September 30, 2025
3 min read
The Importance of Maritime Cybersecurity
When attackers target a port, the consequences are immediate: cargo sits idle, operations halt, and safety systems are at risk. Ports are no longer just physical gateways, they are digital battlegrounds and attackers know it.
Threat actors attack maritime operations for profit, disruption, or geopolitical leverage. Protecting these environments requires one thing above all: realistic, attacker-informed training.
Overview of the Sines Port Red Team Training
At Sines Maritime Port in Portugal, CybergymIEC led a multi-day red team exercise built to reflect real attacker tactics under real operational constraints. Directed by Daniel Shemesh, Red Team Lead at CybergymIEC, the program went beyond theory to expose local teams to the pressure and complexity of live OT attacks.
Participants started with the fundamentals of first response and attacker mindset — learning not just what tools hackers use, but how they think and move through a system. The training culminated in a customized live-fire attack scenario on the port’s own OT systems, designed and delivered within strict regulatory limits.
The result: teams didn’t just gain “experience”, they proved they could respond, contain, and adapt in conditions that mirrored the threats ports face every day.
Training Structure and Content
Over three days, CybergymIEC designed a training program that built from fundamentals to full-scale live-fire attacks, reflecting the pace and pressure of real cyber incidents.
The first phase focused on first-response readiness and attacker mindset: how hackers think, where they strike, and what tools they use to move through OT systems. This gave the teams the perspective they need to anticipate threats before they hit.
From there, participants moved into hands-on drills, investigating malware, analyzing vulnerabilities, and working in the roles they occupy every day. The training forced teams to apply lessons directly to their operational responsibilities, breaking down silos between IT, OT, and incident response.
The highlight came on days two and three: a custom live cyberattack on the port’s OT systems. Teams were challenged to contain, respond, and recover under the same pressure they would face in a real-world incident. More than a technical test, it proved their ability to collaborate, make decisions under fire, and defend critical operations when it matters most.
International Collaboration and Cultural Considerations
One of the standout aspects of the Sines Port training was the international collaboration involved. Daniel Shemesh, although leading the training, worked closely with local teams and international experts. This collaborative approach ensured that the training was comprehensive and leveraged diverse expertise.
Cultural considerations played a significant role in the success of the training. Conducting cybersecurity training in a foreign country comes with unique challenges, such as language barriers and different customs. However, these were effectively managed through careful planning and open communication. For instance, local IT support personnel, such as Gonzalo, were actively involved in the training, bridging any cultural and technical gaps.
Daniel Shemesh's experience highlights the importance of cultural sensitivity and adaptability in international training exercises. By respecting and understanding local customs, trainers can create a more inclusive and effective learning environment.
Challenges and Solutions in Cyber Defense Training
Training critical infrastructure staff to defend against cyber threats is fraught with challenges. One of the primary challenges is the legal and regulatory constraints on sharing sensitive information. During the Sines Port training, not all details about the port's systems could be disclosed. This necessitated a reliance on internet research and educated assumptions to create realistic attack scenarios.
Another challenge is the complexity of operational technology (OT) systems used in ports. These systems are often unique and require specialized knowledge to defend. The training had to be tailored to address the specific needs and vulnerabilities of Sines Maritime Port's systems.
Despite these challenges, the training was successful due to a few key strategies. First, the use of realistic, tailored attack scenarios ensured that participants faced challenges closely mirroring real-world situations. Second, the involvement of local experts helped bridge knowledge gaps and provide valuable insights. Lastly, the emphasis on practical, hands-on training ensured that participants could directly apply what they learned.
Key Takeaways and Future Implications
The Red Team training at Sines Maritime Port offers several key takeaways for the future of maritime cybersecurity. First, the importance of understanding hacker behavior cannot be overstated. By thinking like attackers, defenders can better anticipate and mitigate threats.
Second, international collaboration is crucial for effective cybersecurity training. Leveraging diverse expertise and respecting cultural differences can enhance the training experience and outcomes.
Lastly, the success of the Sines Port training underscores the value of practical, hands-on training. Real-world scenarios and role-based exercises provide participants with the experience and confidence needed to handle actual cyber threats.
As cyber threats continue to evolve, so too must our defense strategies. The insights gained from the Sines Port training will inform future training programs, ensuring that maritime ports and other critical infrastructures remain resilient against cyber attacks. The collaboration between Cybergym and international partners sets a precedent for how to successfully prepare for and mitigate cyber threats in a globalized world.
