Maritime Cybersecurity A Guide for Leaders and Managers by Gary C. Kessler & Steven D. Shepard

---

This Web page is devoted to providing updated or additional information with which to supplement Maritime Cybersecurity: A Guide for Leaders and Managers.

• References
• Ancillary Material
• How to Purchase the Book

Page last updated: 05 December 2021

---

References

Chapter 1. The Maritime Transportation System (MTS) Chapter 2. Cybersecurity Basics Chapter 3. Case Studies: Cyber Attacks on the Maritime Sector Chapter 4. Ports and Cybersecurity Chapter 5. Shipboard Communication Systems Chapter 6. Navigation Systems Chapter 7. Industrial Control and Autonomous Systems Chapter 8. Strategies for Maritime Cyberdefense Chapter 9. Concluding Thoughts

Chapter 1. The Maritime Transportation System (MTS)

• Bebbington, T. (2021, August 6). Cyberattack or Coincidence? Seatrade Maritime News. https://www.seatrade-maritime.com/regulation/less-25-bulkers-and-tankers-will-attain-eexi-compliance
• Cohen, J. (2021). Where Zeros and Ones Sink Ships - Cyber Warfare Enters the Naval Battlespace. Naval Forces, 42(5), 49-51.
• Foote, R. (2017) Cybersecurity in the Marine Transportation Sector: Protecting Intellectual Property to Keep Our Ports, Facilities, and Vessels Safe from Cyber Threats. Cybaris, 8(2), article 3. https://open.mitchellhamline.edu/cybaris/vol8/iss2/3
• Kiln. (n.d.). Ship Map. https://www.shipmap.org/

Chapter 2. Cybersecurity Basics

• Barker, W.C., Scarfone, K., Fisher, W., & Souppaya, M. (2021, June). Cybersecurity Framework Profile for Ransomware Risk Management. Preliminary Draft National Institute of Standards and Technology Interagency or Internal Report (NISTIR) 8374, U.S. Department of Commerce. https://csrc.nist.gov/CSRC/media/Publications/nistir/draft/documents/NIST.IR.8374-preliminary-draft.pdf
• Barsky, N. (2021, August 31). The SEC Exposed Cybersecurity's Fatal Flaw - Executive Resistance To Bad News. Forbes. https://www.forbes.com/sites/noahbarsky/2021/08/31/the-sec-exposed-cybersecuritys-fatal-flaw---executive-resistance-to-bad-news/?sh=37c8b2922339
• Bracken, B. (2021, November 30). Lloyd's Carves Out Cyber-Insurance Exclusions for State-Sponsored Attacks. threatpost. https://threatpost.com/lloyds-cyber-insurance-exclusions/176669/
• Cimpanu, C. (2020, August 2). Google: Eleven Zero-Days Detected in the Wild in the First Half of 2020. ZDNet. https://www.zdnet.com/article/google-eleven-zero-days-detected-in-the-wild-in-the-first-half-of-2020/
• Epsco-Ra Introduces New Cybersecurity Assessment Method. (2021, April 22). Digital Ship. https://thedigitalship.com/news/maritime-satellite-communications/item/7261-epsco-ra-introduces-new-cybersecurity-assessment-method
• Gatlan, S. (2021, June 30). CISA Releases New Ransomware Self-Assessment Security Audit Tool. BleepingComputer. https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/
• Krebs, B. (2021, October 26). FBI Raids Chinese Point-of-Sale Giant PAX Technology. Krebs on Security. https://krebsonsecurity.com/2021/10/fbi-raids-chinese-point-of-sale-giant-pax-technology/
• Mactavish, A. (2020, August 7). Cyber-Crime — A Continuing Concern. Seatrade Maritime News. https://www.seatrade-maritime.com/opinions-analysis/cyber-crime-continuing-concern
• Mc Mahon, C. (2020, July 10). In Defence of the Human Factor. Frontiers of Psychology. DOI: 10.3389/fpsyg.2020.01390
• Meland, P.H., Nesheim, D.A., Bernsmed, K., & Sindre, G. (2022, February). Assessing Cyber Threats for Storyless Systems. Journal of Information Security and Applications, 64, article 103050. DOI: 10.1016/j.jisa.2021.103050
• Multi-State Information Sharing and Analysis Center (MS-ISAC). (2020, September). Ransomware Guide. Cybersecurity & Infrastructure Security Agency (CISA). https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C.pdf
• Norton, Q. (2014, May 20). Everything is Broken. The Message. https://medium.com/message/everything-is-broken-81e5f33a24e1#.sc7pf19g3
• Palmer, D. (2021, April 23). Ransomware's Perfect Target: Why One Industry Needs to Improve Cybersecurity, Before It's Too Late. ZDNet. https://www.zdnet.com/article/ransomwares-perfect-target-why-one-industry-needs-to-improve-cybersecurity-before-its-too-late/
• Progoulakis, I., Nikitakos, N., Rohmeyer, P., Bunin, B., Dalaklis, D., & Karamperidis, S. (2021, January 22). Perspectives on Cyber Security for Offshore Oil and Gas Assets. Journal of Marine Science and Engineering, 9(2), 112. DOI: 10.3390/jmse9020112
• Rose, S. (2021, August 4). Planning for a Zero Trust Architecture: A Starting Guide for Administrators. National Institute of Standards and Technology (NIST) DRAFT White Paper, U.S. Department of Commerce. DOI: 10.6028/NIST.CSWP.08042021-draft
• Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020, August). Zero Trust Architecture. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-207, U.S. Department of Commerce. DOI: 10.6028/NIST.SP.800-207
• Stewart, K.C., & Hoover, A. (2020, March 30). An Introduction to the Cybersecurity Maturity Model Certification. Software Engineering Institute blog, Carnegie Mellon University. https://insights.sei.cmu.edu/blog/an-introduction-to-the-cybersecurity-maturity-model-certification-cmmc/
• Tischer, M., Durumeric, Z., Bursztein, E., & Bailey, M. (2017, March/April). The Danger of USB Drives. IEEE Security & Privacy, 15(2), 62-69.

Chapter 3. Case Studies: Cyber Attacks on the Maritime Sector

• Chesney, R. (2021, August 25). SolarWinds and the Holiday Bear Campaign: A Case Study for the Classroom. LAWFARE. https://www.lawfareblog.com/solarwinds-and-holiday-bear-campaign-case-study-classroom
• Cimpanu, C. (2018, December 12). Ships Infected with Ransomware, USB Malware, Worms. ZDNet. https://www.zdnet.com/article/ships-infected-with-ransomware-usb-malware-worms/
• Dapena, K., & Moriarty, D. (2021, March 31). America's Imports Are Stuck on Ships Floating Just Off Los Angeles. The Wall Street Journal. https://www.wsj.com/articles/americas-imports-are-stuck-on-ships-floating-just-off-los-angeles-11617183002
• Egozi, A. (2021, October 5). US Presses Israel On Haifa Port Amid China Espionage Concerns: Sources. Breaking Defense. https://breakingdefense.com/2021/10/us-presses-israel-on-haifa-port-amid-china-espionage-concerns-sources/
• Herr, T., Loomis, W., Schroeder, E., Scott, S., Handler, S., & Zuo, T. (2021, March). Broken Trust: Lessons from Sunburst. Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council. https://www.atlanticcouncil.org/wp-content/uploads/2021/03/BROKEN-TRUST.pdf
• Lillis, K.B., Bertrand, N., & Atwood, K. (2021, November 19). Construction Halted on Secret Project at Chinese Port in UAE After Pressure From US, Officials Say. CNN. https://www.cnn.com/2021/11/19/politics/china-uae-us-construction-port/index.html
• Poling, G.B., Mallory, T.B., & Prétat, H. (2021, November). Pulling Back the Curtain on China's Maritime Militia. A Report of the Center for Strategic and International Studies (CSIS) Asia Maritime Transparency Initiative and the Center for Advanced Defense Studies (C4ADS). https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/211118_Poling_Maritime_Militia.pdf
• Shen, C., & Baker, J. (2020, September 28). CMA CGM Confirms Ransomware Attack. Lloyd's List Maritime Intelligence.
• Sonnemaker, T. (2020, August 3). Garmin Reportedly Paid Hackers a Multimillion Dollar Ransom to Recover Files After a Cyberattack That Left Their Services Offline for Several Days Last Month. Business Insider. https://www.businessinsider.com/garmin-paid-multimillion-dollar-ransom-to-hackers-report-2020-8
• Truong, K. (2020, July 28). The Garmin Ransomware Hack is Horrifying. Vice. https://www.vice.com/en_us/article/5dzkd5/the-garmin-ransomware-hack-is-horrifying
• United States Coast Guard (USCG). (2020, September 30). Malicious Email Spoofing Incidents. Marine Safety Information Bulletin (MSIB 19-20). https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2020/USCG-MSIB-19-20-CYBER-SPOOFING.pdf

Chapter 4. Ports and Cybersecurity

• DOT Launches New Marine Highway Module of Port Planning and Investment Toolkit. (2020, October 15). Homeland Security Today. https://www.hstoday.us/subject-matter-areas/transportation/dot-launches-new-marine-highway-module-of-port-planning-and-investment-toolkit/
• Drougkas, A., Sarri, A., Kyranoudi, P. (2020, December). CYBER RISK MANAGEMENT FOR PORTS: Guidelines for Cybersecurity in the Maritime Sector. ENISA. https://www.enisa.europa.eu/publications/guidelines-cyber-risk-management-for-ports/at_download/fullReport
• Fredrickson, K. (2021, May 9). Marine Transportation System (MTS) Cyber Spotlight: Approaching deadlines for incorporating cyber into Facility Security Assessments (FSA) and Facility Security Plans (FSP). Coast Guard Maritime Commons. https://mariners.coastguard.blog/2021/05/09/marine-transportation-system-mts-cyber-spotlight/
• International Association of Ports and Harbors (IAPH). (2021, July 2). Cybersecurity Guidelines for Ports and Port Facilities, v 1.0. https://sustainableworldports.org/wp-content/uploads/IAPH-Cybersecurity-Guidelines-version-1_0.pdf
• Iran: One of 2 Cyberattack Targets was Country's Ports. (2020, October 16). Asharq Al-Awsat. https://english.aawsat.com/home/article/2567991/iran-one-2-cyberattack-targets-was-countrys-ports
• Petta, M.C. (2021, September 29). Port Cybersecurity: Incorporating the IAPH's New Guidelines into the ISPS Code. Center for International Maritime Security (CIMSEC. target="x"> https://cimsec.org/incorporating-the-iaphs-new-cybersecurity-guidelines-into-the-international-ship-and-port-facility-security-code/
• Port of Los Angeles Inks $6.8 Mln Cybersecurity Deal with IBM. (2020, December 7). Maritime Logistics Professional. https://www.maritimeprofessional.com/news/port-angeles-inks-cybersecurity-deal-363659
• Wingrove, M. (2020, November 23). Cyber Attack Shuts Down US Port Servers. https://www.rivieramm.com/news-content-hub/news-content-hub/cyber-attack-shuts-down-us-port-servers-61955

