MOL and Hitachi to Study Converting Old Ships to Floating Data Centers
Japan’s Mitsui O.S.K. Lines and Hitachi plan to explore the use of old ships as a means of meeting the strong demand and technical concerns of developing data centers. The companies have signed an agreement that will see them pursue a feasibility study of their concept of floating data centers, as well as verify the demand and technical specifications required for the concept.
The companies point to the strong demand for data centers, in part due to the rapid proliferation of generative AI. However, developing these centers comes with key technical challenges, ranging from their power requirements to the need for robust cooling systems due to the heat generation from high-performance AI servers. Companies have been exploring the use of small nuclear reactors for data center power, while water cooling is increasingly being viewed as an option to dissipate the heat. MOL and Hitachi also point out the space requirements for the centers and local limitations and opposition in some areas.
The repurposing of older ships, they believe, presents a strong option and creates a strong financial case with significant cost savings versus building a land-based center. MOL notes that a ship can be converted in one year, versus the three or more years it could take to build one of the centers. The company highlights that a typical car carrier has 54,000 square meters of space that rivals one of Japan’s largest onshore data centers in terms of floor area. The new rendering, however, shows a repurposed bulk carrier.
They believe ships would have lower construction costs and could also reuse existing onboard systems, meaning they would require a reduced initial investment requirement. As floating structures, they could utilize seawater or river water for cooling and could be relocated based on future demand.
MOL will leverage its expertise in vessel conversion and maintenance as well as its experience in coordinating with port authorities. It will be responsible for defining the marine aspects of such a conversion, while Hitachi will leverage its expertise with existing data centers. It will be responsible for the technical studies exploring elements such as installation, IT infrastructure requirements, security, and customer acquisition.
The goal is to possibly launch their first conversion to commence operations in 2027 or later. They said they will focus on Japan, where Hitachi has operational experience, as well as Malaysia and the United States for the initial projects.
It is not the first time MOL has reported that it would look at repurposing its older car carriers into floating data centers. In July 2025, MOL announced it was working with Kinetics, an initiative from Karpowership, to explore floating data centers. They said it would focus on a 9,700 gross ton car carrier and planned to develop the concepts by 2026 so that a conversion could begin. It was targeting its first operations in 2027.
Cyber Risk in Shipping: From Technical Threat to Business Reality
Cybersecurity in shipping is still too often framed as a technical issue, something for IT teams to manage in the background. From Marcura’s position across financial, operational and compliance workflows, it is increasingly clear that it has become something far more fundamental: a question of business resilience, financial integrity, and trust across an increasingly complex global ecosystem.
Few organizations sit closer to that reality. I see first-hand how cyber risk manifests in day-to-day shipping and where some of the industry’s assumptions still fall short.
The real weakness isn’t technical
For all the investment in firewalls, monitoring systems and infrastructure, many of the most significant vulnerabilities still sit within everyday workflows and human interaction.
Cyber incidents rarely begin with highly sophisticated technical breaches. More often, they exploit gaps in processes, communication, or decision-making under pressure. This is not about individuals being careless, but about how systems are designed, how information flows, and how people are supported to identify and respond to risk.
In maritime operations, this often takes the form of business email compromise. A bad actor may gain access to a trusted email account, such as that of a port agent, and insert fraudulent banking details into an otherwise legitimate disbursement request. The process appears routine, the parties are familiar, and the timing is often urgent, making the manipulation difficult to detect without the right controls in place. The financial consequences, however, can be immediate.
This is something we see play out repeatedly across global port operations. In fact, over recent years, Marcura has prevented more than 100 fraud attempts, protecting over US$10 million in customer funds by implementing controls around disbursement workflows and payment verification. These are not isolated incidents, but part of a consistent pattern across global port disbursement workflows.
The lesson is clear: cyber risk is no longer about whether systems are secure in isolation. It is about whether entire business processes, and the people operating them, can withstand manipulation.
An ecosystem problem, not a company problem
Shipping is uniquely exposed because it does not operate as a closed system. Every voyage depends on a network of agents, suppliers, port authorities, financial institutions and service providers; many of whom operate with vastly different levels of cyber maturity.
This creates concentrated points of failure, or clusters of risk at critical operational touchpoints.
