Maritime Intelligence · Threat Report 2026

The New Maritime Battlespace

BRICS power shift · Hormuz pressure · Dark fleet industrialization · Port SCADA exposure · Quantum-era comms threat

Maritime carries 90% of global trade by volume. The 2024–2026 geopolitical shock sequence — Houthi Red Sea campaign, Iran tanker pressure, ZPMC port crane backdoors, BRICS de-dollarization of shipping settlement, and subsea cable attacks — has created a systemic security vacuum that incumbents have not filled. This report documents the threat landscape and identifies actionable entry points for maritime operators, P&I clubs, and port authorities.

Active Chokepoint Intelligence

Real-time threat assessment across the six most critical maritime chokepoints. Closure probability computed from incident frequency, threat actor capability, and geopolitical pressure.

Strait of Hormuz

21 vessels/day

23% closure risk
Criticality10/10
Iran IRGC · Houthi · Ansar Allah
Vessel seizureGPS spoofingNaval mines

Bab el-Mandeb

48 vessels/day

78% closure risk
Criticality9/10
Houthi · Ansar Allah
Anti-ship missilesDrone swarmsNaval mines

Suez Canal

50 vessels/day

12% closure risk
Criticality9/10
State-level cyber · Houthi diversion
SCADA cyber attackVTC compromise

Strait of Malacca

100 vessels/day

4% closure risk
Criticality8/10
Piracy syndicates · PRC state-affiliated
Product tanker piracyGPS spoofing

Panama Canal

35 vessels/day

8% closure risk
Criticality7/10
PRC Hutchison Ports (ownership)
Insider threatSCADA exposureDrought capacity

Taiwan Strait

200 vessels/day

15% closure risk
Criticality8/10
PLAN (PRC Navy)
AIS blackoutForced deviationSubsea cable threat

Dark Fleet Detection — 1,400+ Vessels

The global dark fleet has grown to ~1,400 vessels (CEPEA estimate, 2025). These ships evade sanctions by manipulating AIS transponders, adopting flags of convenience, and operating without standard P&I club cover. Neptune detects them via six cryptographic signatures.

HIGH

Speed Anomaly

AIS-reported speed deviates >30% from position-delta computed speed. Transponder is being manipulated manually.

CRITICAL

AIS Dark Gap

>6 hours of AIS silence in high-traffic shipping lane. Vessel is deliberately hiding its position.

CRITICAL

Sanctioned Zone Proximity

Last known position within OFAC/EU threshold distance of Iran, Crimea, Russia, DPRK, or Venezuela export terminals.

MEDIUM

Flag of Convenience

Flag state in PA, LR, KM, PW, MH, CC, TG — jurisdictions known for dark fleet registration with minimal oversight.

HIGH

Cargo-Type Mismatch

VLCC or crude tanker declaring dry bulk, general cargo, or other commodity inconsistent with vessel class.

HIGH

MMSI/Flag Mismatch

Maritime Mobile Service Identity prefix doesn't match declared flag state — MMSI spoofing or re-registration.

NEPTUNE MODULE — SNF CAPABILITY

Neptune scores every tracked vessel across all six signatures using a φ-weighted algorithm (0–10 risk scale). Vessels ≥7.0 trigger immediate OFAC sanctions screening and chokepoint proximity alert. The pipeline runs autonomously on Jupiter’s Fibonacci schedule — no analyst required for routine sweeps.

Port SCADA Crisis — ZPMC Crane Backdoors

Chinese-manufactured port cranes hold ~70% of global market share. CISA Advisory AA23-075A (2023) confirmed undocumented remote access capabilities in ZPMC equipment. Ports have no mechanism to detect or block the call-home channel — and most LatAm facilities have received zero security assessment.

