Maritime Cybersecurity A Guide for Leaders and Managers by Gary C. Kessler & Steven D. Shepard

---

This Web page is devoted to providing updated or additional information with which to supplement Maritime Cybersecurity: A Guide for Leaders and Managers.

• Papers, Articles, and Other Resources Related to the Book
• Ancillary Material
• How to Purchase the Book

Page last updated: 04 March 2021

---

Papers, Articles, and Other Resources Related to the Book

Chapter 2. Cybersecurity Basics

• Cimpanu, C. (2020, August 2). Google: Eleven Zero-Days Detected in the Wild in the First Half of 2020. ZDNet. https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/
• Mactavish, A. (2020, August 7). Cyber-Crime — A Continuing Concern. Seatrade Maritime News. https://www.seatrade-maritime.com/opinions-analysis/cyber-crime-continuing-concern
• Multi-State Information Sharing and Analysis Center (MS-ISAC). (2020, September). Ransomware Guide. Cybersecurity & Infrastructure Security Agency (CISA). https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf
• Tischer, M., Durumeric, Z., Bursztein, E., & Bailey, M. (2017, March/April). The Danger of USB Drives. IEEE Security & Privacy, 15(2), 62-69.

Chapter 3. Case Studies: Cyber Attacks on the Maritime Sector

• Shen, C., & Baker, J. (2020, September 28). CMA CGM Confirms Ransomware Attack. Lloyd's List Maritime Intelligence.
• Sonnemaker, T. (2020, August 3). Garmin Reportedly Paid Hackers a Multimillion Dollar Ransom to Recover Files After a Cyberattack That Left Their Services Offline for Several Days Last Month. Business Insider. https://www.businessinsider.com/garmin-paid-multimillion-dollar-ransom-to-hackers-report-2020-8
• Truong, K. (2020, July 28). The Garmin Ransomware Hack is Horrifying. Vice. https://www.vice.com/en_us/article/5dzkd5/the-garmin-ransomware-hack-is-horrifying
• United States Coast Guard (USCG). (2020, September 30). Malicious Email Spoofing Incidents. Marine Safety Information Bulletin (MSIB 19-20). https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2020/USCG-MSIB-19-20-CYBER-SPOOFING.pdf

Chapter 4. Ports and Cybersecurity

• DOT Launches New Marine Highway Module of Port Planning and Investment Toolkit. (2020, October 15). Homeland Security Today. https://www.hstoday.us/subject-matter-areas/transportation/dot-launches-new-marine-highway-module-of-port-planning-and-investment-toolkit/
• Drougkas, A., Sarri, A., Kyranoudi, P. (2020, December). CYBER RISK MANAGEMENT FOR PORTS: Guidelines for Cybersecurity in the Maritime Sector. ENISA. https://www.enisa.europa.eu/publications/guidelines-cyber-risk-management-for-ports/at_download/fullReport
• Iran: One of 2 Cyberattack Targets was Country's Ports. (2020, October 16). Asharq Al-Awsat. https://english.aawsat.com/home/article/2567991/iran-one-2-cyberattack-targets-was-countrys-ports
• Port of Los Angeles Inks $6.8 Mln Cybersecurity Deal with IBM. (2020, December 7). Maritime Logistics Professional. https://www.maritimeprofessional.com/news/port-angeles-inks-cybersecurity-deal-363659
• Wingrove, M. (2020, November 23). Cyber Attack Shuts Down US Port Servers. https://www.rivieramm.com/news-content-hub/news-content-hub/cyber-attack-shuts-down-us-port-servers-61955

Chapter 5. Shipboard Communication Systems

• Degnarain, N. (2020, November 6). Captain's Noon Reports Crucial Missing Evidence For Mauritius Oil Spill Ship. Forbes. https://www.forbes.com/sites/nishandegnarain/2020/11/06/captains-noon-reports-crucial-missing-evidence-for-mauritius-oil-spill-ship/?sh=16f204841a67
• Goodin, D. (2020, August 5). Insecure Satellite Internet is Threatening Ship and Plane Safety. Ars Technica. https://arstechnica.com/information-technology/2020/08/insecure-satellite-internet-is-threatening-ship-and-plane-safety/

