"Maritime Cybersecurity" Updates

Maritime Cybersecurity
A Guide for Leaders and Managers

by Gary C. Kessler & Steven D. Shepard

This Web page is devoted to providing updated or additional information with which to supplement Maritime Cybersecurity: A Guide for Leaders and Managers.

Papers, Articles, and Other Resources Related to the Book

Ancillary Material

How to Purchase the Book

Page last updated: 06 June 2021

Papers, Articles, and Other Resources Related to the Book

Chapter 2. Cybersecurity Basics

Cimpanu, C. (2020, August 2). Google: Eleven Zero-Days Detected in the Wild in the First Half of 2020. ZDNet. https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/

Epsco-Ra Introduces New Cybersecurity Assessment Method. (2021, April 22). Digital Ship. https://thedigitalship.com/news/maritime-satellite-communications/item/7261-epsco-ra-introduces-new-cybersecurity-assessment-method

Mactavish, A. (2020, August 7). Cyber-Crime — A Continuing Concern. Seatrade Maritime News. https://www.seatrade-maritime.com/opinions-analysis/cyber-crime-continuing-concern

Mc Mahon, C. (2020, July 10). In Defence of the Human Factor. Frontiers of Psychology. https://doi.org/10.3389/fpsyg.2020.01390

Multi-State Information Sharing and Analysis Center (MS-ISAC). (2020, September). Ransomware Guide. Cybersecurity & Infrastructure Security Agency (CISA). https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf

Norton, Q. (2014, May 20). Everything is Broken. The Message. https://medium.com/message/everything-is-broken-81e5f33a24e1#.sc7pf19g3

Palmer, D. (2021, April 23). Ransomware's Perfect Target: Why One Industry Needs to Improve Cybersecurity, Before It's Too Late. ZDNet. https://www.zdnet.com/article/ransomwares-perfect-target-why-one-industry-needs-to-improve-cybersecurity-before-its-too-late/

Tischer, M., Durumeric, Z., Bursztein, E., & Bailey, M. (2017, March/April). The Danger of USB Drives. IEEE Security & Privacy, 15(2), 62-69.
Chapter 3. Case Studies: Cyber Attacks on the Maritime Sector

Cimpanu, C. (2018, December 12). Ships Infected with Ransomware, USB Malware, Worms. ZDNet. https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/

Shen, C., & Baker, J. (2020, September 28). CMA CGM Confirms Ransomware Attack. Lloyd's List Maritime Intelligence.

Sonnemaker, T. (2020, August 3). Garmin Reportedly Paid Hackers a Multimillion Dollar Ransom to Recover Files After a Cyberattack That Left Their Services Offline for Several Days Last Month. Business Insider. https://www.businessinsider.com/garmin-paid-multimillion-dollar-ransom-to-hackers-report-2020-8

Truong, K. (2020, July 28). The Garmin Ransomware Hack is Horrifying. Vice. https://www.vice.com/en_us/article/5dzkd5/the-garmin-ransomware-hack-is-horrifying

United States Coast Guard (USCG). (2020, September 30). Malicious Email Spoofing Incidents. Marine Safety Information Bulletin (MSIB 19-20). https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2020/USCG-MSIB-19-20-CYBER-SPOOFING.pdf

Chapter 4. Ports and Cybersecurity

DOT Launches New Marine Highway Module of Port Planning and Investment Toolkit. (2020, October 15). Homeland Security Today. https://www.hstoday.us/subject-matter-areas/transportation/dot-launches-new-marine-highway-module-of-port-planning-and-investment-toolkit/

Drougkas, A., Sarri, A., Kyranoudi, P. (2020, December). CYBER RISK MANAGEMENT FOR PORTS: Guidelines for Cybersecurity in the Maritime Sector. ENISA. https://www.enisa.europa.eu/publications/guidelines-cyber-risk-management-for-ports/at_download/fullReport

Fredrickson, K. (2021, May 9). Marine Transportation System (MTS) Cyber Spotlight: Approaching deadlines for incorporating cyber into Facility Security Assessments (FSA) and Facility Security Plans (FSP). Coast Guard Maritime Commons. https://mariners.coastguard.blog/2021/05/09/marine-transportation-system-mts-cyber-spotlight/

Iran: One of 2 Cyberattack Targets was Country's Ports. (2020, October 16). Asharq Al-Awsat. https://english.aawsat.com/home/article/2567991/iran-one-2-cyberattack-targets-was-countrys-ports

