Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

: As technology advances and digitalization becomes more prevalent in the industry, the cyber threats to maritime systems and operations have significantly increased. The maritime sector relies heavily on interconnected networks, communication systems, and sophisticated technologies for its operations, making it an attractive target for cybercriminals, nation-states, and other threat actors. Safeguarding the maritime sector against cyber threats is crucial to ensuring the safety, integrity


Introduction
In an era where digitalization and connectivity are rapidly transforming maritime operations, the significance of cybersecurity in this domain has escalated to unprecedented levels.The maritime industry, an integral component of the global economic machinery, has witnessed a paradigm shift with the advent of sophisticated technologies.However, these advancements bring forth a spectrum of cybersecurity challenges that necessitate rigorous and strategic approaches to ensure the safety and efficiency of maritime activities.
In recent years, a series of notable incidents have highlighted the increased susceptibility of the maritime sector to cyberattacks.These include the infamous NotPetya ransomware attack on Maersk in 2017, which crippled the company's IT systems globally and resulted in financial losses of around USD 300 million [1].Likewise, the cyberattack on the International Maritime Organization (IMO) in 2020 disrupted the United Nations agency's website and intranet services [2].These incidents underline the profound implications of cyberattacks, particularly in terms of significant financial loss, disruption to operations, damage to reputation, and potential threats to safety.Such episodes have profound financial implications, and can present disruptions to operations, reputational damage, and potential threats to safety.
This study investigates the advancements in maritime cybersecurity through the National Institute of Standards and Technology's Cybersecurity Framework (NIST CSF) [3].
The evaluation of the maritime sector's cybersecurity practices, challenges, and prospects highlights the critical role of the NIST CSF, synthesizing findings from various studies to present a comprehensive understanding of the field.
Despite the maritime industry's increasing use of the NIST CSF, there is a lack of focused academic research in this area.Our study addresses this gap by leveraging the NIST CSF v2.0 [4] to pinpoint and scrutinize the sector's shortcomings.We aim to provide a detailed analysis of the maritime industry's alignment with the NIST CSF v2.0, highlighting areas for improvement and contributing to the advancement of maritime cybersecurity measures.
The structure of this paper is as follows: Section 2 provides an in-depth review of existing scholarly work related to our research area, especially within the context of the NIST CSF.The research methodology is presented in Section 3, detailing the research design, sample selection, and processes of data collection and analysis.This section also depicts and interprets the outcomes of the research methodology, providing a comprehensive representation of this study's findings.Section 4 presents an overview of the research published in the field of this review and the differences with the scope of our work.Section 5 stands as the principal component of this analysis, offering an extensive assessment of maritime cybersecurity measures aligned with the functions of the NIST CSF v2.0.Section 6 elaborates on our findings in response to the research questions and highlights substantial challenges underscored by our study, particularly within the context of targeted application of NIST CSF v2.0 in the maritime sector.Finally, Section 7 delivers a comprehensive conclusion derived from the findings.

Background: NIST CSF in the Maritime Context
The NIST CSF, first introduced in 2014 and updated to version 1.1 in 2018 [3], serves as a critical guide for organizations to strengthen their cybersecurity measures.This framework, built on a collaborative effort with industry and government input, offers a set of adaptable standards, guidelines, and best practices organized into five core functions: Identify, Protect, Detect, Respond, and Recover.These functions provide a strategic approach to managing cyber risks, allowing for customization to suit the unique needs of various sectors.The framework's flexibility facilitates customization to meet diverse organizational needs, enhancing their capabilities to prevent, detect, and respond to cyber threats.Notably, the United States Coast Guard (USCG) has recognized the CSF's value, advocating for its use within the maritime industry to navigate risks in key operations such as Maritime Bulk Liquids Transfer (MBLT), Offshore Operations, and Passenger Vessel Operations [5].
The NIST CSF v2.0, released in 2023, marks a significant evolution in the approach to cybersecurity risk management across various sectors, including the maritime industry; this updated framework extends beyond critical infrastructure, offering a universal set of guidelines to help organizations of all types mitigate cybersecurity risks [4].CSF 2.0 introduces a sixth core function, 'Govern', alongside the original five (Identify, Protect, Detect, Respond, and Recover).This addition underscores the importance of integrating cybersecurity practices with overall organizational governance to ensure that cyber risk management aligns with broader business objectives.The 'Govern' function, which encapsulates elements previously included under 'Identify' in CSF 1.1, now stands out as a distinct category, highlighting its essential role in strategic oversight, as shown in Figure 1.In addition, CSF 2.0 offers enhanced resources, including quick start guides, profiles for goal-specific guidance, and informative references or mappings to navigate NIST's extensive cybersecurity resources.These tools are invaluable for organizations, particularly in the maritime sector, as they can help in navigating the complexities of cyber threat management.By adopting CSF 2.0, entities can better identify potential risks, prioritize actions, and communicate cybersecurity concerns effectively, thereby strengthening their defenses against the evolving landscape of cyber threats.The best practices for implementing cyber risk management, as esteemed by the IMO's Interim Guidelines, are significant when coupled with the NIST CSF [6].IMO's best practices situate cybersecurity as a priority, alongside other safety risks, under the International Safety Management (ISM) Code [7].By embodying the principles of the NIST CSF and incorporating them into the IMO's industry-specific guidelines, maritime and port operations have the ability to devise robust cybersecurity strategies that counter both general and industry-specific threats.The IMO's endorsement of the NIST CSF further validates its effectiveness and suitability for the maritime sector.
In response to the increasing risk of cyber incidents in the maritime industry, the International Association of Classification Societies (IACS) has adopted two new Unified Requirements, UR E26 and UR E27, to bolster the cyber resilience of ships [8].These requirements, effective for new ships contracted as of 1 January 2024, focus on integrating cybersecurity measures throughout the design, construction, and operational phases of a vessel.UR E26 addresses the secure integration of operational and information technologies, emphasizing a ship's collective cyber resilience.UR E27, on the other hand, ensures the system integrity and security of onboard equipment, emphasizing third-party suppliers' role in cybersecurity.These steps by IACS mark a significant advancement in maritime safety, addressing the evolving digital threats in an increasingly connected maritime world.
In addition, ABS Advanced Solutions has introduced a specialized cybersecurity solution for maritime facilities regulated by the US Coast Guard (USCG) [9].This solution incorporates the NIST CSF to simplify the complex landscape of cybersecurity, covering all five functional areas of the framework.It provides a comprehensive assessment to enhance existing Facility Security Plans (FSPs), streamlining the efforts of Facility Security Officers, IT, and OT personnel.
The scarcity of existing literature and guidelines on the utilization of NIST CSF v2.0 in maritime operations, given that it has only just been released, sets the stage for a robust investigation.The eventual integration of this framework with the guidelines provided by the IMO and IACS along with the implementation of solutions by ABS Advanced Solutions underscores a strategic shift in the approach to cybersecurity in the maritime sector.These collective efforts are crucial in navigating the complex landscape of maritime cyber threats, establishing a resilient and secure maritime digital environment, and paving the way for comprehensive industry-wide adoption of the NIST CSF.

Research Methodology
A methodical examination of recent developments in the maritime cybersecurity sector is presented using the Systematic Literature Review (SLR) method.Our aim is to precisely understand these developments in light of the NIST CSF v2.0 functions.Primarily, the SLR method helps us to structure our analysis and review of related literature while following specific procedures to retain the logical integrity and academic rigor this field of study demands.This approach has led us to an encompassing review and analysis of articles studying the use of maritime cybersecurity principles, all within the ambit of NIST CSF's v2.0 functions.In doing so, we have taken an extensive look at maritime cybersecurityrelated works, thereby improving our understanding of the sector's most pressing concerns, best practices, and areas for improvement.This informative investigation contributes substantially to our knowledge base, broadening the context in which we understand and discuss maritime cybersecurity.

Research Scope, Aim, and Research Questions
Maritime cybersecurity holds paramount significance both within the maritime industry and in the global economy at large.This literature review is centered around the application of the NIST CSF v2.0 within the maritime industry, with a particular emphasis on the elements integral for effective cybersecurity.The research questions addressed in this paper, which are based on the NIST CSF, are in line with our research goal: RQ1.What are the most recent advancements in the literature on maritime cybersecurity with reference to the NIST CSF functions and their related cybersecurity categories?RQ2.How mature are the respective cybersecurity functions in the maritime domain?RQ3.Are there any identified gaps in maritime cybersecurity that necessitate attention from the scientific community?
By underscoring these aspects, we aim to assess the maturity of the NIST CSF, identify existing security gaps, and highlight potential areas for development.In addition, this review points out the scarcity of research in certain areas while advocating for further investigation and collaborative efforts within the academic community.By enhancing the understanding of the NIST CSF's implementation in maritime operations, this research seeks to strengthen the overall cybersecurity posture of the industry.

SLR Methodology
To achieve the research objectives outlined in this paper, a Systematic Literature Review (SLR) technique was utilized.The SLR method is widely applied across a range of study fields, including cybersecurity [10].The SLR methodology is recognized for its thorough, precise, and comprehensive approach, which adheres to specific processes [11].
In light of these merits, the SLR method, with emphasis on the PRISMA approach [12], was employed for this study.The goal was to incorporate all previously published literature relevant to the research question guided by an unbiased process and predefined criteria.The inherent transparency of the SLR provides a robust framework for developing a process and producing results conforming to established quality standards.
Nonetheless, it is important to note that the SLR methodology encompasses shortcomings, such as the potential omission of some published studies, as the research materials are culled from specific databases.The subsequent sections expand on the research and analysis steps undertaken in this review.These process steps encapsulate defining the research scope and outlining the research strategy.Thereafter, a preliminary screening of titles and abstracts, data extraction, and analysis and synthesis of information are used to develop the final research report.This approach ensures a comprehensive and reliable study.

Research Strategy and Eligibility Criteria
Our plan for executing the SLR encompassed the identification of data sources, the creation of a search string, and formulation of the inclusion/exclusion parameters.The hunt for published articles was undertaken within the SCOPUS database, recognized as the most exhaustive in the domain of this current study, and included a significant volume of published content.The search string designed for combing through the database was as follows: • TITLE-ABS-KEY ((Cybersecurity OR Information security) AND (Maritime OR Shipping)) This query was posed to garner results pertaining to cybersecurity in the maritime industry while including articles that address the NIST CSF.Using noteworthy specificity in the search string strengthens the effectiveness of the study, ensuring a more thorough exploration of the existing literature.This well-orchestrated approach enhances the scientific validity of the research by incorporating a comprehensive and unbiased collection of relevant academic resources.

Methodology Results
An exploration of the SCOPUS database yielded 240 publications relevant to the selected subject matter.To ensure the relevancy and specificity of our study, we thoroughly filtered the results, eliminating books, conference proceedings, and papers lacking direct pertinence to the research topic.Consequently, we drew from a consolidated total of 113 scholarly articles for our research, curating an inclusive and dynamic perspective on the evolution of trends and practices in the field of maritime cybersecurity.These publications span from 2011 to 2024, as depicted in Figure 2. The efforts of this study are accurately depicted below in Figure 3.

