Full analysis, recommended actions, tabletop scenarios, and cited sources in the complete issue.
GNSS · HIGH
Strait of Hormuz: more than 60% of India-bound ships switch themselves off
Between 1 May and 25 June, 45 of 73 India-bound tankers and cargo ships crossing the Strait of Hormuz turned off their AIS transponders — “going dark” to lower their targeting risk amid US–Iran tensions (Kpler data, via Marine Insight). It happened on top of record-concentrated GPS jamming: Windward logged nearly 978 000 jamming events worldwide in Q1 2026, 98% of them in the Middle East Gulf.
Why it matters: this is vessel-initiated — a rational choice by masters that nonetheless blinds everyone else. In the Gulf the traffic picture now degrades from both ends at once: jamming corrupts it from outside, and ships withdraw their own reporting from inside. The absence of a track is no longer the absence of a ship.
INCIDENT · HIGH
A ransomware gang claims Germany’s principal naval shipbuilder
On 28 June the TheGentlemen group — ranked by Check Point Research as the second-most-active ransomware operation of 2026 — listed Thyssenkrupp Marine Systems (TKMS) and its marine-electronics arm Atlas Elektronik on its leak site. TKMS builds Germany’s submarines and surface combatants. As of writing, neither company has confirmed or denied, the tracker flags the entry as a possible duplicate, and no verified data sample has appeared. For now it is a claim, not a confirmed breach.
Why it matters: a claim against a NATO-tier naval builder is a different category of risk from a claim against a commercial operator — the sensitivity is sovereign, and a credible, highly active group making the claim is enough to warrant defensive assumptions across the programme’s supply chain, verified or not.