A Review of the Maritime Cybersecurity Regime Over the Last Decade

Abstract

This paper discusses the development of how the Maritime Cybersecurity regime has evolved over the last
decade due to new instructions, mandates, doctrine and criteria that has been established to better protect both the
traditional Internet Technology (IT) assets as well as the Industrial Control Systems (ICS). The methodology of this paper is
to layout the new regulations over the last 10 years, and to showcase how these mandates affect operational issues at sea.
The key factor, that will pervade all of the discussions of cybersecurity in the maritime domain, is the intense focus on
safety, only to be followed by availability. This is unique, as the IT sector traditionally is focused on confidentiality, but
Operational Technology (OT) or Facility Related Control Systems (FRCS) are a different set of systems, which require
continuous operation, hence the need to always be on. In addition, the author will lay out in a systematic function, all of
the new regulations in the last 10 years, why they were needed, and how did they change the training, skillsets, as well as
processes that have been implemented to ensure compliance moving forward. Peregrine Technical Solutions, LLC.
(Peregrine) is led by Dr Leigh Armistead, CISSP, who has conducted a number of maritime cybersecurity same tasks since
2014. It is a small business, based in Juneau, Alaska (US), specializing in ICS/OT/FRCS cybersecurity, where we have
successfully conducted assessments over the last decade for the US Department of Defense (DoD) as well as academia. We
are currently the prime contractor for the US Coast Guard Advanced Metering Systems, and we won an Army contract in
2023 for Facility Related Control Systems (FRCS) cybersecurity. From 2017-2021, we were the lead for the Platform
Resilience Mission Assurance (PRMA) for the DoD, plus we have the first Cybersecurity Department of Labor Registered
Apprenticeship Program (RAP) in the nation for adults (2016) /Youth Registered Apprenticeship (YRA) (2019). Dr Leigh
Armistead was a member of the NATO project, SAS-163, Energy Security in the Era of Hybrid Warfare. This paper is a series
of case studies of contracts and research efforts that Peregrine staff conducted over the last decade. It lays out a series of
scenarios, using action research, as part of a qualitative methodology, to demonstrate the changes for the maritime
community from a cybersecurity aspect. As this is a series of operational actions, there is not a literature review as such
but instead, we abide by regulations, mandates, instructions and notices that are issued by a variety of regulatory bodies
and organizations. The key participants are as follows: International Maritime Organization (IMO) – Regulatory Body.
Peregrine Technical Solutions – FRCS Cybersecurity Provider. Academic Research Fleet (ARF) – 18 Ships. National Science
Foundation (NSF) – Contract Sponsor. University of California San Diego (UCSD) – Original Organization requesting Support.
Woods Hole Observatory Institute (WHOI) – Follow-on Contract Sponsor