Related Work
Several crucial research papers were identified according to the literature review.These papers utilised literature review either as a standalone research method or in combination with other methodologies, offering valuable insights into the various dimensions of cybersecurity within the maritime industry.
Among the articles we identified in our literature review, a few stood out for their insightful application of diverse research methodologies catering to various aspects of cybersecurity in the maritime industry.The research of Androjna et al. [13] was notable for its blend of literature review and a case study, offering a deep understanding of the vulnerabilities within the Automatic Identification System (AIS).Concurrently, the literature review of Jia et al. [14], complemented by an email questionnaire, underscored the importance of staff education and secure networks in mitigating risks within the maritime sector.Further expanding on the theme of cybersecurity, the research De la Peña Zarzuelo et al. [15] highlighted the escalating prominence of cybersecurity in ports considering the developments of Industry 4.0, building on their preceding studies of ports and terminals.
Alcaide et al.'s [16] study ingeniously utilized literature review and questionnaires to highlight the prevailing knowledge and education lacunae in maritime cybersecurity.Androjna et al.'s [17] meticulous investigation of GPS-related cyber threats significantly enhances the understanding of such threats in the maritime sphere, including analysis of a global spoofing event involving the Global Navigation Satellite System (GNSS) and AIS.In addition, McGillivary et al.'s [18] comprehensive review of cybersecurity policies in the maritime sector proposes valuable enhancements, while the literature review by Meyer-Larsen et al. [19] provides crucial insights into the potential risk scenarios within Port Community Systems (PCSs).Overall, these seminal works enrich our collective understanding of maritime cybersecurity, laying crucial groundwork for subsequent research in this realm.
Hopcraft et al. [20] notably advocated for an evolved application of the NIST CSF to mitigate risks within the maritime sector.This includes formulating a classification system for cyberattacks based on their impact.This system categorizes each cyberattack by evaluating its influence on the latest techniques.The significant contributions of researchers such as Oruc et al. and Kapalidis et al. [21,22] highlight the strategic incorporation of the NIST CSF within the maritime sector.This adoption aims for a comprehensive approach that weaves cybersecurity within organizational objectives and operations.Such an approach does not solely comprise technical steps, also encompassing facets such as governance, asset management, and risk assessment.Upholding international standards such as those presented by the IMO reemphasizes the suitability of using the NIST CSF within the maritime industry.In addition, Soner et al. [23] articulately underscored the necessity for shipping corporations to embrace cyber risk management methodologies in response to the escalating sophistication of cyber threats.In mitigating these pertinent issues, the authors promoted the implementation of the NIST CSF.When amalgamated with the SOHRA human risk assessment technique, this framework demonstrates potency in risk identification, mitigation, and post-attack recovery, thereby contributing significantly to the industry's cyber resilience.Crucially, this framework offers comprehensive protection for the Automatic Identification System (AIS), an exceptionally susceptible onboard component.Violation of the AIS could precipitate severe ramifications.Their article suggests that effective use of the NIST CSF would lead to better decision-making, enhanced control measures, and improved cybersecurity, particularly in relation to the AIS.
Venturing boldly into a new territory, our research introduces the NIST CSF v2.0 to the maritime industry, emphasizing its applicability across all functional areas and identifying any remaining gaps.This exploration of all functional components of the NIST CSF v2.0 as applied to the maritime industry stands out due to an absence of similar in-depth studies.This illuminates the novel implications of our work, bridging an essential gap between the academic and industrial contexts.Despite these advancements, focused research on the NIST CSF's applicability within the maritime sector remains lacking.
Our study breaks away from this norm and uses the latest Version 2.0 of the NIST CSF as a gauge to pinpoint the maritime industry's shortcomings, thereby affirming its utility.We strive to present fresh insights to fill a noticeable void in maritime cybersecurity research and underline the crucial role of the NIST CSF's v2.0 in bolstering the sector's security stance.This marks our research as a novel contribution and vital stepping stone towards enhanced maritime cybersecurity.

NIST CSF-Based Analysis of Maritime Cybersecurity
The adoption of the NIST CSF has enabled the maritime industry to better address cybersecurity threats, enhance risk management strategies, and protect critical assets and operations [6].It provides an extensive framework that assists companies in developing robust cybersecurity solutions tailored to their particular needs, which is why the IMO recommends it [7].By aligning with the NIST CSF, the maritime industry can strengthen its cybersecurity posture and foster a more secure and resilient environment for maritime operations.
In the following sections, we examine each function of the NIST CSF v2.0 and discuss specific studies for both its functions and the categories below.In order to improve cybersecurity procedures in the maritime industry, this thorough analysis seeks to offer nuanced insights into how these roles function both independently and together.We demonstrate the importance and maturity of each function in strengthening the industry's defenses against cyber threats and identifying any gaps.

Govern
The Govern function, as outlined in the NIST CSF v2.0, is central to an organization's cybersecurity risk management strategy.This function is crucial for incorporating cybersecurity into an organization's broader enterprise risk management (ERM) strategy.
It addresses an understanding of the organizational context, establishment of a cybersecurity strategy, cybersecurity supply chain risk management, roles, responsibilities, and authorities, policy, and the oversight of cybersecurity strategy.In addition, it supports organizational risk communication with executives to foster dialogue about how cybersecurity-related uncertainties might affect the achievement of organizational objectives.The categories derived from the Govern function provide a comprehensive view of this research, and are shown in Table 1.The studies collectively advocate for an integrated risk management strategy in the supply chain, utilizing both ISO 28001 standards [37] and innovative tools for threat assessment and anomaly detection, to bolster security and resilience in the face of evolving digital threats in industries such as maritime and defense.