Chapter 5. Shipboard Communication Systems

• Degnarain, N. (2020, November 6). Captain's Noon Reports Crucial Missing Evidence For Mauritius Oil Spill Ship. Forbes. https://www.forbes.com/sites/nishandegnarain/2020/11/06/captains-noon-reports-crucial-missing-evidence-for-mauritius-oil-spill-ship/?sh=16f204841a67
• Goodin, D. (2020, August 5). Insecure Satellite Internet is Threatening Ship and Plane Safety. Ars Technica. https://arstechnica.com/information-technology/2020/08/insecure-satellite-internet-is-threatening-ship-and-plane-safety/
• Iran's Secret Cyber Files On How Cargo Ships and Petrol Stations Could Be Attacked. (2021, July 27). IFMAT. https://www.ifmat.org/07/27/irans-secret-cyber-files-on-how-cargo-ships-and-petrol-stations-could-be-attacked/
• Kessler, G.C. (2021, September). The CAN Bus in the Maritime Environment - Technical Overview and Cybersecurity Vulnerabilities. TransNav, The International Journal on Marine Navigation and Safety of Sea Transportation, 15(3), 531-540. DOI: 10.12716/1001.15.03.05.
• Pavur, J., Mosery, D., Strohmeiery, M., Lendersy, V., & Martinovic, I. (2020, May). A Tale of Sea and Sky On the Security of Maritime VSAT Communications. In Proceedings of the 2020 IEEE Symposium on Security and Privacy (SP), 18-21 May 2020, San Francisco. DOI: 10.1109/SP40000.2020.00056
• Tran, K., Keene, S., Fretheim, E., & Tsikerdekis, M. (2021, April 21). Marine Network Protocols and Security Risks. Journal of Cybersecurity and Privacy, 2021(1), 239-251. DOI: 10.3390/jcp1020013

