The state of the practice in maritime cyber security is defensive condition security – static defenses based on identify, protect, detect, respond, and recover activities. The state of the art, and the way ahead in cyber security is control condition security combines static defenses with engineering "knobs to turn" that challenge and thwart would be attackers, and protect accidental security compromisers from themselves. Clearly, the responsibility of corporate citizenship is heavier because of the need for cyber security aboard maritime assets. The increasing sophistication of onboard systems, ubiquitous interactive and integrated communications, the race toward vessel autonomy, and the attractiveness of maritime cyber assets to cyber attackers points to the need for a basic and uniform understanding of the cyber security environment at all levels of maritime organizations. At the core of that understanding is a reference model for understanding, measuring, and calculating cyber Risk. This paper presents the observed backdrop of maritime cyber security, a new model for understanding maritime operational technology cyber security, and a new clear and simple method for understanding, measuring, and reducing cyber security risk to enable control condition security for maritime operational technology systems.

This content is only available via PDF.
You can access this article if you purchase or spend a download.