Organizational Context
Organizational Context in cybersecurity risk management relates to understanding the organization's specific circumstances in order to make informed cybersecurity decisions.This encompasses understanding the organization's mission, stakeholder expectations, legal and regulatory obligations, dependencies, and contractual requirements.It necessitates identifying both internal and external dependencies, clearly communicating these elements, and involving them in risk management decisions.Lastly, it involves understanding and managing the organization's legal requirements related to privacy and civil liberties in the cybersecurity context.
According to the Governance subcategory, in addressing cyber risks, comprehensive governance and risk management processes are crucial [24].In parallel, Karim et al.'s [25] article critically assesses existing IMO legal instruments regarding maritime cybersecurity, highlighting the need for comprehensive international legal reform and collaboration between state and non-state actors.Furthermore, Kaczerska et al. [26] examined the legislative measures that oversee cybersecurity and digitalization in maritime navigation, particularly in the context of ferry transportation, delving into the governance dimension.Their work addresses state, federal, and international legal requirements while highlighting the critical role that secure transactions and user experience play.Crucially, it is consistent with governance and regulatory frameworks, emphasizing how important it is to maintain cybersecurity in the ferry maritime industry.
Smith et al. [27] examined European law and how it applies to international business settings, drawing parallels with US law.The European Union has been addressing the European Security Strategy (ESS) since 2003; however, since 2016, the EU Global Strategy (EUGS) has taken center stage.This article considers legislative differences between the US and the EU when examining the prospects for security cooperation between the two continents.On the other hand, Sheng et al. [28] examined the business environment within maritime communication systems in a related article, focusing on technological aspects.Employing a cryptographic System-on-Chip (SOC) for maritime communication systems and introducing the UFBOQ (Unrolling Factor Based on Queue) algorithm, their study demonstrated the effectiveness of scalar replacement.When applied correctly, this method can provide linear speedup in the system.

Risk Management Strategy
A risk management strategy involves setting an organisation's priorities, defining its limitations, establishing its level of tolerance towards risk, and making certain assumptions.Together, these elements impact the decisions related to operational risk.In today's evolving business environment, the significance of proficient and strategic risk management is extremely crucial.A study by Jia et al. [14] revealed the importance of staff training, control of network access, and the improvement of threat detection and exclusion systems in mitigating risks.Likewise, to counter cyber threats that could jeopardize national security, Ahmed et al. [29] proposed risk-mitigating strategies such as formulating a cyberwarfare policy, creating a cyberwarfare directorate in the Nigerian Navy (NN), and training naval cyberwarriors.
Furthermore, the role of risk management in the transportation sector was explored by Abkowitz et al. [30], who designed and implemented tools for a large transportation carrier company to assess and manage risk across different geographies.Enhancing information security in maritime freight transport to address cybersecurity threats was proposed by Melnyk et al. [31].A similar focus, specifically on Autonomous Passenger Ships (APS), was discussed by Amro et al. [32], who introduced a cyber risk management approach integrating defense-in-depth with threat-informed defense.Additionally, Rajaram et al. [33] offered guidelines for cyber risk management, emphasizing the importance of risk assessment, mitigation measures, and a checklist for shipboard operational technology (OT) systems.

Cybersecurity Supply Chain Risk Management
Processes for managing cyber risks in the supply chain are pinpointed, set up, administered, observed, and continually enhanced by the stakeholders within an organization.Risk management in the supply chain, specifically applying ISO 28001 [37], was investigated by Kusrini et al. [34] at a logistics center in Indonesia.The implementation of security management through this standard helped the company avoid various kinds of risks.Further supporting the role of risk management in the maritime field, another study introduced a threat probability assessment tool [35].A different perspective on managing risks to radar systems on ships in light of emerging threats was provided by Longo et al. [36].Their study presented a detection system that provides a proactive approach to identifying anomalies in radar video feeds to form a risk management strategy.

Identify
All the components required to develop an organizational understanding of cybersecurity risk management for systems, people, assets, data, and capabilities are included in the NIST CSF's v2.0 Identify function.The Identify function's activities provide a fundamental stage for using the framework effectively.An organization can focus and prioritize its efforts in alignment with its risk management strategy and business needs by understanding the cybersecurity risks associated with the operation, the resources supporting critical functions, and the business context.Asset Management, Risk Assessment, and Improvement are the outcome categories that fall under this function.The categories that our review work found using the Identify function are shown in Table 2. Asset management serves as a vital cornerstone in ensuring cybersecurity within the maritime sector.The studies underline the significant role of industry-led initiatives and international guidelines, coupled with the adoption of advanced technologies, in managing assets effectively.Given the evolving threat landscape, the two studies advocate for a holistic approach to asset management, emphasizing the need for comprehensive strategies that interweave technology, people, and business processes, thereby fortifying the resilience of marine navigation systems against cyber threats.The increasing integration of technology in maritime operations has amplified cybersecurity threats, highlighting the exigency for specialized and continuous risk assessment.Studies encompassing ship operations, software systems, smart ports and maritime security emphasize persistent evaluation and regulatory compliance to ensure maritime safety and security.As the technological landscape evolves, continuous refinement of risk assessment methodologies remains crucial to foresee and counter potential cyber threats, thereby reinforcing maritime cybersecurity.The Improvement category, stresses the continual enhancement of cybersecurity practices.Research highlights include the exploration of Maritime Autonomous Surface Ship technologies, underscoring the need for improved decision-making systems.Importance is also placed on the regulation of autonomous systems and evolving technologies for enhanced security.Further studies focus on the defense against and mitigation of cybersecurity threats within the maritime industry, advocating for effective risk analysis and controls to bolster information protection.Collectively, these studies underline the need for continuous improvements, implementation of effective security policies and regulations, nurturing resilience, and adaptability in maritime cybersecurity in the face of emerging threats.