Chapter 6. Navigation Systems

• Anderson, J.M., Carroll, K.L., DeVilbiss, N.P., Gillis, J.T., Hinks, J.C., O'Hanlon, B.W., Rushanan, J.J., Scott, L., & Yazdi, R.A. (2017, September). Chips-Message Robust Authentication (Chimera) for GPS Civilian Signals. Proceedings of the 30th International Technical Meeting of the Satellite Division of The Institute of Navigation (ION GNSS+ 2017), Portland, Oregon, pp. 2388-2416. DOI: 10.33012/2017.15206
• Androjna, A., Perkovič, M., Pavic, I., & Mišković. (2021, May). AIS Data Vulnerability Indicated by a Spoofing Case-Study. Applied Sciences, 11(11), 5015. DOI: 10.3390/app11115015
• Androjna, A., & Perkovič, M. (2021, September). Impact of Spoofing of Navigation Systems on Maritime Situational Awareness. Transactions on Maritime Science, 10(2). DOI: 10.7225/toms.v10.n02.w08
• Awan, M.S.K., & Al Ghamdi, M.A. (2019, October 2). Understanding the Vulnerabilities in Digital Components of An Integrated Bridge System (IBS). Journal of Marine Science and Engineering, 7(10), 350. DOI: 10.3390/jmse7100350
• Boling, A., Kuo, L., Snyder, L., & Sung, L. (2021). UNMASKED: Vessel Identity Laundering and North Korea's Maritime Sanctions Evasion. Center for Advanced Defense Studies (C4ADS). https://c4ads.org/s/Unmasked-North-Korea-Vessel-Identity-Laundering-ntbe.pdf
• Chow, B.G., & Kelley, B.W. (2021, July 28). Peace in the Era of Weaponized Space. SpaceNews. https://spacenews.com/op-ed-peace-in-the-era-of-weaponized-space/
• Easton, I. (2009, August 10). The Great Game in Space: China's Evolving ASAT Weapons Programs and Their Implications for Future U.S. Strategy. Project 2049 Institute. https://project2049.net/wp-content/uploads/2018/05/china_asat_weapons_the_great_game_in_space.pdf
• González, R., Lacarra, E., López, M., & Heikonen, K. (2021, September). EGNOS Performance Along Finnish Coast. TransNav, The International Journal on Marine Navigation and Safety of Sea Transportation, 15(3), 551-556. DOI: 10.12716/1001.15.03.07.
• Goodman, J. (2021, May 28). Tanker's Impossible Voyage Signals New Sanction Evasion Ploy. yahoo!news. https://news.yahoo.com/tanker-impossible-voyage-signals-sanction-040109857.html
• Goward, D.A. (2021, April 14). Assured PNT Summit - Opening Remarks. Defense Strategies Institute Assured PNT Summit. https://rntfnd.org/2021/04/16/assured-pnt-summit-opening-remarks/
• GPS Denied Solutions and Upcoming Technologies. (2021, May 11). Advanced Navigation. https://www.advancednavigation.com/news/gps-denied-solutions-and-upcoming-technologies
• GPSPATRON. (2021, September 26). GNSS Spoofing Scenarios with SDRs. https://gpspatron.com/gnss-spoofing-scenarios-with-sdrs/
• Hambling, D. (2020, October 4). What Would the World do Without GPS? BBC. https://www.bbc.com/future/article/20201002-would-the-world-cope-without-gps-satellite-navigation
• Hansen, A., Mackey, S., Wassaf, H., Shah, V., Wallischeck, E., Scarpone, C., Barzach, M., & Baskerville, E. (2021, January). Complementary PNT and GPS Backup Technologies Demonstration Report. Cambridge (MA): U.S. Department of Transportation, John A Volpe National Transportation Systems Center, Report DOT-VNTSC-20-07. https://www.transportation.gov/sites/dot.gov/files/2021-01/FY%2718%20NDAA%20Section%201606%20DOT%20Report%20to%20Congress_Combinedv2_January%202021.pdf
• Hanyok, R.J. (2001). Skunks, Bogies, Silent Hounds, and the Flying Fish: The Gulf of Tonkin Mystery, 2-4 August 1964. Cryptologic Quarterly. https://nsarchive2.gwu.edu/NSAEBB/NSAEBB132/relea00012.pdf
• Harris, M. (2021, July 29). Phantom Warships Are Courting Chaos in Conflict Zones. WIRED. https://www.wired.com/story/fake-warships-ais-signals-russia-crimea/
• Hemminghaus, C., Bauer, J., & Padilla, E. (2021, March). BRAT: A BRidge Attack Tool for Cyber Security Assessments of Maritime Systems. TransNav, The International Journal on Marine Navigation and Safety of Sea Transportation, 15(1). DOI: 10.12716/1001.15.01.02
• How SailPlan's Cloud-based Platform is Optimising Navigational Decision-making. (2021, March 5). Vessel Performance Optimisation. https://vpoglobal.com/2021/03/05/how-sailplans-cloud-based-platform-is-optimising-navigational-decision-making/
• Humphreys, T. (2012, August 24). Resilient and Robust PNT. ION Joint Navigation Conference. https://rntfnd.us3.list-manage.com/track/click?u=06a79dfa9d702640cd0cee682&id=40316749a7&e=45ff616045
• Iannucci, P.A., & Humphreys, T.E. (2020, September 25). Fused Low-Earth-Orbit GNSS. The University of Texas at Austin Radionavigation Laboratory. https://arxiv.org/pdf/2009.12334.pdf
• Industrial Safety and Security (ISS) Source. (2021, March 1). Tool to Protect Against GPS Spoofing. ISSSource.com. https://isssource.com/tool-to-protect-against-gps-spoofing/
• International Maritime Organization (IMO). (2021, October 18). Deliberate Interference With the United States' Global Positioning Sytsem (GPS) and Other Global Navigation Staellite Systems (GNSS). MSC.1/Circ.1644. https://rntfnd.org/wp-content/uploads/IMO-Circular-MSC.1-Circ.1644-Deliberate-Interference-With-The-United-States-Global-Positioning-System-Gps-And-Other...-Secretariat.pdf_safe.pdf
• Kessler, G.C. (2021, August 22). AIS Spoof of a Warship [video]. https://www.garykessler.net/gck/202108_MOCKVA_spoof.mp4
• Khalife, J., Neinavaie, M., & Kassas, Z.M. (2021, September 20). The First Carrier Phase Tracking and Positioning Results with Starlink LEO Satellite Signals. IEEE Transactions on Aerospace and Electronic Systems. DOI: 10.1109/TAES.2021.3113880
• Lambert, N., & Goward, D.A. (2020, November). Solution to GPS Hacking. Sea Technology, 8-10. https://lsc-pagepro.mydigitalpublication.com/publication/?m=60787&i=680110&p=8
• Leite Junior, W.C., de Moraes, C.C., de Albuquerque, C.E.P., Machado, R.C.S., & de Sá, A.O. (2021, May 4). A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems. Sensors, 21(9), 3195. DOI: 10.3390/s21093195
• Russian Electronic Warfare System Is Capable Of Neutralizing GPS, Galileo and BeiDou Systems. (2021, February 1). Sputnik International News. https://rntfnd.org/2021/02/04/russian-electronic-warfare-system-is-capable-of-neutralizing-gps-galileo-and-beidou-systems-sputnik-international/
• Su, M., Su, X., Zhao, Q., & Liu, J. (2019, January 7). BeiDou Augmented Navigation from Low Earth Orbit Satellites. Sensors, 19(1), 198. DOI: 10.3390/s19010198
• Sutton, H.I. (2021, June 21). Positions of Two NATO Ships Were Falsified Near Russian Black Sea Naval Base. USNI News. https://news.usni.org/2021/06/21/positions-of-two-nato-ships-were-falsified-near-russian-black-sea-naval-base
• Sutton, H.I. (2021, December 3). Attacking Open Source Intelligence: The Fake AIS Data Epidemic Explained [video]. Covert Shores. https://www.youtube.com/watch?v=dnuKpd0TNKc
• Svilicic, B., Rudan, I., Frančić, V., & Doričić, M. (2019). Shipboard ECDIS Cyber Security: Third-Party Component Threats. Scientific Journal of Maritime Research, 33(2), 176-180. DOI: 10.31217/p.33.2.7
• Tippenhauer, N.O., Pöpper, C., Rasmussen, K.B., & Čapkun, S. (2011, October). On the Requirements for Successful GPS Spoofing Attacks. In CCS '11: Proceedings of the 18th ACM conference on Computer and Communications Security, pp. 75–86. https://dl.acm.org/doi/pdf/10.1145/2046707.2046719
• Tucker, P. (2020, July 31). The Air Force's Latest GPS Alternative: Earth's Magnetic Fields. Defense One. https://www.defenseone.com/technology/2020/07/air-forces-latest-gps-alternative-earths-magnetic-fields/167387/
• Tucker, P. (2021, November 02). Quantum Sensor Breakthrough Paves Way For GPS-Free Navigation. Defense One. https://www.defenseone.com/technology/2021/11/quantum-sensor-breakthrough-paves-way-gps-free-navigation/186578/
• Under Attack – Receiver Response to Spoofing: Robustness vs. Resilience. (2020, September 30). Inside GNSS. https://insidegnss.com/under-attack-receiver-response-to-spoofing-robustness-vs-resilience/
• U.S. Coast Guard (USCG). (2021, April 22). Worldwide Navigational Warnings Service. Marine Safety Information Bulletin (MSIB 05-21). https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2021/MSIB_21-05_WorldwideNavigationalWarningsService.pdf
• U.S. Department of Transportation. (2020, December 9). Virtual Workshop on GPS Jamming and Spoofing in the Maritime Environment. https://www.transportation.gov/pnt/agenda-virtual-workshop-gps-jamming-and-spoofing-maritime-environment
• U.S. Government Accountability Office (GAO). (2021, May). TECHNOLOGY ASSESSMENT: Defense Navigation Capabilities — DOD is Developing Positioning, Navigation, and Timing Technologies to Complement GPS (GAO-21-320SP). https://www.gao.gov/assets/gao-21-320sp.pdf
• U.S. Navy Ship Spoofed to Crimea. (2021, June 30). Resilient Navigation and Timing (RNT) Foundation blog. https://rntfnd.org/2021/06/30/u-s-navy-ship-spoofed-to-crimea/
• Using AI to Enhance Navigational Safety. (2021, May 21). Vessel Performance Optimisation. https://vpoglobal.com/2021/05/21/using-ai-to-enhance-navigational-safety/
• Weiss, M., Diamond, P., & Goward, D.A. (2020, October 16). A Resilient National Timing Architecture. RNT Foundation. https://rntfnd.org/wp-content/uploads/Resilient-National-Timing-Architecture-16-Oct-2020.pdf