Chapter 6. Navigation Systems

• Awan, M.S.K., & Al Ghamdi, M.A. (2019, October 2). Understanding the Vulnerabilities in Digital Components of An Integrated Bridge System (IBS). Journal of Marine Science and Engineering, 7(10), 350. https://doi.org/10.3390/jmse7100350
• Iannucci, P.A., & Humphreys, T.E. (2020, September 25). Fused Low-Earth-Orbit GNSS. The University of Texas at Austin Radionavigation Laboratory. https://arxiv.org/pdf/2009.12334.pdf
• Lambert, N., & Goward, D.A. (2020, November). Solution to GPS Hacking. Sea Technology, 8-10. https://lsc-pagepro.mydigitalpublication.com/publication/?m=60787&i=680110&p=8
• Russian Electronic Warfare System Is Capable Of Neutralizing GPS, Galileo and BeiDou Systems. (2021, February 1). Sputnik International News. https://rntfnd.org/2021/02/04/russian-electronic-warfare-system-is-capable-of-neutralizing-gps-galileo-and-beidou-systems-sputnik-international/
• Svilicic, B., Rudan, I., Frančić, V., & Doričić, M. (2019). Shipboard ECDIS Cyber Security: Third-Party Component Threats. Scientific Journal of Maritime Research, 33(2), 176-180. https://doi.org/10.31217/p.33.2.7
• Tucker, P. (2020, July 31). The Air Force's Latest GPS Alternative: Earth's Magnetic Fields. Defense One. https://www.defenseone.com/technology/2020/07/air-forces-latest-gps-alternative-earths-magnetic-fields/167387/
• Under Attack – Receiver Response to Spoofing: Robustness vs. Resilience. (2020, September 30). Inside GNSS. https://insidegnss.com/under-attack-receiver-response-to-spoofing-robustness-vs-resilience/
• U.S. Department of Transportation. (2020, December 9). Virtual Workshop on GPS Jamming and Spoofing in the Maritime Environment. https://www.transportation.gov/pnt/agenda-virtual-workshop-gps-jamming-and-spoofing-maritime-environment

Chapter 7. Industrial Control and Autonomous Systems

• Advancement for Autonomous Operations on Deep-Sea Ships. (2020, October 2). The Maritime Executive. https://www.maritime-executive.com/article/advancement-for-autonomous-operations-on-deep-sea-ships
• Cusimano, J., Ayala, M., & Villano, G. (2020, November 10). Navigating Cybersecurity Challenges in Maritime Operational Technology. The Maritime Executive. https://maritime-executive.com/editorials/navigating-cybersecurity-challenges-in-maritime-operational-technology
• Dow, M. (2020, August 31). Rise of Ransomware: Why OT is a Prime Target for Cybercriminals. Security. https://www.securitymagazine.com/articles/93197-rise-of-ransomware-why-ot-is-a-prime-target-for-cybercriminals
• Fleming, C., Elks, C., Bakirtzis, G., Adams, S.C., Carter, B., Beling, P.A., & Horowitz, B. (2020, November 29). Cyber-Physical Security Through Resiliency: A Systems-centric Approach. eprint arXiv:2011.14469. https://arxiv.org/abs/2011.14469v1
• Horowitz, B.M. (2020, January-February). Cyberattack-Resilient Cyberphysical Systems. IEEE Security & Privacy, 18(1), 55-60. DOI: 10.1109/MSEC.2019.2947123.
• Humayed, A., Lin, J., Li, F., & Luo, B. (2017, December). Cyber-Physical Systems Security — A Survey. IEEE Internet of Things Journal, 4(6), 1802-1831. DOI: 10.1109/JIOT.2017.2703172.
• Industrial Safety and Security (ISS) Source. (2021, March 1). Tool to Protect Against GPS Spoofing. ISSSource.com. https://isssource.com/tool-to-protect-against-gps-spoofing/
• MASSPorts initiative launched to develop autonomous shipping. (2020, August 6). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/6737-massports-initiative-launched-to-develop-autonomous-shipping
• MOL begins study on collision avoidance of autonomous ships. (2020, October 21). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/6876-mol-begins-study-on-collision-avoidance-of-autonomous-ships
• Russia Moving Forward with Autonomous Navigation on Commercial Vessels. (2020, December 11). The Maritime Executive. https://www.maritime-executive.com/article/russia-moving-forward-with-autonomous-navigation-on-commercial-vessels
• The Collision Regulations and Autonomous Shipping. (2020, July). Shipping Law Insights blog, Norton Rose Fulbright. https://www.nortonrosefulbright.com/en/knowledge/publications/5fedab67/the-collision-regulations-and-autonomous-shipping
• tpgroup’s Autonomous Navigation System Completes Sea Trials. (2020, December 22). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/7018-tpgroup-s-autonomous-navigation-system-completes-sea-trials