Port of Los Angeles Inks $6.8 Mln Cybersecurity Deal with IBM. (2020, December 7). Maritime Logistics Professional. https://www.maritimeprofessional.com/news/port-angeles-inks-cybersecurity-deal-363659
Wingrove, M. (2020, November 23). Cyber Attack Shuts Down US Port Servers. https://www.rivieramm.com/news-content-hub/news-content-hub/cyber-attack-shuts-down-us-port-servers-61955

Chapter 5. Shipboard Communication Systems

Degnarain, N. (2020, November 6). Captain's Noon Reports Crucial Missing Evidence For Mauritius Oil Spill Ship. Forbes. https://www.forbes.com/sites/nishandegnarain/2020/11/06/captains-noon-reports-crucial-missing-evidence-for-mauritius-oil-spill-ship/?sh=16f204841a67

Goodin, D. (2020, August 5). Insecure Satellite Internet is Threatening Ship and Plane Safety. Ars Technica. https://arstechnica.com/information-technology/2020/08/insecure-satellite-internet-is-threatening-ship-and-plane-safety/

Pavur, J., Mosery, D., Strohmeiery, M., Lendersy, V., & Martinovic, I. (2020, May). A Tale of Sea and Sky On the Security of Maritime VSAT Communications. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), 18-21 May 2020, San Francisco. 10.1109/SP40000.2020.00056

Tran, K., Keene, S., Fretheim, E., & Tsikerdekis, M. (2021, April 21). Marine Network Protocols and Security Risks. Journal of Cybersecurity and Privacy, 2021(1), 239–251. https://doi.org/10.3390/jcp1020013

Chapter 6. Navigation Systems

Androjna, A., Perkovič, M., Pavic, I., & Mišković. (2021, May). AIS Data Vulnerability Indicated by a Spoofing Case-Study. Applied Sciences, 11(11), 5015. http://dx.doi.org/10.3390/app11115015

Awan, M.S.K., & Al Ghamdi, M.A. (2019, October 2). Understanding the Vulnerabilities in Digital Components of An Integrated Bridge System (IBS). Journal of Marine Science and Engineering, 7(10), 350. https://doi.org/10.3390/jmse7100350

Goodman, J. (2021, May 28). Tanker's Impossible Voyage Signals New Sanction Evasion Ploy. yahoo!news. https://news.yahoo.com/tanker-impossible-voyage-signals-sanction-040109857.html
Goward, D.A. (2021, April 14). Assured PNT Summit – Opening Remarks. RNT Foundation. https://rntfnd.org/2021/04/16/assured-pnt-summit-opening-remarks/

Hansen, A., Mackey, S., Wassaf, H., Shah, V., Wallischeck, E., Scarpone, C., Barzach, M., & Baskerville, E. (2021, January). Complementary PNT and GPS Backup Technologies Demonstration Report. Cambridge (MA): U.S. Department of Transportation, John A Volpe National Transportation Systems Center, Report DOT-VNTSC-20-07. https://www.transportation.gov/sites/dot.gov/files/2021-01/FY%2718%20NDAA%20Section%201606%20DOT%20Report%20to%20Congress_Combinedv2_January%202021.pdf

How SailPlan's Cloud-based Platform is Optimising Navigational Decision-making. (2021, March 5). Vessel Performance Optimisation. https://vpoglobal.com/2021/03/05/how-sailplans-cloud-based-platform-is-optimising-navigational-decision-making/

Iannucci, P.A., & Humphreys, T.E. (2020, September 25). Fused Low-Earth-Orbit GNSS. The University of Texas at Austin Radionavigation Laboratory. https://arxiv.org/pdf/2009.12334.pdf

Lambert, N., & Goward, D.A. (2020, November). Solution to GPS Hacking. Sea Technology, 8-10. https://lsc-pagepro.mydigitalpublication.com/publication/?m=60787&i=680110&p=8

Russian Electronic Warfare System Is Capable Of Neutralizing GPS, Galileo and BeiDou Systems. (2021, February 1). Sputnik International News. https://rntfnd.org/2021/02/04/russian-electronic-warfare-system-is-capable-of-neutralizing-gps-galileo-and-beidou-systems-sputnik-international/

Svilicic, B., Rudan, I., Frančić, V., & Doričić, M. (2019). Shipboard ECDIS Cyber Security: Third-Party Component Threats. Scientific Journal of Maritime Research, 33(2), 176-180. https://doi.org/10.31217/p.33.2.7

