Sam Houston State University paper: Maritime cybersecurity

Scott Lynn and I have published our Sam Houston State University paper: “Maritime Cybersecurity: Patching the Holes in Control System Cybersecurity”. A link to the paper can be found at Sam Houston State’s Institute for Homeland Security research library site.

Current U.S. Coast Guard cybersecurity regulations are intended to provide a framework which, if followed, will reduce the vulnerability of the maritime industry to malicious cyberattacks and unintentional cyber incidents. However, those regulations do not provide the depth required to fully protect operational technology (OT) control systems. Likewise, current cybersecurity education omits much of the control system curriculum needed to prepare practitioners for existing real-world threats and demonstrated actual control system cyber incidents.

Get your subscription to Control's tri-weekly newsletter.

Consequently, this paper combines land-based control system cybersecurity lessons learned and maritime world realities, with a goal of offering policy recommendations based on current security state-of-the-art practices. Specifically, the paper summarizes lessons learned from land-based and maritime organizations about threats to control systems, identifies current control system vulnerabilities in the maritime industry, and makes specific recommendations which, if addressed via training, practice and regulation, can reduce maritime vulnerability to control system cyber incidents and cyber threats.

Because the control systems used in maritime are also used in other sectors, the results in this paper are applicable to other critical infrastructure sectors that utilize control systems. We trust that passing these lessons along will help America’s maritime industry better protect itself against threats as widespread as our world’s oceans.