Chapter 8. Strategies for Maritime Cyberdefense

• Arampatzis, A. (2020, August 2). The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity. Tripwire. https://www.tripwire.com/state-of-security/security-data-protection/biggest-challenges-best-practices-mitigate-risks-maritime-cybersecurity/
• BIMCO et al. (2020, December 21). The Guidelines on Cyber Security Onboard Ships, version 4. https://www.bimco.org/-/media/bimco/news-and-trends/news/priority-news/2020/2021-12-23-guidelines-on-cyber-security-onboard-ships.ashx
• Green, E.H., Carr, E.W., Winebrake, J.J., & Corbett, J.J. (2020, June). Blockchain Technology and Maritime Shipping: A Primer. U.S. Maritime Administration. https://www.maritime.dot.gov/sites/marad.dot.gov/files/2020-07/MARAD%20Blockchain%20Final%20Primer%20%2820200622%29.pdf
• Jacq, O., Boudvin, X., Brosset, D., Kermarrec, Y., & Simonin, J. (2018, October). Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre. In Proceedings of the 2018 2nd Cyber Security in Networking Conference (CSNet), October 24-26, 2018, Paris, France. DOI: 10.1109/CSNET.2018.8602669
• Kollars, N., Tangredi, S.J., & Demchak, C.C. (2021, February 4). The Cyber Maritime Environment: A Shared Critical Infrastructure and Trump's Maritime Cyber Security Plan. War on the Rocks. https://warontherocks.com/2021/02/the-cyber-maritime-environment-a-shared-critical-infrastructure-and-trumps-maritime-cyber-security-plan/
• McNally, M. (2021, January 7). IMO2021, Not Just an IT Concern. MarineLink. https://www.marinelink.com/news/imo-not-concern-484360
• New ASTM International Standard Aims to Reduce Maritime Cyber Risk. (2020, July 30). The Maritime Executive. https://www.maritime-executive.com/corporate/new-astm-international-standard-aims-to-reduce-maritime-cyber-risk
• Petta, M.C. (2021, January 10). The IMO 2021 Cyber Guidelines and the Need to Secure Seaports. Maritime Executive. https://maritime-executive.com/editorials/the-imo-2021-cyber-guidelines-and-the-need-to-secure-seaports
• Reva, D. (2020, October). Maritime Cyber Security: Getting Africa Ready. Institute for Security Studies, Africa Report 29. https://issafrica.s3.amazonaws.com/site/uploads/ar-29.pdf
• Steady as She Goes: Three Expectations for the U.S Coast Guard Under the Biden Administration. (2021, January 8). gCaptain. https://gcaptain.com/expectations-for-us-coast-guard-under-biden-administration/
• The Clock is Ticking for Compliance With IMO's 2021 Cyber Security Regulations. (2020, 12 November). Lloyd's Register. https://www.lr.org/en/insights/articles/imo-cyber-secuity-regulation-compliance/
• The Navy Aims to Install Cyber Baselines Aboard 180 Ships. (2020, July). DefenseNews. https://www.defensenews.com/battlefield-tech/it-networks/2020/06/30/the-navy-aims-to-install-cyber-baselines-aboard-180-ships/
• U.S. Coast Guard. (2020, October 27). Vessel Cyber Risk Management Work Instruction (CVC-WI-027(1)). Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI). https://dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/CG-CVC/CVC_MMS/CVC-WI-027(series).pdf
• Weiss, J.G., Helleputte, C.-A., & De Cicco, D. (2020, October 22). US DOE and NIST Partner to Improve Cybersecurity in Energy, Maritime Transportation Industries. Steptoe. https://www.steptoe.com/en/news-publications/us-doe-and-nist-partner-to-improve-cybersecurity-in-energy-maritime-transportation-industries.html
• White House (2020, December). National Maritime Cybersecurity Plan to the National Strategy for Maritime Security. https://www.whitehouse.gov/wp-content/uploads/2021/01/12.2.2020-National-Maritime-Cybersecurity-Plan.pdf
• Wingrove, M. (2020, November 5). Norway Opens Cyber Resilience Centre. Riviera. https://www.rivieramm.com/news-content-hub/news-content-hub/norway-opens-cyber-resilience-centre-61586