Tippenhauer, N.O., Pöpper, C., Rasmussen, K.B., & Čapkun, S. (2011, October). On the Requirements for Successful GPS Spoofing Attacks. In CCS '11: Proceedings of the 18th ACM conference on Computer and Communications Security, pp. 75–86. https://dl.acm.org/doi/pdf/10.1145/2046707.2046719

Tucker, P. (2020, July 31). The Air Force's Latest GPS Alternative: Earth's Magnetic Fields. Defense One. https://www.defenseone.com/technology/2020/07/air-forces-latest-gps-alternative-earths-magnetic-fields/167387/

Under Attack – Receiver Response to Spoofing: Robustness vs. Resilience. (2020, September 30). Inside GNSS. https://insidegnss.com/under-attack-receiver-response-to-spoofing-robustness-vs-resilience/

U.S. Coast Guard (USCG). (2021, April 22). Worldwide Navigational Warnings Service. Marine Safety Information Bulletin (MSIB 05-21). https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2021/MSIB_21-05_WorldwideNavigationalWarningsService.pdf

U.S. Department of Transportation. (2020, December 9). Virtual Workshop on GPS Jamming and Spoofing in the Maritime Environment. https://www.transportation.gov/pnt/agenda-virtual-workshop-gps-jamming-and-spoofing-maritime-environment

U.S. Government Accountability Office (GAO). (2021, May). TECHNOLOGY ASSESSMENT: Defense Navigation Capabilities — DOD is Developing Positioning, Navigation, and Timing Technologies to Complement GPS (GAO-21-320SP). https://www.gao.gov/assets/gao-21-320sp.pdf

Using AI to Enhance Navigational Safety. (2021, May 21). Vessel Performance Optimisation. https://vpoglobal.com/2021/05/21/using-ai-to-enhance-navigational-safety/

Chapter 7. Industrial Control and Autonomous Systems

Advancement for Autonomous Operations on Deep-Sea Ships. (2020, October 2). The Maritime Executive. https://www.maritime-executive.com/article/advancement-for-autonomous-operations-on-deep-sea-ships

Cusimano, J., Ayala, M., & Villano, G. (2020, November 10). Navigating Cybersecurity Challenges in Maritime Operational Technology. The Maritime Executive. https://maritime-executive.com/editorials/navigating-cybersecurity-challenges-in-maritime-operational-technology

Dow, M. (2020, August 31). Rise of Ransomware: Why OT is a Prime Target for Cybercriminals. Security. https://www.securitymagazine.com/articles/93197-rise-of-ransomware-why-ot-is-a-prime-target-for-cybercriminals

Fleming, C., Elks, C., Bakirtzis, G., Adams, S.C., Carter, B., Beling, P.A., & Horowitz, B. (2020, November 29). Cyber-Physical Security Through Resiliency: A Systems-centric Approach. eprint arXiv:2011.14469. https://arxiv.org/abs/2011.14469v1

Horowitz, B.M. (2020, January-February). Cyberattack-Resilient Cyberphysical Systems. IEEE Security & Privacy, 18(1), 55-60. DOI: 10.1109/MSEC.2019.2947123.

Humayed, A., Lin, J., Li, F., & Luo, B. (2017, December). Cyber-Physical Systems Security — A Survey. IEEE Internet of Things Journal, 4(6), 1802-1831. DOI: 10.1109/JIOT.2017.2703172.

Industrial Safety and Security (ISS) Source. (2021, March 1). Tool to Protect Against GPS Spoofing. ISSSource.com. https://isssource.com/tool-to-protect-against-gps-spoofing/

Kehoe, A., & Cecotti, M. (2021, March 23). Multiple Destroyers Were Swarmed By Mysterious 'Drones' Off California Over Numerous Nights. The Ware Zone. https://www.thedrive.com/the-war-zone/39913/multiple-destroyers-were-swarmed-by-mysterious-drones-off-california-over-numerous-nights

MASSPorts initiative launched to develop autonomous shipping. (2020, August 6). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/6737-massports-initiative-launched-to-develop-autonomous-shipping

MOL begins study on collision avoidance of autonomous ships. (2020, October 21). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/6876-mol-begins-study-on-collision-avoidance-of-autonomous-ships

Russia Moving Forward with Autonomous Navigation on Commercial Vessels. (2020, December 11). The Maritime Executive. https://www.maritime-executive.com/article/russia-moving-forward-with-autonomous-navigation-on-commercial-vessels

Singapore Launches First Drone Technology Test Bed. (2021, April 22). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/7259-singapore-launches-first-drone-technology-test-bed

