TL;DR too long, didn’t read

  • Cyprus, Israel, and Greece will build a joint regional maritime cybersecurity centre: the Nicosia-based Maritime Cybersecurity Centre of Excellence (MarCCE) will coordinate threat intelligence, training, and policy standards across the Eastern Mediterranean.

  • GPS interference hit a major US port, not a conflict zone: seven vessels reported GPS outages approaching Long Beach in January; the likely cause was a scheduled US military test, but the symptoms on the bridge looked exactly like spoofing.

  • A Korean maritime-cyber vendor raised KRW 5,2 billion: CYTUR's Series A is a clean data point on capital flowing into vessel cyber-compliance tooling as IACS E26/E27 deadlines bind.

The thread through all three: institutions, incidents, and investors are landing in the same place. Maritime cyber and GNSS risk are no longer confined to any one region, and both policy and money are starting to follow.

Three things that matter this week

Cyprus, Israel, and Greece will build a joint maritime cybersecurity centre

Cyprus is preparing to host a new regional maritime-cybersecurity centre, built jointly with Israel and Greece. The facility, called the Maritime Cybersecurity Centre of Excellence (MarCCE), will be based in Nicosia and will operate under the authority of Cyprus's Digital Security Authority, working alongside the Israeli National Cyber Directorate and Greece's National Cybersecurity Authority.

The centre traces back to agreements reached at the 2025 trilateral summit between the leaders of the three countries, part of a wider regional partnership on security, technology, and energy. Its stated remit covers four things: gathering and sharing intelligence on cyber threats targeting maritime systems, training specialists to respond to attacks on ports and vessels, developing international policy standards, and connecting maritime companies with technology startups. Officials also expect it to run training programmes and simulated cyber-attack exercises so ports and vessels can test how they hold up under pressure.

This is a positive, institutional story, and it is worth reading it as exactly that rather than looking for a hidden crisis in it. But the timing is not incidental. The Eastern Mediterranean sits at the intersection of two things this newsletter tracks closely: regional tension tied to the wider conflict involving Iran, and a maritime economy that Cyprus in particular depends on for its position as a shipping and logistics hub. Special Edition #SE05 (26 June) already flagged the Eastern Mediterranean as an elevated-risk zone for superyacht cyber incidents; a standing regional coordination body for maritime cyber threat intelligence is a logical, if slow-moving, response to that kind of exposure.

Why this matters for maritime: most maritime-cyber cooperation between states has so far been bilateral, ad hoc, or channelled through global bodies like IMO and IACS. A dedicated regional centre, run jointly by three governments with genuinely different intelligence services, is a different kind of institution. If it works, it is a template other pressured regions, the Baltic or the Gulf, could copy.

What to do: if you operate in or through the Eastern Mediterranean, watch for MarCCE's first training programmes and exercises and consider early engagement rather than waiting for the centre to mature. If you sell into the region, a state-backed centre with a startup-linking mandate is a channel worth tracking, not just a government press release.

GPS interference off California shows GNSS failures aren't just a conflict-zone problem

29 January 2026, approach to the Port of Long Beach.

It was just before midnight when seven ships approaching the Port of Long Beach from the west keyed their microphones on VHF Channel 14 to report GPS outages to the Los Angeles/Long Beach Vessel Traffic Service, according to an account by Capt. James Haley, a 32-year Long Beach harbor pilot now a senior consultant at UHU Technologies, and Capt. Dana A. Goward, president of the Resilient Navigation and Timing Foundation and a former U.S. maritime navigation authority. Within the same hour, aircraft over the Channel Islands reported similar problems via ADS-B, and NOAA CORS ground stations logged anomalies in GPS signal-to-noise ratios.

AIS data from at least seven vessels showed position jumps consistent with GPS spoofing, and one vessel's AIS transmission stopped altogether for nearly an hour. The affected area spanned more than 100 miles and included the Los Angeles/Long Beach Traffic Separation Scheme, one of the busiest approach corridors on the US West Coast. Every affected vessel entered port safely, in clear weather and good visibility.

Here is the important nuance: this was very likely not an attack. Six days later, the minutes of the LA/Long Beach Harbor Safety Committee recorded that sector personnel, working with the Coast Guard Navigation Center, "were able to identify a GPS testing event as the likely cause". The authors point to a specific, scheduled test, PMSRCA 26-02 (Point Mugu Sea Range California 26-02), as the most probable source, though they are careful to note the available data does not make that certain. The U.S. Coast Guard Navigation Center publishes these testing schedules every month, but the authors note that many mariners may simply not have known about this particular one.

That is exactly why this story matters, not despite the benign cause but because of it. If a routine, friendly test can produce symptoms indistinguishable from hostile spoofing, on a US coastline, in clear weather, with no conflict anywhere nearby, then GNSS-denied navigation is not a Baltic problem or a Hormuz problem. It can happen on any transit, in any waters. That is precisely the territory Andrzej Gab will be speaking to at the Monaco Energy Boat Challenge on Thursday 9 July, on the panel "Cyberattacks in Yachting: Navigating in GNSS dark zones": dark zones are not confined to known conflict corridors.

Why this matters for maritime: whether the source is a hostile jammer in a conflict zone or a scheduled test off a US naval range, the operational effect on a bridge team is the same: a wrong position, a dropped AIS feed, a few minutes of degraded situational awareness in a busy shipping lane. Preparedness for GNSS loss has to be a universal practice, not a regional one.