Asset Management
NIST CSF v2.0 defines Asset Management as referring to the process whereby assets are identified and managed, including data, hardware, software, systems, facilities, services, and personnel that are crucial for the organization to fulfill its business goals.This management is carried out in alignment with their respective significance to the organization's objectives and the organization's approach to risk management.
In the context of the maritime industry, asset management is essential to maintaining the security and integrity of navigation systems.The IMO has mandated the field of e-navigation, which requires stringent inspections to ensure adherence to pertinent laws.However, the International Association of Marine Aids to Navigation and Lighthouse Authorities (IALA) has acknowledged that some e-navigation tests might not sufficiently address cybersecurity concerns.Oruc et al. [21,38] sought to fill this void with perceptive research on bridge tests, international standards, and IMO regulations.As a result of their efforts, the Integrated Navigation System (INS) Cyber-Physical Range has been developed, with the aim of improving asset management within the context of maritime cybersecurity.This novel system integrates cutting-edge specifications meant to successfully tackle cybersecurity issues in navigation systems.Kapalidis et al. [22] highlighted the increased attack surface caused by the COVID-19 pandemic as well as the maritime sector's vulnerability to cyber threats as a result of digitalization.Their article advocates for a holistic cybersecurity approach extending beyond technology to encompass people and business processes.Their research evaluated vulnerabilities in port and ship ecosystems through a system-of-systems analysis, highlighting the need for industry-led initiatives, international organizations, and authorities to prioritize asset management, identify critical assets, and put risk mitigation strategies for improved cybersecurity resilience into place.

Risk Assessment
Risk assessment refers to the organization's understanding of the cybersecurity risk to its resources, employees, mission, functions, image, or reputation.Risk assessment is an essential first step in protecting personal information and lowering the likelihood of harm to individuals, property, other organizations, and nations.This specific investigation led to the following conclusions regarding the maritime sector.
The rapid advancements in digital technologies in maritime operations have led to increased efficiency and profitability; however, these advancements have also ushered in a host of new challenges, particularly those linked to maritime security and cyberattacks.A study by Ashraf et al. [39] examined the impact of these changes, including the influence of IoT devices and new security frameworks on confidentiality, integrity, and availability, urging the need for potent security policies and continuous maritime cybersecurity assessment.Similarly, Charitos et al. [40] addressed the susceptibility of merchant shipping to cyberattacks, particularly focusing on the threats impacting embedded technologies, and underscored the need for efficient threat management.Complementing this perspective, Lee et al. [41] presented an evaluation of security threats to maritime autonomous surface ships, further illuminating AI algorithm vulnerabilities.Bolbot et al. [42] suggested a methodology for cyber risk assessment, particularly for autonomous ships, emphasizing the need for implementing measures such as firewalls and intrusion detection systems.Concurrently, research on maritime supply chains highlights human factors and cybersecurity risk assessment methods, implying the necessity of considering human dynamics alongside technological threats in the maritime sector [43].Collectively, these studies underscore the critical importance of a comprehensive and multidimensional approach to managing the increasingly complex landscape of maritime security risks.
It is evident that effective risk assessment is a critical component of modern ship operations, requiring constant vigilance and adaptability to protect against ever-evolving cyber threats.The literature on this subject explores various aspects of risk assessment, including staff training, network control, threat detection, vulnerabilities in satellite and GPS systems, autonomous shipping, and many others.Yoo et al. [44] conducted a comprehensive study addressing the cybersecurity vulnerabilities prevalent in digitized shipping operations utilizing guidelines from the IMO [6] and ISO/IEC 27001 [72], highlighting the need for enhanced staff training and robust threat detection systems.Meanwhile, Androjna et al.'s [45] systematic review explored the widespread cyber threats encountered in shipping operations, particularly focusing on vulnerabilities in satellite and GPS systems, and emphasized the need for implementing robust strategies and technology to tackle these threats.Furthermore, Bolbot et al. [46] proposed an innovative approach to hazard identification and ranking within maritime autonomous shipping, bringing attention to cybersecurity considerations during the design phase.In addition, Melnyk et al. [47] underscored the critical importance of cybersecurity in ensuring ship and shipping safety and presented a probabilistic assessment model to identify potential cybersecurity breaches and resulting losses.Meanwhile, Soner et al. [23] conducted a quantitative human risk assessment, emphasizing the necessity for proactive actions and effective strategies to safeguard shipping assets against cyber threats while using AIS system as a specific case study.Lastly, Park et al. [48] suggested a novel risk assessment framework combining failure mode and effects analysis (FMEA) with a rule-based Bayesian network (RBN), which can serve as a useful tool for stakeholders in managing increasing cyber threats.
Software and network systems form the backbone of contemporary commercial and industrial operations, including those in the maritime industry.With technology becoming increasingly intertwined with these operations, the associated risks are rising, necessitating a comprehensive risk assessment.Eichenhofer et al.'s [49] study delved deep into the importance of ICT security in the maritime industry by evaluating software vulnerabilities in commodity systems and providing detailed insights using the First Principles Vulnerability Assessment methodology.Their analysis brings out numerous significant vulnerabilities in the code, underscoring the absolute necessity for risk assessment.Further amplifying this, Trimble et al. [50] forecast the need for risk assessment in mitigating cybersecurity risks in the maritime industry.Their study identifies certain key areas, bound by legal and statutory limitations, that require assessment, including SCADA, information technology systems, and industrial controls.The authors proposed a specific risk assessment model tailored to the maritime infrastructure, placing risk assessment at the heart of managing the software and network systems in the maritime industry.
The proliferation of technology in maritime operations has profoundly impacted ports worldwide, leading to increased efficiency and the emergence of 'smart' port operations.However, these advancements have also introduced new cyber threats, making risk assessment at ports a topic of critical importance.This is adeptly discussed by Poyhonen et al. [51], who proposed a risk assessment methodology tailored to smart port operations while shining a light on the inherent cyber threats and defensive measures in the evolving maritime environment.Similarly, Progoulakis et al. [52] underlined the emerging vulnerabilities due to the integration of IT and OT systems in global ports, championing the use of tools such as security risk assessment and bow-tie analysis to manage these cyber-physical security susceptibilities while emphasising the importance of regulatory compliance and continuous evaluation.Additionally, a research paper on the Maritime Transportation System highlights the use of empirical data and expert insights to develop a risk assessment approach, primarily focusing on understanding potential financial losses due to cyberattacks on port IT and OT systems [53].These studies indicate that assessing and managing cyber threats is a prerequisite for the seamless functioning of smart port operations.
Risk assessment methodologies and frameworks are paramount in managing and mitigating the growing cyber threats in the maritime industry.Progoulakis et al. [54] discussed the critical role of integrating IT, OT, and human factors in maritime assets, which defines cyber-physical systems.These systems face evolving cybersecurity threats and risks.The use of external security risk assessment tools, along with the implementation of models such as NIST CSF and MITRE ATT&CK, can help mitigate these risks.Improved communication, increased security resilience, and heightened cybersecurity awareness are suggested as well.Gurren et al. [55] delved into this subject by examining the vulnerabilities introduced by wireless technology, stressing the susceptibility of third-party devices and satellite communications.Their study proposes a novel attack chain, revealing potential threats in maritime cyber-physical environments.Complementing Gurren et al.'s research, Oruc et al. [56] introduced a cyber risk assessment methodology called Cyber Risk Assessment for SHips (CRASH), focusing on the cybersecurity risks posed by the integration of IT and OT systems in modern vessels.Meanwhile, Kechagias et al. [57] presented a practical case study connecting research and practice, aiming to move towards a predictive and proactive maturity level in maritime cybersecurity.Reflecting a country-specific lens, Putra et al. [58] evaluated maritime cyber threats in Indonesia using a 3D risk assessment model, highlighting the pivotal role of company procedures in cybersecurity.Illiashenko et al. [59] offered a comprehensive methodology specifically for the safety evaluation of autonomous transport systems, combining FMECA and IMECA, with an emphasis on envisioning cyberattack scenarios.In a strategic approach, Lee et al. [60] addressed the potential repercussions of a DDoS attacks on the ISO 19847:2018 [73] shipboard data server, proposing robust risk mitigation strategies.Lastly, Amro et al.
[61] introduced a hybrid approach called FMECA-ATT&CK for superior cyber risk assessment of cyber-physical systems in diverse settings.Together, these studies underscore the importance of tailored and context-specific risk assessment approaches for effectively managing cybersecurity in the maritime sector.