The Collision Regulations and Autonomous Shipping. (2020, July). Shipping Law Insights blog, Norton Rose Fulbright. https://www.nortonrosefulbright.com/en/knowledge/publications/5fedab67/the-collision-regulations-and-autonomous-shipping

tpgroup’s Autonomous Navigation System Completes Sea Trials. (2020, December 22). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/7018-tpgroup-s-autonomous-navigation-system-completes-sea-trials

Chapter 8. Strategies for Maritime Cyberdefense

Arampatzis, A. (2020, August 2). The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity. Tripwire. https://www.tripwire.com/state-of-security/security-data-protection/biggest-challenges-best-practices-mitigate-risks-maritime-cybersecurity/

BIMCO et al. (2020, December 21). The Guidelines on Cyber Security Onboard Ships, version 4. https://www.bimco.org/-/media/bimco/news-and-trends/news/priority-news/2020/2021-12-23-guidelines-on-cyber-security-onboard-ships.ashx

Green, E.H., Carr, E.W., Winebrake, J.J., & Corbett, J.J. (2020, June). Blockchain Technology and Maritime Shipping: A Primer. U.S. Maritime Administration. https://www.maritime.dot.gov/sites/marad.dot.gov/files/2020-07/MARAD%20Blockchain%20Final%20Primer%20%2820200622%29.pdf

Jacq, O., Boudvin, X., Brosset, D., Kermarrec, Y., & Simonin, J. (2018, October). Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre. In Proceedings of the 2018 2nd Cyber Security in Networking Conference (CSNet), October 24-26, 2018, Paris, France. DOI: 10.1109/CSNET.2018.8602669

Kollars, N., Tangredi, S.J., & Demchak, C.C. (2021, February 4). The Cyber Maritime Environment: A Shared Critical Infrastructure and Trump's Maritime Cyber Security Plan. War on the Rocks. https://warontherocks.com/2021/02/the-cyber-maritime-environment-a-shared-critical-infrastructure-and-trumps-maritime-cyber-security-plan/

McNally, M. (2021, January 7). IMO2021, Not Just an IT Concern. MarineLink. https://www.marinelink.com/news/imo-not-concern-484360

New ASTM International Standard Aims to Reduce Maritime Cyber Risk. (2020, July 30). The Maritime Executive. https://www.maritime-executive.com/corporate/new-astm-international-standard-aims-to-reduce-maritime-cyber-risk

Petta, M.C. (2021, January 10). The IMO 2021 Cyber Guidelines and the Need to Secure Seaports. Maritime Executive. https://maritime-executive.com/editorials/the-imo-2021-cyber-guidelines-and-the-need-to-secure-seaports

Reva, D. (2020, October). Maritime Cyber Security: Getting Africa Ready. Institute for Security Studies, Africa Report 29. https://issafrica.s3.amazonaws.com/site/uploads/ar-29.pdf

Steady as She Goes: Three Expectations for the U.S Coast Guard Under the Biden Administration. (2021, January 8). gCaptain. https://gcaptain.com/expectations-for-us-coast-guard-under-biden-administration/

The Clock is Ticking for Compliance With IMO's 2021 Cyber Security Regulations. (2020, 12 November). Lloyd's Register. https://www.lr.org/en/insights/articles/imo-cyber-secuity-regulation-compliance/

The Navy Aims to Install Cyber Baselines Aboard 180 Ships. (2020, July). DefenseNews. https://www.defensenews.com/battlefield-tech/it-networks/2020/06/30/the-navy-aims-to-install-cyber-baselines-aboard-180-ships/

U.S. Coast Guard. (2020, October 27). Vessel Cyber Risk Management Work Instruction (CVC-WI-027(1)). Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI). https://dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/CG-CVC/CVC_MMS/CVC-WI-027(series).pdf

Weiss, J.G., Helleputte, C.-A., & De Cicco, D. (2020, October 22). US DOE and NIST Partner to Improve Cybersecurity in Energy, Maritime Transportation Industries. Steptoe. https://www.steptoe.com/en/news-publications/us-doe-and-nist-partner-to-improve-cybersecurity-in-energy-maritime-transportation-industries.html

White House (2020, December). National Maritime Cybersecurity Plan to the National Strategy for Maritime Security. https://www.whitehouse.gov/wp-content/uploads/2021/01/12.2.2020-National-Maritime-Cybersecurity-Plan.pdf

Wingrove, M. (2020, November 5). Norway Opens Cyber Resilience Centre. Riviera. https://www.rivieramm.com/news-content-hub/news-content-hub/norway-opens-cyber-resilience-centre-61586

