Sam Houston State University Paper: Maritime Cybersecurity

Maritime vessels increasingly rely on sophisticated operational technology (OT) to navigate, power propulsion, and manage cargo. While the U.S. Coast Guard has issued baseline cybersecurity standards, those rules focus on network hygiene rather than the deep, real‑time controls that govern shipboard machinery. Recent incidents—such as ransomware on a container ship’s navigation system—highlight how a single breach can disrupt global trade routes and endanger crew safety. Understanding the unique attack surface of maritime OT is essential for investors, insurers, and policymakers who monitor supply‑chain resilience.

The Sam Houston State University paper points out two systemic blind spots: regulatory depth and workforce preparation. Existing Coast Guard guidelines lack granular requirements for firmware integrity, segmentation, and incident‑response playbooks tailored to shipboard control loops. Simultaneously, maritime engineering programs rarely cover control‑system cybersecurity, leaving operators unprepared for threats that have been well documented in the energy and manufacturing sectors. By borrowing lessons from land‑based critical infrastructure—such as anomaly‑based monitoring and hardened PLC configurations—the paper builds a bridge between academic research and practical shipboard defense.

The authors propose a three‑pronged approach: tighten regulations to mandate OT‑specific safeguards, embed control‑system modules into maritime curricula, and create industry‑wide best‑practice frameworks that can be adopted across ports, ship owners, and equipment manufacturers. Because the same PLCs and SCADA architectures appear in power grids, water treatment, and transportation, these recommendations have ripple effects beyond the ocean. Stakeholders who act now can reduce the likelihood of costly disruptions, protect cargo value, and reinforce national security, positioning the maritime sector as a model for broader critical‑infrastructure cyber resilience.