What to do: check the U.S. Coast Guard Navigation Center's published GPS testing schedule against your voyage plan before transiting US waters, and treat it the way you would any other navigational warning. Regardless of region, drill bridge teams on GPS/GNSS-denied navigation as routine, not exception, and brief crews that a benign test and a hostile jamming event can look identical from the bridge.

CYTUR raises KRW 5,2 billion as the maritime-cyber compliance market matures

Seoul, South Korea.

CYTUR, a South Korean maritime-cybersecurity firm, has raised KRW 5,2 billion in a Series A round led by Sunbo Angel Partners, with STIC Ventures and Jones&Rocket Investment participating. A Korean-language report on the same round, which refers to the company by the transliteration "Cyter," says the round follows a Pre-A investment in 2024. One outlet, Wowtale, converts the figure to roughly $3,7 million; another, Smart Maritime Network, puts the same round at $3,4 million. That is a rounding and exchange-rate difference between two reports on the same KRW 5,2 billion round, not a factual conflict.

CYTUR's product covers a vessel's full lifecycle: cyber risk analysis, threat modeling, asset identification, security validation, and regulatory compliance documentation from design and construction through operation. Through a partnership with Rakuten Maritime, it already holds cybersecurity contracts covering dozens of merchant vessels operated by global shipping lines, and it offers compliance services for the IACS UR E26 and E27 cybersecurity standards. Korea's Ministry of Science and ICT and the Korea Internet & Security Agency have named it a 2026 Excellent Information Protection Technology Product and selected it for a programme to nurture information-security "unicorns".

The new capital is earmarked for recruiting maritime and defense cybersecurity specialists, extending CYTUR's vessel threat-modeling and security-validation platforms, and pushing into naval vessel MRO and defense cybersecurity markets in the United States, Japan, and Singapore. CEO Yonghyun Cho said the company aims to become Asia's leading maritime cybersecurity firm, pursuing naval MRO, defense cybersecurity, and shipbuilding opportunities across the United States, Singapore, and Europe.

This is CYTUR's third appearance in these pages this year: Issue #14 flagged its 2026 incident report, and Issue #16 covered its full-lifecycle product launch. A funded, government-certified vendor building specifically toward IACS E26/E27 and naval MRO compliance is a clean read on where the money is going as those standards bind.

Why this matters for maritime: IACS E26/E27, NIS2, and USCG's cyber rule are not just compliance paperwork; they are creating an actual, fundable market for vessel-lifecycle cyber tooling. CYTUR's round, on the back of a Pre-A round and a growing customer list through Rakuten Maritime, is a small but concrete data point that the regulation-to-capital flywheel is turning.

What to do: if you are budgeting for IACS E26/E27 or NIS2 compliance, treat vendors like CYTUR as evidence that this category is maturing, not evidence that you should wait for it to mature further. Ask any vessel-cyber vendor you are evaluating how they handle the full design-to-operation lifecycle, not just one phase of it; that is now a recognized differentiator investors are funding.

In case you missed it

  • Hormuz "going dark" keeps climbing: per Kpler data cited by NDTV, 45 of the 73 India-bound tankers and cargo ships that crossed the Strait of Hormuz between 1 May and 25 June switched off their AIS transponders, over 60 percent of the traffic sampled. This continues the AIS pattern this newsletter has tracked since #15 and #16; it is a data update on an existing story, not a new one.

  • North Korea's GPS jamming has gone quiet, for now: South Korea's Central Radio Management Service told NK News it has detected no North Korean GPS jamming near Baengnyeong Island, close to the inter-Korean maritime border in the Yellow Sea, so far this year, "a stark departure from past behavior". A useful counterweight to this week's GNSS narrative: not every front is escalating.

Want more depth?

Maritime Cyber Intelligence Brief covers what the weekly cannot: full incident timelines, regulatory analysis, GNSS threat data, and OT advisory breakdowns. The latest issue is a free preview.

Coming up

  • Monaco Energy Boat Challenge — Yacht Club de Monaco — Monaco, 8–11 July 2026. Andrzej Gab speaks on the cyber panel "Cyberattacks in Yachting: Navigating in GNSS dark zones" on Thursday 9 July.

  • DEF CON Maritime Village — 6–9 August 2026.

Number of the week

  • KRW 5,2 billion — That is CYTUR's Series A round this week, roughly $3,7 million by one conversion and $3,4 million by another, led by Sunbo Angel Partners with STIC Ventures and Jones&Rocket Investment participating. It is not a large round by general tech standards, but it lands on a company with existing Rakuten Maritime contracts across dozens of vessels and a compliance product built for IACS E26/E27. That combination, capital plus a customer base plus a regulatory hook, is what a maturing maritime-cyber vendor market looks like.Resource of the week

Resource of the week

USCG Navigation Center — monthly GPS testing schedules (ongoing)

Buried in this week's California story is a practical tool: the U.S. Coast Guard Navigation Center publishes a monthly schedule of planned GPS tests, exactly like the PMSRCA 26-02 test that most likely produced the anomalies reported off Long Beach on 29 January. Cross-checking your transit plan against that schedule costs nothing and turns a potential "is this an attack?" moment into a known, briefable event.

Read of the week

"Click Here to Kill Everybody" by Bruce Schneier — a policy-level look at what happens when everything, from a ship's ballast pumps to a port's crane controllers, becomes a networked computer. It connects this week's throughline: institutions like MarCCE and vendors like CYTUR are racing to build governance and tooling around a hyper-connected fleet that was never designed with security as a requirement.

Keep reading