Chapter 9. Concluding Thoughts

Bailey, D. (2017, July 13). Why You Need to Follow the Steve Jobs Method and 'Work Backwards.' Inc. https://www.inc.com/dave-bailey/why-you-need-to-follow-the-steve-jobs-method-and-w.html

Bolbota, V., Theotokatosa, G., Boulougourisa, E., & Vassalosa, D. (2020, November). A Novel Cyber-Risk Assessment Method for Ship Systems. Safety Science, 131. DOI: 10.1016/j.ssci.2020.104908. https://www.sciencedirect.com/science/article/pii/S0925753520303052/pdfft

Davidson, D. (2018, March 13). Don't Try to be 'Disruptive.' To Really Have an Impact, You Need to Reverse Engineer the Future. Entrepreneur. https://www.entrepreneur.com/article/309552

Kessler, G.C., and Zorri, D.M. (2021). Cross Domain IW Threats to SOF Maritime Missions: Implications for U.S. SOF. Joint Special Operations University (JSOU) Report 21-4. MacDill Air Force Base (FL): The JSOU Press. https://jsou.libguides.com/ld.php?content_id=61653860

Schauer, S., Stamer, M., Bosse, C., Pavlidis, M., Mouratidis, H., König, S., & Papastergiou, S. (2017). An Adaptive Supply Chain Cyber Risk Management Methodology. In: Kersten, Wolfgang Blecker, Thorsten Ringle, Christian M. (Ed.), Digitalization in Supply Chain Management and Logistics: Smart and Digital Solutions for an Industry 4.0 Environment, Proceedings of the Hamburg International Conference of Logistics (HICL), Vol. 23, ISBN 978-3-7450-4328-0, epubli GmbH, Berlin, pp. 405-425. http://dx.doi.org/10.15480/882.1491

Percival, T. (2021, January 18). Proactive vs. Reactive Cyber Security Strategies in Maritime. Hellenic Shipping News. https://www.hellenicshippingnews.com/proactive-vs-reactive-cyber-security-strategies-in-maritime/

Shang, W., Gong,, T., Chen,, C., Hou, J., & Zeng, P. (2019, March 14). Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees. Security and Communication Networks, 2019, article 3574675. DOI: 10.1155/2019/3574675. https://downloads.hindawi.com/journals/scn/2019/3574675.pdf

Ancillary Material
Podcasts/Interviews

An Interview With Gary Kessler on the National Maritime Cybersecurity Plan (The Natural Curiosity Project, hosted by Steven Shepard, 02/18/2021)

An Interview with Gary Kessler on Maritime Cybersecurity (Cybersecurity Career Intelligence, hosted by Fred Scholl, Quinnipiac University, 11/02/2020)

An Interview With Gary Kessler on the Maritime Ransomware Attacks (The Natural Curiosity Project, hosted by Steven Shepard, 10/05/2020)

Satira, B. (2021, May 12). Navigating the Waters of Maritime Cybersecurity. Help Net Security. https://www.helpnetsecurity.com/2021/05/12/maritime-cybersecurity/

Maritime newsletters/Web sites that cover cybersecurity

Center for International Maritime Security

Coast Guard Maritime Commons

CSO Alliance

Digital Ship newsletter

gCaptain

Hellenic Shipping News

JOC.com Maritime News

Lloyd's List

MarineLink

The Maritime Executive

Maritime Logistics Professional

Maritime & Port Security Information Sharing and Analysis Organization (MPS-ISAO) TLP-Green Reports and Advisories

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MCYSEKA - Maritime Cyber Security Knowledge Archive

Riviera Maritime Media

SAFETY4SEA

Vessel Performance Optimisation

GPS/GNSS-Related Issues

USCG Navigation Center — GPS Problem Reports Status page

Resilient Navigation and Timing Foundation

Ship tracking Web sites (mentioned in Chapter 3):

CruiseMapper

FleetMon

MarineTraffic

My Ship Tracking

Ship Tracker

Shipfinder

Vessel Finder

Vesseltracker

Hack The Sea 2.0 Village at DEF CON 28 (2020)

Build A Raspberry AIS

GPS:AIS Spoofing Attacks and Some Tools

Protecting AIS with Public Key Crypto Methods

Buy the Book!

The book can be purchased from Amazon in Kindle or print format.

Get more information about Gary (Amazon Author Page | Web site) and Steve (Amazon Author Page | Web site).

© 2020-2021, Gary C. Kessler & Steven D. Shepard