Improvement
The Improvement category in NIST CSF V2.0 emphasizes the refinement of an organization's cybersecurity practices.It advocates for continuous identification of improvements through evaluations, security tests and exercises, and reviews of operational processes, often in collaboration with external parties.Furthermore, it underscores the importance of proactive management of incident response plans and other operational contingencies involving cybersecurity.Through such initiatives, organizations can ensure overall resilience, cultivate a culture of continuous learning, and bolster efficiency to address emerging cyber risks.
One research item that aligns with this category involves an in-depth exploration of Maritime Autonomous Surface Ship (MASS) technologies, offering potential avenues for improvement in autonomous shipping [62].This study includes a thorough discussion of the legislative backdrop governing the acceptance of autonomous vessels, accompanied by examinations of decision-making systems and emerging proposals in this space.Additionally, the research delves into strategies for bolstering the communication systems of autonomous ships and tackling issues related to maintenance and repair.It culminates with an analysis of the potential hazards associated with autonomous ships and their respective applications.This study contributes significantly to understanding of the potential and challenges of autonomous maritime technologies and to driving improvements in response strategies in the context of maritime cybersecurity.
Several research efforts have proposed autonomous systems and cybersecurity regulations focused on the development and verification of autonomous systems, specifically within the context of STPA (Systems Theoretic Process Analysis) for system security requirements.The mechanisms detailed in this category are crucial for maintaining and utilizing processes and procedures to manage the protection of information systems and assets.Dghaym et al. [63] demonstrated the verification of autonomous systems through the use of this modelling system.Alongside this, a notable study by Shipunov et al. [64] presented a computer-assisted investigation into maritime transport based on regulations.This regulatory perspective was echoed by Karim et al. [25], who highlighted the insufficiencies of the current IMO framework in the face of increasingly sophisticated maritime cybersecurity threats.The need for updated and robust protection models in the context of shipping and ports within the "world 4.0" was emphasized by de la Peña Zarzuelo et al. [15].Furthermore, De Faria et al. [65] took a comprehensive look at maritime safety regulations and instigated important discussion about the necessity of adopting new regulations.Echoing this sentiment, Hopcraft et al. [66] argued for the swift creation of cybersecurity regulations by the IMO and its members.The theme of technological advancement continues with Belev et al. [67], who discussed the impact of the fourth industrial revolution on shipping, including consideration of automated ships and IoT integration for navigation safety.As demonstrated in these research efforts, identifying and addressing the multifaceted aspects of autonomous systems and cybersecurity regulations is imperative in order to create advanced security requirements, swift cybersecurity regulations, and proactive protection models.
Certain articles focus on the various threats and protection processes associated with cyber systems in the maritime industry.This theme is evident in Longo et al.'s [68] work within the open-source MaCySTe project, where emphasis is placed on realistic testing to strengthen information protection processes.Similarly, security issues surrounding data transmission on ships were analyzed by McGillivary [18], highlighting the potential negative impact on environmental conservation when crucial data cannot be shared.Of notable mention is the work of Caprolu et al. [69], wh discussed the importance of cybersecurity in mitigating attacks and threats in the maritime industry, with a special focus on risk analysis and technical controls.Furthermore, Hopcraft et al. [20] took this a step further by suggesting the application of the NIST CSF for risk aversion and a classification scheme for cyberattacks while taking into account their impact.Cyberattacks were classified and quantified in terms of their impact on state-of-the-art techniques, with special attention paid to vulnerabilities in the Global Navigation Satellite System (GNSS), as there have been several cyberattacks on these systems [70].The examination of standards applied in the maritime industry for cybersecurity was brought up by Avanesova et al. [71].Finally, the work of Ashraf et al. [39] addressed the escalating cyber threats in the maritime industry and proposed guidelines for implementing effective security policies.The literature underscores the imperative of enhanced protective measures, fortified defenses, and effective mitigation strategies against cyber threats.Consequently, ongoing research and iterative refinement of cybersecurity measures are essential in order to maintain the maritime industry's resilience and sustainability.

