The maritime industry operates in a complex and dynamic environment, increasingly dependent upon networked technology to facilitate operations. While existing domestic marine transportation security regulations are geared primarily towards physical security, the growing threat of cyberattack requires industry to take proactive and decisive steps to bolster network security. Numerous voluntary guidelines and industry best practices offer the private sector guidance to address many cyber vulnerabilities. There are so many, in fact, that one can easily become overwhelmed and confused by the sheer volume and complexity of recommended solutions. This thesis seeks to cut through the confusion to assist vessel and facility owners and operators mitigate the threat of cyberattack. It is a consolidation of proven cybersecurity standards and controls that produce tangible results, without wasting valuable resources. This thesis is not another high-level, conceptual report. Instead, it details a set of baseline cybersecurity actions that, when incorporated into the organizational governance structure, will harden network infrastructure and reduce exposure to cyber intrusions. This thesis is not meant to be a definitive reference. Instead, it is meant to be one of the first steps on the road to achieving cybersecurity and regulatory compliance.
