Ülkem Gürdeniz: 'One of the Most Critical Areas of GNSS Spoofing Geography in the Black Sea'

Ülkem Gürdeniz, General Manager of LocktonOmni, highlighted the cyber risks that directly affect Turkish and Black Sea shipping during an international session. Gürdeniz stated that GNSS spoofing incidents have increased by 468% globally over the last four years and that this increase directly overlaps with conflict zones.

In a presentation at the Marine Insurance Turkey symposium held today in Istanbul, Gürdeniz evaluated the cyber risks that have come to the forefront of marine insurance agendas with the rapid digitalization of ships and fleet management systems.

A New Era and Regulatory Responses

Gürdeniz emphasized that the maritime sector has entered a new era regarding cyber risks. The United States has not remained indifferent to these developments; it implemented a mandatory cyber incident reporting mechanism in 2024, followed by additional regulatory frameworks in 2025.

Three Critical Digital Nervous Systems of the Ship

Gürdeniz pointed out that the navigational safety of a modern ship essentially operates through three digital systems:

GNSS (Global Navigation Satellite System): A satellite-based global positioning system that provides the ship's location, speed, and time information. While there are various constellation systems worldwide, the most common is GPS. Russia's GLONASS and Europe's Galileo also operate within this framework.

ECDIS (Electronic Chart Display and Information System): Reflects GNSS data onto an electronic chart in real time; it serves functions such as route planning, real-time navigation monitoring, and interpreting GNSS position information on the map.

AIS (Automatic Identification System): Enables the sharing of location, speed, and navigation information between ships and ship-shore stations via VHF. It is mandatory for all international vessels over 300 GT.

GNSS Spoofing: False Position, Real Collision Risk

Gürdeniz summarized the practical consequences of GNSS spoofing as follows: A ship may appear in the wrong location on the map, AIS may broadcast a false position, and autopilot may follow an incorrect route, creating a collision risk. Gürdeniz noted that while GNSS spoofing is not necessarily the top type of cyber attack in the maritime sector, it occupies a central place on the agenda due to the severity of its operational consequences. Other cyber incidents, such as phishing, are also observed; however, these are generally limited to shore operations and do not directly affect the ship itself.

A 468% Increase and Overlap with Conflict Geography

The most striking data shared by Gürdeniz was that there was approximately a 468% increase in GNSS spoofing incidents globally during the period from 2020 to 2024. This increase has two critical consequences:

• The AIS information of ships can be altered for illegal cargo transportation and evasion of sanctions.

• False position information lays the groundwork for collision scenarios.

Gürdeniz emphasized that the map of GNSS disruptions almost perfectly overlaps with conflict geography: the Baltic Sea, the Black Sea, the Persian Gulf, the Red Sea, and the Eastern Mediterranean — all regions with the highest intensity of spoofing.

The Black Sea: A High-Risk Spoofing Corridor

In the part of the presentation directly concerning Turkish shipping, Gürdeniz stated that the Black Sea is one of the regions with the highest GNSS spoofing intensity in the world. Particularly, the area around Crimea is a region that continuously emits signals in terms of GPS spoofing. Gürdeniz assessed this point: 'It would not be accurate to describe GPS spoofing in our region solely as a cyber attack. It is also a side effect of military operations. The Black Sea is currently a war zone, and since the escalation of conflict since 2022, we, as maritime actors, must bear the consequences of this situation.'

The Cost of Non-Compliance: Arrest, Policy Invalidity, Lack of Coverage

Gürdeniz reminded that the non-compliance arising from cyber incidents can have severe consequences:

• Arrest of the ship or Port State Control procedures,

• Invalidity of policies and certificates,

• Falling outside the coverage in terms of P&I insurance.

Gürdeniz defined the nature of cyber threats as follows: 'The attacks are non-kinetic but extremely effective. They disrupt navigation, cause activities to stop, are low-cost, and create a very difficult gray area of law that all lawyers would confirm.'

Insurance Front: Changing Framework Since 2019

The most critical part of the presentation was dedicated to the insurance side. Traditional policies contain cyber exclusion clauses that exclude all damages arising from computer and electronic sources; they did not differentiate between malicious and accidental incidents. A turning point that shook this architecture occurred in 2019: The market found the existing clause language too absolute and accepted a new version that included the element of intent in the clause. In the new language, a distinction was made between intentional attacks and cyber incidents that do not contain intent, thus expanding coverage for the latter.

Gürdeniz advised the audience to check the clauses in practice and to compare versions CL 380 / LMA 5403 / 2019 / 2014.

A GPS Manipulation Incident in the Black Sea: How Will the Underwriter View It?

Gürdeniz opened the table through a concrete scenario: When a GPS manipulation incident occurs in the Black Sea, the underwriter will first begin a proximate cause analysis; they will investigate whether the incident contains intent.

• If there is an element of intent: There is a strong likelihood of coverage problems on both the H&M (Hull & Machinery) and P&I sides.

• If there is no intent but there is political motivation: War risk underwriters may come into play; however, this is still a very gray area.

Gürdeniz's observation is clear: 'Intent is the fundamental differentiator between the two clauses. If there is an element of intent, your chances of obtaining results from your existing H&M and P&I policies are low.'

NORMA Cyber: An Independent Monitoring Center

Gürdeniz recommended NORMA Cyber, based in Norway, to those who want to monitor global cyber incidents. NORMA shares data regarding incident escalations as the first and leading global center specifically for maritime cybersecurity.

A Product Filling the Gap: Standalone Cyber Insurance

In closing the presentation, Gürdeniz stated that standalone cyber insurance could be used to fill the gap left by traditional H&M and P&I policies; however, he noted that the questions underwriters would pose to shipowners when purchasing this product would measure digital maturity levels, incident response plans, and the continuity of cyber risk assessments.

Conclusion: Black Sea Shipping is Now a Cyber Front

Gürdeniz's presentation revealed a critical observation for Turkish and Black Sea shipping: Spoofing can no longer be addressed independently of the war risk discussion. The boundary between classic war risk policies and cyber coverages is increasingly blurring, making it mandatory for shipowners to conduct oversight on clause language.

Source: SeaNews Türkiye