location data.
Ransomware against port authorities: Port authorities operating as Florida government entities have been targeted by ransomware groups that encrypt administrative systems and demand payment to restore operations. The broader pattern of ransomware against public infrastructure is documented by CISA and is directly relevant to Florida's port landscape; more detail on the statewide threat pattern is covered at Florida Ransomware Threats.
GPS/AIS spoofing: Vessel automatic identification system (AIS) data and GPS positioning can be manipulated to misrepresent vessel locations, creating safety hazards and enabling illicit movements in and around Florida's busy port approaches.
Vendor and third-party access: Port facilities rely on logistics software vendors, customs brokers, and tugboat operators who connect to shared systems. Each third-party access point represents a potential intrusion vector. This risk category is addressed in detail at Florida Vendor and Third-Party Cybersecurity Risk.
Phishing against port employees: Social engineering campaigns targeting port staff — particularly those with access to cargo release systems or wire transfer authority — are a documented threat vector. The mechanics of these campaigns are covered at Florida Social Engineering and Phishing Threats.
Decision boundaries
Understanding which regulatory regime governs a specific cybersecurity obligation at a Florida port facility requires distinguishing between vessel-side and shore-side systems, and between state-operated and privately-operated facilities.
| Dimension | Federal Authority | Florida State Authority |
|---|---|---|
| Vessel systems (ECDIS, AIS, bridge networks) | USCG / NVIC 01-20 | Not applicable |
| Shore-side government port authority IT | CISA / NIST CSF | DMS cybersecurity standards; § 282.318 F.S. |
| Shore-side private terminal operators | USCG MTSA / CISA | Florida data breach notification (§ 501.171 F.S.) |
| Incident reporting obligations | USCG; CISA 72-hour rules | Florida CISO notification under § 282.318 F.S. |
The distinction between OT and IT cybersecurity obligations is operationally significant. OT systems controlling cranes, locks, and berth assignments require different toolsets and response procedures than administrative IT networks. Professionals navigating both domains should consult the regulatory context for Florida cybersecurity to map overlapping obligations accurately.
For a broad orientation to the Florida cybersecurity service sector, the Florida Security Authority index provides reference coverage across all major verticals and sectors operating under Florida jurisdiction.
References
- U.S. Coast Guard – Maritime Cybersecurity (NVIC 01-20)
- Maritime Transportation Security Act of 2002, 46 U.S.C. § 70101
- NIST Cybersecurity Framework (CSF)
- CISA – Transportation Systems Sector
- CISA – StopRansomware
- BIMCO – Guidelines on Cyber Security Onboard Ships
- IEC 62443 – Industrial Automation and Control Systems Security
- Florida Statutes § 282.318 – Cybersecurity Act
- Florida Ports Council
- Florida Department of Management Services – Information Technology