Chapter 7. Industrial Control and Autonomous Systems

• Advancement for Autonomous Operations on Deep-Sea Ships. (2020, October 2). The Maritime Executive. https://www.maritime-executive.com/article/advancement-for-autonomous-operations-on-deep-sea-ships
• Cusimano, J., Ayala, M., & Villano, G. (2020, November 10). Navigating Cybersecurity Challenges in Maritime Operational Technology. The Maritime Executive. https://maritime-executive.com/editorials/navigating-cybersecurity-challenges-in-maritime-operational-technology
• Davis, R. & Inajima, T. (2021, August 31). First Autonomous Cargo Ship Faces Test With 236-Mile Voyage. gCaptain. https://gcaptain.com/first-autonomous-cargo-ship-faces-test-with-236-mile-voyage/
• Dow, M. (2020, August 31). Rise of Ransomware: Why OT is a Prime Target for Cybercriminals. Security. https://www.securitymagazine.com/articles/93197-rise-of-ransomware-why-ot-is-a-prime-target-for-cybercriminals
• Fleming, C., Elks, C., Bakirtzis, G., Adams, S.C., Carter, B., Beling, P.A., & Horowitz, B. (2020, November 29). Cyber-Physical Security Through Resiliency: A Systems-centric Approach. eprint arXiv:2011.14469. https://arxiv.org/abs/2011.14469v1
• Horowitz, B.M. (2020, January-February). Cyberattack-Resilient Cyberphysical Systems. IEEE Security & Privacy, 18(1), 55-60. DOI: 10.1109/MSEC.2019.2947123
• Humayed, A., Lin, J., Li, F., & Luo, B. (2017, December). Cyber-Physical Systems Security — A Survey. IEEE Internet of Things Journal, 4(6), 1802-1831. DOI: 10.1109/JIOT.2017.2703172
• Kehoe, A., & Cecotti, M. (2021, March 23). Multiple Destroyers Were Swarmed By Mysterious 'Drones' Off California Over Numerous Nights. The Ware Zone. https://www.thedrive.com/the-war-zone/39913/multiple-destroyers-were-swarmed-by-mysterious-drones-off-california-over-numerous-nights
• MASSPorts initiative launched to develop autonomous shipping. (2020, August 6). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/6737-massports-initiative-launched-to-develop-autonomous-shipping
• Mayger, J. (2019, October 10). Autonomous Shipping - Cyber Hazards Ahead. MarineLink. https://www.marinelink.com/news/autonomous-shipping-cyber-hazards-ahead-471587
• MOL begins study on collision avoidance of autonomous ships. (2020, October 21). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/6876-mol-begins-study-on-collision-avoidance-of-autonomous-ships
• Norton Rose Fulbright. (2020, July). The Collision Regulations and Autonomous Shipping. Shipping Law Insights blog. https://www.nortonrosefulbright.com/en/knowledge/publications/5fedab67/the-collision-regulations-and-autonomous-shipping
• O'Rourke, R. (2021, October 20). Navy Large Unmanned Surface and Undersea Vehicles: Background and Issues for Congress. Congressional Research Service, Report R45757. https://sgp.fas.org/crs/weapons/R45757.pdf
• Ocean of Things (OoT). (n.d.). Defense Advanced Research Projects Agency (DARPA), U.S. Department of Defense (DOD). https://oceanofthings.darpa.mil/
• Ong, P. (2021, August 30). Update on the U.S. Navy's MUSV and LUSV Programs. NAVALNEWS. https://www.navalnews.com/naval-news/2021/08/update-on-the-u-s-navys-musv-and-lusv-programs/
• Rivkin, B.S. (2021, January). Unmanned Ships: Navigation and More. Gyroscopy and Navigation, 12(1), 96–108. DOI: 10.1134/S2075108721010090
• Russia Moving Forward with Autonomous Navigation on Commercial Vessels. (2020, December 11). The Maritime Executive. https://www.maritime-executive.com/article/russia-moving-forward-with-autonomous-navigation-on-commercial-vessels
• Saul, J. (2021, July 28). The Pool Of Ship Officers Is Running Dry. https://gcaptain.com/the-pool-of-ship-officers-is-running-dry/
• Schuler, M. (2021, July 15). Navy's Second 'Ghost Fleet' Unmanned Ship Makes Long-Range Transit from Gulf to West Coast. gCaptain. https://gcaptain.com/navy-ghost-fleet-unmanned-ship-makes-second-long-range-trip/?subscriber=true&goal=0_f50174ef03-a31fbc4401-170367962&mc_cid=a31fbc4401&mc_eid=f9a51576ea
• Schuler, M. (2021, November 19). Yara Debuts Yara Birkeland, the World's First Autonomous and Emission-Free Containership. gCaptain. https://gcaptain.com/yara-birkeland-worlds-first-autonomous-zero-emission-ship/
• Seals, T. (2021, September 6). IoT Attacks Skyrocket, Doubling in 6 Months. threatpost. https://threatpost.com/iot-attacks-doubling/169224/
• Singapore Launches First Drone Technology Test Bed. (2021, April 22). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/7259-singapore-launches-first-drone-technology-test-bed
• tpgroup's Autonomous Navigation System Completes Sea Trials. (2020, December 22). Digital Ship. https://thedigitalship.com/news/electronics-navigation/item/7018-tpgroup-s-autonomous-navigation-system-completes-sea-trials

