Is collective cyber defence the future of port security? Learnings from a Dutch initiative

Ports handle approximately 80% of international trade by volume, sustaining the global economy. Far more than transit hubs, they are complex industrial clusters that connect maritime transport with vast industrial ecosystems and deeply interconnected supply chains.

At the same time, port ecosystems are becoming increasingly digitised and interconnected, and thus vulnerable to cyberattacks. However, many of them still lack the collective cyber resilience needed, given their interdependent nature. A Dutch initiative attempted to tackle this through collaboration.

Automated terminals, smart infrastructure and real-time data platforms are transforming not only how goods move through ports but also how the wider industrial ecosystem coordinates operations, manages energy and uses shared infrastructure, making ports more efficient and interconnected.

At the Port of Rotterdam, for example, advanced port-call optimization and shared data platforms have enabled more predictive and coordinated operations.

This allows more accurate vessel arrival forecasts, reducing waiting times up to 20% and enabling optimization of berths, equipment deployment and hinterland connections before congestion occurs.

Yet this growing digital interdependence also expands the cyber-attack surface. A disruption to one system can rapidly propagate across port operations, industrial partners and inland transport networks.

Simultaneously, cyber threats are becoming more targeted and sophisticated and can be geopolitically motivated. Maritime cyber incidents reportedly increased by 103% in 2025, with vulnerabilities in port operating systems exploited, denial-of-service attacks targeting infrastructure and ransomware hitting major terminals.

For example, when a ransomware encrypts terminal operating systems during a cyberattack, container handling can come to a standstill, triggering costly delays and ripple effects across global supply chains.

Tackling cybersecurity in this environment requires collective resilience across the entire port ecosystem.

The Netherlands’ response provides a solid case study for increasing port resilience to protect national and European prosperity.

Ferm Seaports was established under the Joint Cyber Strategy for Dutch Seaports, developed by the ports themselves, in collaboration with the Branche Organisatie Zeehavens (BOZ, Dutch Port Association), the Ministry of Infrastructure and Water Management, and the National Coordinator for Security and Counterterrorism (NCTV).

The premise for this initiative is that while ports may compete commercially, they must cooperate on cybersecurity and resilience. Cyber threats do not respect organizational structures, operational boundaries or market competition and neither can the response.

Port-based industrial clusters bring together various actors – port authorities, terminal operators, logistics providers and industrial companies – each with different regulatory obligations, risk appetites and levels of cybersecurity maturity. Yet they rely on shared infrastructure and tightly interconnected supply chains.

This interdependence blurs accountability. For example, is the port authority, a major operator or a neutral coordinating body ultimately responsible for cyber resilience across the cluster? In the absence of clear leadership and enforceable coordination mechanisms, cybersecurity efforts often lack a common “way of working” and efforts remain fragmented rather than ecosystem-wide.

Collaboration is further complicated by trust barriers. Concerns over commercially sensitive information, competitive positioning and reputational exposure can limit willingness to share incident data or lessons learned. Organizations, therefore, frequently silo cyber risk management, without fully accounting for the systemic impact of their decisions or inaction.

To address these structural challenges, the Ferm initiative operates through three complementary roles:

Ferm’s strength lies in its cross-sectoral approach, its close connection to operations, and its facilitation of cooperation on issues relevant to all stakeholders, while keeping participation voluntary.

Ferm focuses on three primary organization groups, supported and facilitated by relevant public partners and stakeholders.

The first group comprises those organizations that are foundational to the safe handling of maritime traffic, such as Vessel Traffic Services operators and mooring service providers. This is the most critical process within the port chain, enabling the flow of goods, logistics and industrial production, with consequences that extend across the port ecosystem and beyond.

The second group are organizations that form critical chains for the continuity of the Dutch economy and the European hinterland, such as terminal operators and chemical companies. Ferm has mapped these critical chains to identify where disruptions would have the greatest economic and societal impact.

The third group includes all port-related organizations that may not be formally designated as critical but play an important supporting role in daily port operations. These include shipping companies, ship builders, nautical service providers and non-maritime organizations within the port.

The Ferm initiative shows how ecosystem-level collaboration strengthens cyber resilience in ports and in the interconnected industrial systems that depend on them.

Since Rotterdam, the initiative has expanded to four additional Dutch seaports. While more than 1,000 companies operate across these ports, Ferm directly connects around 80 organizations through structured coordination and information-sharing.

It identifies an average of 15 vulnerable systems and issues approximately two urgent security advisories per week. This illustrates both the scale of exposure and the value of coordinated monitoring and response.

Its success lies in a clear, shared vision, strong top-management commitment and sustainable, long-term funding partnerships, with the initiative supported and financed by the five Dutch seaport authorities.

The lessons extend beyond ports: as industrial clusters become more digitized, collective cyber resilience becomes a structural necessity. Initiatives such as Ferm demonstrate how collaboration, rather than competition, can become a strategic asset for safeguarding the continuity of critical economic lifelines.