Chapter 9. Concluding Thoughts

• Bolbota, V., Theotokatosa, G., Boulougourisa, E., & Vassalosa, D. (2020, November). A Novel Cyber-Risk Assessment Method for Ship Systems. Safety Science, 131. DOI: 10.1016/j.ssci.2020.104908. https://www.sciencedirect.com/science/article/pii/S0925753520303052/pdfft
• Percival, T. (2021, January 18). Proactive vs. Reactive Cyber Security Strategies in Maritime. Hellenic Shipping News. https://www.hellenicshippingnews.com/proactive-vs-reactive-cyber-security-strategies-in-maritime/
• Shang, W., Gong,, T., Chen,, C., Hou, J., & Zeng, P. (2019, March 14). Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees. Security and Communication Networks, 2019, article 3574675. DOI: 10.1155/2019/3574675. https://downloads.hindawi.com/journals/scn/2019/3574675.pdf

---

Ancillary Material

Podcasts

• An Interview With Gary Kessler on the National Maritime Cybersecurity Plan (The Natural Curiosity Project, hosted by Steven Shepard, 02/18/2021)
• An Interview with Gary Kessler on Maritime Cybersecurity (Cybersecurity Career Intelligence, hosted by Fred Scholl, Quinnipiac University, 11/02/2020)
• An Interview With Gary Kessler on the Maritime Ransomware Attacks (The Natural Curiosity Project, hosted by Steven Shepard, 10/05/2020)

Maritime newsletters/Web sites that cover cybersecurity

• Center for International Maritime Security
• Coast Guard Maritime Commons
• CSO Alliance
• Digital Ship newsletter
• gCaptain
• Hellenic Shipping News
• JOC.com Maritime News
• Lloyd's List
• MarineLink
• The Maritime Executive
• Maritime Logistics Professional
• Maritime & Port Security Information Sharing and Analysis Organization (MPS-ISAO) TLP-Green Reports and Advisories
• Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)
• MCYSEKA - Maritime Cyber Security Knowledge Archive
• Riviera Maritime Media
• SAFETY4SEA

GPS/GNSS-Related Issues

• USCG Navigation Center — GPS Problem Reports Status page
• Resilient Navigation and Timing Foundation

Ship tracking Web sites (mentioned in Chapter 3):

• CruiseMapper
• FleetMon
• MarineTraffic
• My Ship Tracking
• Ship Tracker
• Shipfinder
• Vessel Finder
• Vesseltracker

Hack The Sea 2.0 Village at DEF CON 28 (2020)

• Build A Raspberry AIS
• GPS:AIS Spoofing Attacks and Some Tools
• Protecting AIS with Public Key Crypto Methods

---

Buy the Book!

The book can be purchased from Amazon in Kindle or print format.

Get more information about Gary (Amazon Author Page | Web site) and Steve (Amazon Author Page | Web site).

---

© 2020-2021, Gary C. Kessler & Steven D. Shepard