Protect
The Protect function is crucial in terms of implementing necessary safeguards to guarantee the delivery of vital services.This function plays a pivotal role in minimizing or controlling the effects of potential cybersecurity incidents.Categories encompassed by this function include identity management, authentication and access control, awareness and training, data security, platform security, and technological infrastructure resilience.These areas, all of which are under extensive investigation by the scientific community, are presented below in Table 3.The ensuing information has been curated and reformulated in compliance with the guidelines from the NIST CSF v2.0.The reviewed literature highlights the crucial role of robust data security measures in the increasingly digital and interconnected maritime domain.Key findings include the importance of applying technologies like AI and blockchain, using secure protocols, and maintaining ethical standards in cybersecurity research to protect shipboard data, secure communication systems, and ensure the integrity of navigation data.This underscores the urgent need to safeguard maritime systems and data from cyber threats, focusing on comprehensive and proactive approaches to bolster the resilience and security of maritime operations.The Platform Security category focuses on aligning the management of an organization's hardware, software, and services with its risk strategy.It highlights the importance of proper configuration management and secure software development to protect the integrity, availability, and confidentiality of platforms.This is crucial for enhancing maritime cybersecurity, including the protection of AIS systems and maritime operations.By adopting advanced algorithms and preventive measures for better decision-making and collision avoidance, organizations can boost their cybersecurity resilience and create a safer digital space.Our research underscores the critical role of Technology Infrastructure Resilience in safeguarding an organization's tech assets.This includes cybersecurity for ports and autonomous maritime vehicles, utilizing tools like blockchain, cyber-attack simulations, and image encryption for protection.Advancements in cloud computing, 5G, and open-source contribute to data security and service excellence.

Technology
To counter cyber threats, risk management, updating legacy systems, and reliable communication are essential for continuous operations.Effective technology infrastructure management is key to bolstering maritime defenses and resilience in a dynamic digital landscape.

Identity Management, Authentication, and Access Control
The category of identity management, authentication, and access control within the NIST CSF v2.0 specifically addresses the idea that access to physical and logical assets, along with any associated facilities, should be limited to authorized users, processes, and devices.This limitation is meticulously managed in accordance with the assessed risk of unauthorized access to authorized activities and transactions.
Aksentijevic et al. [74] developed ARIS Express 2.4 software, a modelling tool designed to establish an economically viable seaport security management system.This system is based on two pillars, namely, the Main Process and Supporting Process.The Main Process is informed by the previous experiences of the management, legal compliance requirements, minimum certification system requirements, and potential losses (including informational and financial aspects), as well as subjective factors.The Supporting Process is centered around risk assessment, quantification of the financial ramifications of risk mitigation, and risk treatment via selected mitigation measures.In a separate study, Edwards et al. [75] introduced a unique multi-factor authentication mechanism designed for maritime systems.Their system uses multiple databases and an external USB device to improve security.It houses fragmented user keys in separate groups, delivering robust four-factor authentication while maintaining user accessibility.This approach aligns well with the strategies proposed for access control measures under the NIST CSF.

Awareness and Training
As defined by the NIST CSF v2.0, the awareness and training category stipulates that an organization's personnel and partners should be provided with cybersecurity education to enhance awareness of their cybersecurity-related duties and responsibilities while ensuring alignment with the relevant policies, procedures, and agreements.In the realm of research, this category has primarily centered on addressing the vulnerabilities associated with the human factor in the cybersecurity equation.
The scholarly emphasis on education demonstrates its central role in advancing cybersecurity culture.As posited by Senarak, an elevated cybersecurity culture is principally achievable through enhanced education [76].Reinforcing this argument, Hopcraft et al. [20] elucidated the correlation between education and maritime safety, proposing a solution for developing maritime digital competencies based on the NIST CSF.Alcaide et al. [16] painted a picture of the current state of the maritime sector, highlighting its significant lack of comprehensive cybersecurity knowledge.They argued that there is an immediate need for extensive training spanning the entire industry, from ports and supply chains to interfaces.Echoing this sentiment, Koola et al. [77] offered an innovative approach for promoting cybersecurity.They provided in-depth yet easily understandable information to shipping experts, facilitating a better understanding and approach to safety among average users.Taking a human-centered approach, Kayisoglu et al. [78] focused on the responsibilities of navigation officers in ensuring the cybersecurity of the Electronic Chart Display and Information System (ECDIS).Their research unveiled the likelihood of human error during tasks and underscored the importance of considering behavioral and cultural nuances in the maritime realm.Bacasdoon et al.'s [79] research accentuated the importance of embedding cybersecurity knowledge in maritime educational curricula in response to the mounting concern of cyberattacks in the maritime sector.They proposed a "lantern" framework to aid course designers in developing comprehensive cybersecurity courses and setting minimum standards for maritime education and training.In their response to maritime cyber threats, Longo et al. [68] introduced MaCySTe, an open-source project that emphasizes realistic training, to raise awareness and build resilience among maritime operators.Meanwhile, Raimondi et al. [80] utilized the NICE framework to craft the profile of a Security Operation Centre (SOC) operator in the maritime domain.They proposed a practical training program specifically tailored for maritime SOC operators to enhance cybersecurity awareness and training in the maritime sector.

