The state of the practice in maritime cyber security is defensive condition security – static defenses based on identify, protect, detect, respond, and recover activities. The state of the art, and the way ahead in cyber security is control condition security combines static defenses with engineering "knobs to turn" that challenge and thwart would be attackers, and protect accidental security compromisers from themselves. Clearly, the responsibility of corporate citizenship is heavier because of the need for cyber security aboard maritime assets. The increasing sophistication of onboard systems, ubiquitous interactive and integrated communications, the race toward vessel autonomy, and the attractiveness of maritime cyber assets to cyber attackers points to the need for a basic and uniform understanding of the cyber security environment at all levels of maritime organizations. At the core of that understanding is a reference model for understanding, measuring, and calculating cyber Risk. This paper presents the observed backdrop of maritime cyber security, a new model for understanding maritime operational technology cyber security, and a new clear and simple method for understanding, measuring, and reducing cyber security risk to enable control condition security for maritime operational technology systems.
Skip Nav Destination
Moving Maritime Cyber Security from a Defensive to a Control Condition
Paper presented at the SNAME Maritime Convention, Houston, Texas, October 2017.
Paper Number: SNAME-SMC-2017-036
Published: October 24 2017
- Share Icon Share
- Search Site
DeWitt, Cris O., and Richard Scott. "Moving Maritime Cyber Security from a Defensive to a Control Condition." Paper presented at the SNAME Maritime Convention, Houston, Texas, October 2017.
Download citation file: