CISA published two ICS advisories on 31 March 2026. Both carry a CVSS score of 9.8. Both share the same root cause: missing authentication on network-accessible management interfaces.

CVE-2026-3356 — Anritsu Remote Spectrum Monitor (ICSA-26-090-01). The affected models — MS27100A, MS27101A, MS27102A, MS27103A — are RF spectrum monitors deployed around ports and critical infrastructure for monitoring VHF/UHF communications and detecting GNSS interference. An attacker with network access can alter device configuration, obtain signal data, or disrupt monitoring — no credentials required (CWE-306). The advisory is confirmed by WaterISAC's digest of 2 April 2026.

The critical detail: Anritsu has stated there are no plans to fix this vulnerability. Mitigation is network isolation only. If your organisation uses shore-side spectrum monitoring around port approaches — for GNSS interference detection or VHF oversight — verify now whether Anritsu monitors are network-exposed.

CVE-2026-1579 — PX4 Autopilot MAVLink (ICSA-26-090-02). PX4 is the open-source flight control stack used in a range of drones and uncrewed surface vessels (USVs), including port security UAVs, cargo yard inspection platforms, and offshore asset monitoring vessels. MAVLink, the protocol PX4 uses for ground control communication, lacks cryptographic authentication by default. An attacker can send SERIAL_CONTROL messages over an unsecured MAVLink link, gaining shell-level access — effectively full platform takeover. Mitigation: enable MAVLink 2.0 message signing on all non-USB links immediately.

Why this matters: Two flaws, same week, same root cause. The question to ask your OT vendors is not "is this device secure?" It is "does this device require authentication before accepting commands?" For any device where the answer is no — and many are — the only available mitigation is network isolation.

One thing to do: Audit which network-connected OT devices in your port or vessel environment require no authentication to configure or command. Start with monitoring hardware and autonomous platforms. If you can't answer the question, that gap is itself a finding.

🎯 Tabletop: Test your port's response to a compromised shore-side OT sensor — tabletop.maritime-ogmios.tech/scenariusze/mini/

On 2 April 2026, VIAVI Solutions and Ground Control announced a partnership to integrate VIAVI's Secure µPNT STL-1000 into Ground Control's RockFLEET tracking and navigation solution. The result: assured maritime vessel tracking and navigation in environments where GNSS signals are degraded, jammed, or absent.

The Secure µPNT STL-1000 uses Satellite Time and Location (STL) signals — broadcast from low-Earth orbit on a different frequency band to GPS — to provide timing and positioning that does not depend on the GNSS constellations that have been the target of interference campaigns across the Baltic, the Gulf of Oman, and the Eastern Mediterranean.

It has been documented GNSS interference affecting more than +1100 vessels in a single day. For months, coverage of this issue has been dominated by incident reporting and regulatory pressure. This announcement is different: it is a concrete product response to a documented operational problem.

Why this matters: Resilient PNT is becoming a product category, not a research concept. The VIAVI + Ground Control integration is one data point in a broader market movement — alongside SEA.AI's vision-based approach (Issue #3) and growing IMO regulatory interest in backup and independent PNT. Operators who are evaluating navigation technology should be asking vendors directly: what happens to this system when GPS is unavailable?

One thing to do: When reviewing vessel tracking or navigation technology this year, add GNSS-independence to your evaluation criteria. Ask vendors specifically about STL, eLoran, or sensor-fusion fallback. The answer indicates whether the product was designed for real maritime operating conditions.

Cydome — the research team that uncovered the NAVTOR NavBox vulnerabilities we covered in Issue #3 — has published a 2026 trends report quantifying what many in the sector have observed qualitatively: maritime OT cyberattacks are accelerating.

The headline figures: a 150% increase in OT-focused cyber incidents in the maritime sector in 2025, with 87% of maritime OT incidents driven by ransomware. The Port of Vigo incident we covered in Issue #4 is one illustration; the Cydome data puts individual incidents in statistical context.

A February 2026 Red Sky Alliance report adds another dimension: ongoing vessel impersonation phishing campaigns using ship and port names to deliver malware — the social engineering layer feeding the OT compromise pipeline. Attackers are not only technically capable; they are using maritime-specific lures to get through the perimeter.

The pattern that emerges: ransomware groups have identified maritime OT as a target-rich environment, often less hardened than equivalent onshore industrial control systems, with high operational pressure to restore systems quickly — conditions that increase the likelihood of ransom payment.

Why this matters: The 150% figure should reframe how maritime organisations categorise cyber risk. This is not a background threat to monitor — it is an active and growing attack surface. OT environments that have not been reviewed since the pre-2023 baseline are operating in a materially different threat landscape.

One thing to do: If your organisation's last OT risk assessment is more than 18 months old, schedule a review. Pay particular attention to network segmentation between IT and OT layers, backup restoration procedures, and whether your OT vendor contracts include incident response obligations.

🗓️ Upcoming this month

Full calendar with 88 maritime cybersecurity events in 2026: mc3.maritime-ogmios.tech