MIT has updated cybersecurity measures for domestic ships, ports and port facilities
A circular has been published which, among other things, introduces staff training
Roma
January 7, 2026
The Ministry of Infrastructure and Transport, through the
General Command of the Port Authority Corps - Guard
Coastal and the NIS Authority - Transport Sector, announced
the publication of the new Circular No. 177/2025 entitled
"Maritime Cyber Risk. Updating security measures
for domestic vessels, the ISM (Company
ISM) and port facility operators" which will enter the
fully in force from 1 November 2026. The document introduces
An advanced, modern and binding framework of cybersecurity measures
intended to strengthen the resilience of the sector
maritime-port sector, in light of the growing digitalisation of
on-board systems, port infrastructures and procedures
operational.
The new discipline, consistent with the IMO guidelines and with the
the most recent international guidelines on the subject, integrates
the standards contained in the main technical references of the
sector and harmonises with the European framework defined by the
Directive 2022/2555 - NIS2 and the related legislative decree
138/2024, which include ports, maritime administrations and
Critical operators among the essential players in cybersecurity
national team.
Announcing the publication of the circular, dated 16
December 2025, the General Command of the Corps of the Captaincies of
Porto recalled that the widespread adoption of on-board systems such as
ECDIS, AIS, GMDSS, connected OT systems, ship-port interfaces and
remote access channels has increased the efficiency of the industry, but
at the same time it has expanded the attack surface exposed to
increasingly sophisticated cyber threats. I Computer Based
Systems (CBS), which include both IT and OT systems, constitute
in fact, a backbone of maritime and port operations is,
precisely for this reason, they represent a potential target of
attacks capable of compromising the safety of navigation,
business continuity and protection of the marine environment.
In this scenario, the new circular defines obligations and
recommendations for shipping companies, ship masters,
port facility operators and state authorities involved,
requiring the adoption of a structured approach to the management of the
cyber risk, the full integration of cyber measures into the
Safety Management System (SMS) and ship security plans
updating of internal procedures, the adoption of
appropriate and proportionate technical and organisational measures, and
the formalization of prevention, detection, response processes
and recovery in the event of an accident. The measure also introduces
staff training, making it necessary to
qualification for crews, Company Security Officer, Port
Facility Security Officers and IT/OT technicians, in order to ensure a
up-to-date preparation with respect to attack techniques and
response requirements. Particular attention is paid
management of critical systems – including propulsion, government,
Power generation, charging systems, communications
internal and external systems, access monitoring systems, dedicated networks
port infrastructure and VTS services - which must be
be subject to a periodic, documented and based
on the principles of risk.
The circular also extends the focus to technologies
with explicit references to autonomous systems and
integrated ship-shore services used in MASS operations,
recognizing its growing diffusion and the need for
address new related vulnerabilities. Management
of cyber incidents is also reinforced through the
coordination with the notification obligations provided for by the decree
138/2024, which impose on the subjects falling within the
NIS2 perimeter the reporting of significant incidents to the
CSIRT Italy, thus making incident notification
a key element of the national strategy for
answer.
- Via Raffaele Paolucci 17r/19r - 16129 Genoa - ITALY
phone: +39.010.2462122, fax: +39.010.2516768, e-mail
VAT number: 03532950106
Press Reg.: nr 33/96 Genoa Court
Editor in chief: Bruno Bellio No part may be reproduced without the express permission of the publisher