Port agents, for example, are often small, local businesses with limited cybersecurity investment. Yet they sit directly within high-value financial workflows. A compromised agent email account can be enough to trigger fraudulent disbursement payments, with legitimate stakeholders unknowingly cut out of the loop.
The probability of breach in maritime is high because of the number of actors involved, and not all of them have invested in security. The industry’s fragmentation and global nature create a structural challenge: even if large organizations strengthen their internal controls, they remain exposed through trusted external relationships.
Cyber risk, in other words, is only as strong as the weakest link in the chain.
Following the money
Another shift shaping the threat landscape is the motivation behind attacks. While early cyber incidents were often driven by curiosity or reputation, today’s attacks are overwhelmingly commercial.
Most breaches today are financially motivated, and the question attackers are asking is simple: where is the money, and what is the easiest path to get to it?
Digitalization has made that path significantly easier. Where physical bank robberies once required coordination and risk, today’s attackers can operate remotely, targeting financial flows through phishing, credential theft and social engineering.
Crucially, these attacks do not require deep technical sophistication. The barrier to entry has lowered dramatically, and is falling further.
AI is accelerating both sides
Artificial intelligence is now reshaping cybersecurity at speed, and not just for defenders.
On one hand, AI is enabling advanced detection capabilities, allowing organizations to process vast volumes of data and identify anomalies that would be impossible for human analysts alone. On the other, it is making attacks more scalable and convincing.
The guidance we used to give, such as looking for bad grammar or spelling in phishing emails, is no longer relevant. AI has removed those signals overnight.
Attackers can now generate highly personalized, context-aware communications at scale. Combined with automation, this creates a 24/7 offensive capability, one that continuously probes for vulnerabilities.
The result is a widening gap: defenders are still reacting, while attackers are increasingly proactive.
Awareness doesn’t mean readiness
There is no doubt that awareness of cyber risk has improved across shipping. Regulatory pressure, customer scrutiny, and insurance requirements are all driving the issue higher up the agenda.
However, awareness does not necessarily translate into readiness.
One of the most persistent challenges remains training and behavior. While most organizations now run cybersecurity awareness programmes, measuring their effectiveness is far more difficult.
Marcura, for example, has implemented structured training over more than a decade, alongside phishing simulations and internal reporting processes. Yet even with high completion rates, the question remains: are people truly internalising the risks, or simply ticking a compliance box?
Cybersecurity is not the responsibility of one person or one team, but of the organization as a whole. Changing behavior at scale is one of the hardest problems.
For shipowners and operators, this means rethinking cyber risk not as a compliance function, but as a control layer embedded across financial and operational workflows.
From cost center to commercial enabler
One of the more significant shifts underway is how cybersecurity is being perceived at a leadership level. Historically viewed as a cost centre, it is increasingly becoming a commercial differentiator.
Large customers, including major shipping companies, financial institutions and energy firms, now expect robust cybersecurity credentials as a prerequisite for doing business. Certifications, audit reports and demonstrable controls are no longer optional; they are part of the commercial conversation.
In practice, this has translated into sustained investment, not just for compliance, but as a means of enabling trusted service delivery at scale. Cybersecurity is not simply about risk avoidance; it is about unlocking business opportunities.
Towards collective resilience
Despite these advances, one structural issue remains unresolved: the lack of effective information sharing across the industry.
Cyber threats are not competitive, yet responses often are. Organizations tend to manage incidents in isolation, limiting the sector’s ability to learn collectively.
There’s no central mechanism for sharing lessons in cybersecurity. We often hear about incidents too late, or without enough detail to make a meaningful difference.
For an industry as interconnected as shipping, this limits the sector’s ability to build collective resilience.
Improving resilience will require a shift from isolated defense to shared intelligence, where insights from one part of the ecosystem can strengthen the whole.
A business imperative
Cybersecurity in maritime is no longer a future concern. It is already shaping financial outcomes, operational continuity, and competitive positioning.
Organizations that recognize this, and treat cyber risk as a business issue rather than a technical one, will be better placed to navigate an increasingly complex threat landscape.
In a sector built on global interdependence, resilience is not just about protecting systems, it is about protecting trust across every transaction and interaction.
Taher Afridi is Deputy Chief Compliance Officer and Head of Information Security at Marcura, the sponsor of this message.
The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.
No comments:
Post a Comment