Chapter 8. Strategies for Maritime Cyberdefense

• Arampatzis, A. (2020, August 2). The Biggest Challenges and Best Practices to Mitigate Risks in Maritime Cybersecurity. Tripwire. https://www.tripwire.com/state-of-security/security-data-protection/biggest-challenges-best-practices-mitigate-risks-maritime-cybersecurity/
• BIMCO et al. (2020, December 21). The Guidelines on Cyber Security Onboard Ships, version 4. https://www.bimco.org/-/media/bimco/news-and-trends/news/priority-news/2020/2021-12-23-guidelines-on-cyber-security-onboard-ships.ashx
• Demchak, C.C., & Thomas, M.L. (2021, October 15). Can't Sail Away from Cyber Attacks: 'Sea-Hacking' from Land. War on the Rocks. https://warontherocks.com/2021/10/cant-sail-away-from-cyber-attacks-sea-hacking-from-land/
• Eversden, A. (2020, June 30). The Navy Aims to Install Cyber Baselines Aboard 180 Ships. DefenseNews. https://www.defensenews.com/battlefield-tech/it-networks/2020/06/30/the-navy-aims-to-install-cyber-baselines-aboard-180-ships/
• Green, E.H., Carr, E.W., Winebrake, J.J., & Corbett, J.J. (2020, June). Blockchain Technology and Maritime Shipping: A Primer. U.S. Maritime Administration. https://www.maritime.dot.gov/sites/marad.dot.gov/files/2020-07/MARAD%20Blockchain%20Final%20Primer%20%2820200622%29.pdf
• Heering, D., Maennel, O.M., & Venables, A.N. (2021, July). Shortcomings in Cybersecurity Education for Seafarers. In: C.G. Soares & T.A. Santos (eds.), Developments in Maritime Technology and Engineering, Vol. 1. CRC Press. DOI: 10.1201/9781003216582-6
• Jacq, O., Boudvin, X., Brosset, D., Kermarrec, Y., & Simonin, J. (2018, October). Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre. In Proceedings of the 2018 2nd Cyber Security in Networking Conference (CSNet), October 24-26, 2018, Paris, France. DOI: 10.1109/CSNET.2018.8602669
• Kollars, N., Tangredi, S.J., & Demchak, C.C. (2021, February 4). The Cyber Maritime Environment: A Shared Critical Infrastructure and Trump's Maritime Cyber Security Plan. War on the Rocks. https://warontherocks.com/2021/02/the-cyber-maritime-environment-a-shared-critical-infrastructure-and-trumps-maritime-cyber-security-plan/
• McNally, M. (2021, January 7). IMO2021, Not Just an IT Concern. MarineLink. https://www.marinelink.com/news/imo-not-concern-484360
• New ASTM International Standard Aims to Reduce Maritime Cyber Risk. (2020, July 30). The Maritime Executive. https://www.maritime-executive.com/corporate/new-astm-international-standard-aims-to-reduce-maritime-cyber-risk
• Petta, M.C. (2021, January 10). The IMO 2021 Cyber Guidelines and the Need to Secure Seaports. Maritime Executive. https://maritime-executive.com/editorials/the-imo-2021-cyber-guidelines-and-the-need-to-secure-seaports
• Reva, D. (2020, October). Maritime Cyber Security: Getting Africa Ready. Institute for Security Studies, Africa Report 29. https://issafrica.s3.amazonaws.com/site/uploads/ar-29.pdf
• Steady as She Goes: Three Expectations for the U.S Coast Guard Under the Biden Administration. (2021, January 8). gCaptain. https://gcaptain.com/expectations-for-us-coast-guard-under-biden-administration/
• The Clock is Ticking for Compliance With IMO's 2021 Cyber Security Regulations. (2020, 12 November). Lloyd's Register. https://www.lr.org/en/insights/articles/imo-cyber-secuity-regulation-compliance/
• U.S. Coast Guard. (2020, October 27). Vessel Cyber Risk Management Work Instruction (CVC-WI-027(1)). Office of Commercial Vessel Compliance (CG-CVC) Mission Management System (MMS) Work Instruction (WI). https://dco.uscg.mil/Portals/9/DCO%20Documents/5p/CG-5PC/CG-CVC/CVC_MMS/CVC-WI-027(series).pdf
• Weiss, J.G., Helleputte, C.-A., & De Cicco, D. (2020, October 22). US DOE and NIST Partner to Improve Cybersecurity in Energy, Maritime Transportation Industries. Steptoe. https://www.steptoe.com/en/news-publications/us-doe-and-nist-partner-to-improve-cybersecurity-in-energy-maritime-transportation-industries.html
• U.S. Coast Guard. (2021, August). CYBER STRATEGIC OUTLOOK: The United States Coast Guard's Vision To Protect and Operate in Cyberspace. https://www.uscg.mil/Portals/0/Images/cyber/2021-Cyber-Strategic-Outlook.pdf
• White House (2020, December). National Maritime Cybersecurity Plan to the National Strategy for Maritime Security. https://www.whitehouse.gov/wp-content/uploads/2021/01/12.2.2020-National-Maritime-Cybersecurity-Plan.pdf
• Wingrove, M. (2020, November 5). Norway Opens Cyber Resilience Centre. Riviera. https://www.rivieramm.com/news-content-hub/news-content-hub/norway-opens-cyber-resilience-centre-61586

