Black Sea Oil Hubs in Crosshairs: What Port Security Teams Should Learn

Black Sea oil hubs are under sustained attack, and the lessons from their experience are directly applicable to energy terminals worldwide. The Ukrainian strikes on Novorossiysk, combined with ongoing drone and missile attacks on Russian fuel storage and port facilities at Tuapse, Kavkaz, and Taman, have created a real-world laboratory for understanding how modern weapon systems can threaten port infrastructure — and what security teams can do to mitigate that threat.

For port security professionals, the Black Sea is no longer a distant conflict zone. It is a case study in the vulnerabilities that exist at every energy terminal and the defensive measures that can make the difference between operational continuity and catastrophic disruption.

What Have the Attacks Revealed?

The pattern of attacks on Black Sea oil terminals since 2022 provides several clear insights that BIMCO, the IMO, and independent security analysts have documented.

Waterside threats are the primary attack vector. The majority of successful strikes on Black Sea port infrastructure have originated from the sea, using naval drones that approach at or near the waterline. These drones are difficult to detect with conventional radar systems, which are optimized for airborne threats, and can carry sufficient explosive payload to breach fuel storage tanks, damage berthing infrastructure, and disable loading equipment.

Aerial drones complement naval attacks. Ukrainian forces have employed coordinated attacks using both naval and aerial drones, forcing defenders to divide attention between surface and airborne threats simultaneously. This multi-vector approach overwhelms single-layer defense systems and highlights the need for integrated air and surface surveillance.

Crude oil storage is the high-value target. Tank farms containing millions of barrels of crude oil are large, static, and flammable — making them the most vulnerable and highest-consequence targets at energy terminals. The fires at Novorossiysk's Sheskharis terminal demonstrated that even modern fire suppression systems can be overwhelmed by simultaneous strikes on multiple tanks.

Port operations halt even when damage is limited. Several attacks that caused relatively minor physical damage nonetheless shut down port operations for days or weeks due to safety inspections, environmental containment measures, and crew reluctance to work at facilities under threat. The operational disruption often exceeds the physical damage.

What Should Port Security Teams Learn?

Invest in waterside detection. Radar systems capable of detecting small, low-profile surface objects at range are essential for energy terminals. Thermal imaging cameras that can identify the heat signature of a drone motor against the cool water surface provide a complementary detection layer. Sonar systems for subsurface threat detection should also be evaluated for high-value terminals.

Develop layered defense architectures. No single technology will defeat a coordinated multi-vector attack. Effective port defense requires layers: early detection at range, tracking and classification at medium range, and interdiction capability at close range. Each layer should be capable of addressing both surface and airborne threats.

Plan for simultaneous incidents. Security plans that assume a single threat at a time are inadequate against coordinated attacks. Tabletop exercises and operational drills should include scenarios with multiple simultaneous threats approaching from different directions. Command and control systems must be capable of managing multi-incident response.

Harden critical infrastructure. Blast walls around tank farms, fire-resistant barriers between storage tanks, and redundant loading systems that allow operations to continue if one jetty is damaged all reduce the consequences of a successful attack. These physical hardening measures complement but do not replace detection and defense capabilities.

Coordinate with military and intelligence services. Energy terminals in regions with elevated threat levels should establish formal coordination mechanisms with national defense and intelligence agencies. Early warning of potential attacks, shared surveillance data, and pre-arranged military response protocols can significantly improve defensive outcomes.

How Does This Apply Outside the Black Sea?

The attack methodologies demonstrated in the Black Sea are not unique to that conflict. Naval drones, aerial drones, and cruise missiles are proliferating to state and non-state actors worldwide. The Houthi campaign against Red Sea shipping demonstrates that non-state actors can effectively threaten maritime infrastructure with relatively low-cost weapons.

Energy terminals in the Persian Gulf, Southeast Asia, West Africa, and other regions with elevated security concerns should study the Black Sea attacks as a preview of potential threats to their own facilities. The ISPS Code requires that facility security assessments account for the full range of plausible threats, and the Black Sea experience has expanded the definition of what is plausible.

Conclusion

The Black Sea oil hubs under attack today are providing the global port security community with hard-won lessons about modern threats to energy infrastructure. Every lesson — from waterside detection to layered defense to infrastructure hardening — is transferable to energy terminals worldwide. The security teams that study these attacks and adapt their defenses accordingly will be better prepared for a threat environment that is becoming more complex and more dangerous with each passing month.