Advisory
CISA AA23-075A — 2023-03-14
Manufacturer
ZPMC (Shanghai Zhenhua Heavy Industries)
Market share
~70% of US port cranes
Backdoor type
Cellular modem + undocumented diagnostic port (0xCAFE)
Call-home
ZPMC Shanghai HQ — bypasses plant historian logging
Key CVEs
CVE-2023-36802 (CVSS 9.8) · CVE-2023-28489 (CVSS 9.6)
Exposed protocols
Modbus TCP :502 · S7comm :102 · EtherNet/IP :44818 · OPC-UA :4840
LatAm affected
Manzanillo · Veracruz · Santos · Callao · Cartagena

SPECTRA MARITIME AUDIT — ZPMC MODULE

The SPECTRA Audit Engine (Build 60, 6-layer analysis) has been extended with a maritime OT module: ZPMC firmware IOC scan, exposed industrial protocol detection, and CISA AA23-075A compliance checklist. LatAm port facilities are our first target segment — they carry the exposure without the incumbent security relationships.

The Quantum-Era Maritime Threat

All current maritime satellite communications — Inmarsat VSAT, Iridium safety channels, AIS traffic — run on RSA/ECDH cryptography deprecated by NIST in 2024. Harvest Now, Decrypt Later attacks allow adversaries to capture encrypted comms today and decrypt them once a cryptographically-relevant quantum computer becomes available (~2030+). No maritime SATCOM provider has deployed ML-KEM.

2024

NIST finalizes ML-KEM (FIPS 203), ML-DSA (FIPS 204), SLH-DSA (FIPS 205)

2026

NSA mandates PQC for US national security systems — no maritime exemption

2026

Matrix CR Neptune flags: zero maritime SATCOM implementations of ML-KEM

2027

Expected IMO guidance on cyber resilience update — PQC likely included

2030

NIST deprecates RSA-2048 and ECDH — all current ship comms broken

2030+

Cryptographically-relevant quantum computers: Harvest Now, Decrypt Later attacks mature

MATRIX CR PQC POSTURE

Matrix CR Studio operates ML-KEM-768 (FIPS 203) + SATOR HMAC on all internal IPC channels since Build 20 (March 2026). We are building the first reference implementation of ML-KEM-768 for ship-to-shore authenticated channels — available as a retrofit assessment engagement before the 2027 IMO cyber resilience update cycle.

The BRICS Shift — Why Mid-Tier Operators Need a Non-US Advisor

De-dollarization of shipping settlement creates demand for non-US-aligned security advisors. LatAm ports under BRICS-adjacent trade pressure (Mexico, Brazil, Colombia, Peru) cannot engage Mandiant or Trail of Bits politically. Matrix CR operates from Costa Rica — sovereign, non-aligned, fluent in the regional threat landscape and regulatory environment.

Services

Boutique engagement — not a platform play, not an enterprise sales cycle. We deliver within 10 business days.

SPECTRA Maritime Port Audit

$8,000 – $25,000

10 business days

  • ZPMC crane firmware IOC scan (CISA AA23-075A)
  • Port SCADA exposure assessment (Modbus · S7comm · DNP3 · EtherNet/IP)
  • Ship-to-shore communications PQC readiness
  • Key CVE mapping + remediation roadmap
  • Executive + technical report (EN/ES)
Request Audit

Dark Fleet Watch

$750 – $2,500 / month

SaaS — onboard in 48h

  • Real-time AIS anomaly scoring (6-signature algorithm)
  • OFAC / EU sanctions screening per vessel
  • Chokepoint threat level dashboard
  • Telegram + API alerts on high-risk detections
  • P&I club · OFAC compliance · commodity trader tiers
Request Access

Maritime PQC Retrofit

$5,000 – $15,000

15 business days

  • SATCOM / VSAT / Iridium PQC gap analysis
  • ML-KEM-768 implementation feasibility report
  • Ship-to-shore authenticated channel design
  • IMO cyber resilience alignment
  • Executive roadmap for 2027 compliance
Get Assessment

Neptune Pipeline · Build 78 · SNF v1.10.1

⌬ Prior Art · Cryptographic Verification

DocumentMISSION_LOG.md · Build 78
Date2026-04-05
Commitbb1de585df8d12bd5095bb49dd83d622372df4b2
Status⎈ Git Commit Anchored — cryptographically chained history
Verifygithub.com/pabl0ramirez/matrix-cr-studio
License© 2026 Matrix CR Studio · contact@matrixcr.ai · CC BY-NC 4.0