Chapter 9. Concluding Thoughts

• Bailey, D. (2017, July 13). Why You Need to Follow the Steve Jobs Method and 'Work Backwards.' Inc. https://www.inc.com/dave-bailey/why-you-need-to-follow-the-steve-jobs-method-and-w.html
• Bolbota, V., Theotokatosa, G., Boulougourisa, E., & Vassalosa, D. (2020, November). A Novel Cyber-Risk Assessment Method for Ship Systems. Safety Science, 131. DOI: 10.1016/j.ssci.2020.104908. https://www.sciencedirect.com/science/article/pii/S0925753520303052/pdfft
• Davidson, D. (2018, March 13). Don't Try to be 'Disruptive.' To Really Have an Impact, You Need to Reverse Engineer the Future. Entrepreneur. https://www.entrepreneur.com/article/309552
• Higgins, K.J. (2013, April 4). Hacking The User Security Awareness And Training Debate. DarkReading. https://www.darkreading.com/risk/hacking-the-user-security-awareness-and-training-debate
• Kessler, G.C., and Zorri, D.M. (2021). Cross Domain IW Threats to SOF Maritime Missions: Implications for U.S. SOF. Joint Special Operations University (JSOU) Report 21-4. MacDill Air Force Base (FL): The JSOU Press. https://jsou.libguides.com/ld.php?content_id=61653860
• Loomis, W., Singh, V.V., Kessler, G.C., & Bellekens, X. (2021, October). RAISING THE COLORS: Signaling for Cooperation on Maritime Cybersecurity. Cyber Statecraft Initiative, Scowcroft Center for Strategy and Security, Atlantic Council. https://www.atlanticcouncil.org/wp-content/uploads/2021/10/Raising-the-colors-Signaling-for-cooperation-on-maritime-cybersecurity.pdf
• Lundquist, E.H. (2011, January 27). Project Evergreen. Defense Media Network. https://www.defensemedianetwork.com/stories/project-evergreen/
• Percival, T. (2021, January 18). Proactive vs. Reactive Cyber Security Strategies in Maritime. Hellenic Shipping News. https://www.hellenicshippingnews.com/proactive-vs-reactive-cyber-security-strategies-in-maritime/
• Roer, K. (2017, June 1). A Culture of Security, Not of Blame. Information Security Magazine. https://www.infosecurity-magazine.com/blogs/culture-security-not-blame/
• Schauer, S., Stamer, M., Bosse, C., Pavlidis, M., Mouratidis, H., König, S., & Papastergiou, S. (2017). An Adaptive Supply Chain Cyber Risk Management Methodology. In: Kersten, Wolfgang Blecker, Thorsten Ringle, Christian M. (Ed.), Digitalization in Supply Chain Management and Logistics: Smart and Digital Solutions for an Industry 4.0 Environment, Proceedings of the Hamburg International Conference of Logistics (HICL), Vol. 23, ISBN 978-3-7450-4328-0, epubli GmbH, Berlin, pp. 405-425. DOI: 10.15480/882.1491
• Shang, W., Gong,, T., Chen,, C., Hou, J., & Zeng, P. (2019, March 14). Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees. Security and Communication Networks, 2019, article 3574675. DOI: 10.1155/2019/3574675. https://downloads.hindawi.com/journals/scn/2019/3574675.pdf
• wondersmith_rae. (2020, November 30). Maritime OSINT: Port Analysis. https://wondersmithrae.medium.com/maritime-osint-port-analysis-d09b4531728d
• Zorri, D.M., & Kessler, G.C. (2021, September 8). Cyber Threats and Choke Points: How Adversaries are Leveraging Maritime Cyber Vulnerabilities for Advantage in Irregular Warfare. Modern War Institute at West Point. https://mwi.usma.edu/cyber-threats-and-choke-points-how-adversaries-are-leveraging-maritime-cyber-vulnerabilities-for-advantage-in-irregular-warfare/

---

Ancillary Material

Author Podcasts/Interviews/Presentations Maritime Cyber Newsletters, Blogs, and Web Sites Maritime Journals GPS/GNSS-Related Sites Ship Tracking/AIS Aggregation Web Sites

Author Podcasts/Interviews/Presentations

• Maritime Cybersecurity Interview with Mr. William Loomis and Dr. Gary Kessler, a ThinkJSOU podcast moderated by Dr. Mark Grzegorzewski (12/02/2021)
• Sea Control 293 - Cyber Threats & Chokepoints with Dr. Diane Zorri & Dr. Gary Kessler (Center for International Maritime Security (CIMSEC), hosted by Anna McNeil, 11/14/2021)
• Testimony before the U.S. House of Representatives Committee on Transportation & Infrastructure hearing on "The Evolving Cybersecurity Landscape: Industry Perspectives on Securing the Nation's Infrastructure" by Dr. Gary C. Kessler (11/04/2021) [Written testimony || Video of complete hearing; GCK's opening statement at 38:17-43:11]
• Hack The Sea 3.0 Village/DEF CON 29 (08/2021)
• AIS Tools Demo (Notes from DEF CON)
• AIS Proctocol Internals (Abridged) (Notes from Hack the Sea)
• Cybersecurity Update with Gary Kessler (The Natural Curiosity Project, hosted by Steven Shepard, 06/21/2021)
• "GNSS/AIS Spoofing: Issues in Maritime CyberSecurity." Maritime Cyber Security 2021 (06/17/2021).
• Satira, B. (2021, May 12). Navigating the Waters of Maritime Cybersecurity. Help Net Security. https://www.helpnetsecurity.com/2021/05/12/maritime-cybersecurity/
• An Interview With Gary Kessler on the National Maritime Cybersecurity Plan (The Natural Curiosity Project, hosted by Steven Shepard, 02/18/2021)
• An Interview with Gary Kessler on Maritime Cybersecurity (Cybersecurity Career Intelligence, hosted by Fred Scholl, Quinnipiac University, 11/02/2020)
• An Interview With Gary Kessler on the Maritime Ransomware Attacks (The Natural Curiosity Project, hosted by Steven Shepard, 10/05/2020)
• Hack The Sea 2.0 Village at DEF CON 28 (08/2020)
• Build A Raspberry AIS
• GPS:AIS Spoofing Attacks and Some Tools
• Protecting AIS with Public Key Crypto Methods

Maritime Cyber Newsletters, Blogs, and Web Sites

• Center for International Maritime Security
• Coast Guard Maritime Commons
• CSO Alliance
• Digital Ship newsletter
• DNV cyber insights
• gCaptain
• Hellenic Shipping News
• JOC.com Maritime News
• Lloyd's List
• MarineLink
• The Maritime Executive
• Maritime Logistics Professional
• Maritime & Port Security Information Sharing and Analysis Organization (MPS-ISAO) TLP-Green Reports and Advisories
• Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)
• MCYSEKA - Maritime Cyber Security Knowledge Archive
• Resilient Navigation and Timing Foundation
• Riviera Maritime Media
• SAFETY4SEA
• USCG Maritime Cyber Readiness Branch (MCRB)
• Vessel Performance Optimisation

Maritime Journals

• International Journal of Maritime Crime & Security
• Journal of Marine Science & Engineering
• Journal of Marine Science & Technology (Digital Commons)
• Journal of Marine Science & Technology (JASNAOE)
• NAVIGATION: Journal of the Institute of Navigation
• Transactions on Maritime Science
• TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation

GPS/GNSS-Related Sites

• USCG Navigation Center — GPS Problem Reports Status page
• Resilient Navigation and Timing Foundation

Ship Tracking/AIS Aggregation Web Sites

• AISHub
• CruiseMapper
• FleetMon
• MarineTraffic
• My Ship Tracking
• Ship Tracker
• Shipfinder
• TankerTrackers.com
• Vessel Finder
• Vesseltracker

---

Buy the Book!

The book can be purchased from Amazon in Kindle or print format.

Get more information about Gary (Amazon Author Page | Web site) and Steve (Amazon Author Page | Web site).

---

© 2020-2021, Gary C. Kessler & Steven D. Shepard