Data Security
The NIST CSF's v2.0 data security category underscores the necessity of protective measures to maintain the confidentiality, integrity, and accessibility of data.This is achieved through the application of various controls, such as access restrictions, cryptographic techniques, and data backup procedures, designed to fend off unauthorised access, unintended alterations, or unintentional data loss.The primary goal is to erect robust defences that ensure the enduring security and resiliency of an organisation's data amidst potential cybersecurity threats and risks.
Consolidating the articles within the purview of maritime and data security, we find several compelling themes and methodologies for mitigating cyber threats.Lee et al. [60] proposed an MQTT protocol-based method to protect shipboard data servers by controlling message frequency, which consequently reduces the threat of DDoS attacks.Yoo et al. [81] focused on AI technology's cybersecurity implications in the context of autonomous ships, applying the SQUARE methodology to identify vulnerabilities and envisage cyberattack scenarios.In a similar vein, Söner et al. [82] delved into the variety of challenges that come with securing the maritime environment.Söner et al. identified cybersecurity concerns for voyage data recorders (VDRs) on ships, which are crucial for accident investigation.Using failure mode and effects analysis (FMEA), they identified vulnerabilities and potential cyber threats such as false information and command injection.In response to these threats, their research proposed detailed preventative measures to enhance VDR cybersecurity, contributing significantly to ship safety management systems.Meanwhile, Oruc et al. [83] emphasized ethical considerations in maritime cybersecurity research.Their article explored six ethical principles and four categories of ethical dilemmas that may arise in this domain, providing specific examples and guidelines that can guide researchers in maintaining data security while adhering to ethical research practices in the maritime cybersecurity sector.This research underscores the necessity of balancing robust cybersecurity measures with ethical considerations in the pursuit of secure maritime operations.Wang et al. [84] presented a secure offloading scheme to optimize power allocation within the Space-Air-Aqua Integrated Network (SAAIN), yielding minimal offloading delay and improved data security.Ilcev et al.'s [85] research delineated software-enhanced control within the Global Maritime Distress and Safety System (GMDSS), upscaling information processing security in maritime communication systems.
Exploring the role of blockchain technology in maritime cybersecurity, Freire et al. [86] suggested its application within maritime monitoring systems to protect navigation data and ensure data integrity.Similarly, Lingtong Min et al. [87] proposed secure rate-splitting multiple access (RSMA) cooperation within maritime cognitive unmanned aerial vehicle (UAV) networks to enhance data security while optimizing transmission rates.
Focusing on the vulnerabilities of existing maritime communication systems, Khandker et al. [88] highlighted the lack of authentication and encryption within the Automatic Identification System (AIS), advocating for improved data security.Shyshkin et al. [89] proposed an innovative combination of Message Authentication Code (MAC) and digital watermarking to validate AIS messages.
Arumugam et al. and Yang et al. [90,91] both recognized the centrality of secure data transfer in maritime operations.Arumugam et al. [90] focused on safeguarding data in maritime vessel networks while discussing the use of sensors to collect navigational information, IoT for transmitting data to the cloud, and a 64-bit two-fish algorithm for key management.The goal was to ensure safe data transit for efficient information transport.In a similar vein, Yang et al. [91] emphasized the critical need for reliable information transmission in the Maritime Transportation System (MTS).They proposed an IoT-enabled communication system integrated with blockchain technology, which was specifically designed to enhance data security and transaction integrity within the maritime context.Acknowledging the rising risk of cyberattacks, Rath et al. [92] focused on the vulnerabilities of shipboard power systems, underscoring the need for robust data security measures to safeguard vital information.
Recognizing the essential role of data transmission security in the IoUT, Ravi et al. [93] emphasized the need for robust encrypted color images to ensure data integrity and confidentiality.Similarly, Wolsing et al. [94] addressed the increased risk of cyberattacks on digital shipboard marine radar systems, prompting the need to protect sensitive information in the maritime context.Lastly, Onishchenko et al.'s [95] research highlighted the need for encrypted data in ship information systems (SISs) to enhance the security of confidential data and mitigate cyber threats in the face of the COVID-19 pandemic.These consolidated articles underline the imperative of data security as the maritime domain grows increasingly digital, interconnected, and consequently vulnerable.

Platform Security
The platform security category focuses on managing hardware, software, and services in harmony with an organization's risk strategy.As indicated by the NIST CSF v2.0, it encompasses the application of configuration management practices, preventive measures against unauthorized software, and the integration of secure software development practices.The aim is to maintain the integrity, confidentiality, and availability of both virtual and physical platforms, resulting in a more resilient and reliable cybersecurity environment.In the realm of Automatic Identification Systems (AIS) and radar technologies, several studies have been carried out.Leite Junior et al. [96] proposed a mechanism for the protection of AIS and radar systems on ships to deter cyber threats.Meanwhile, Khandker et al. [88] identified vulnerabilities in AIS systems and introduced methods to combat these using RF from Software-Defined Radio (SDR).Aziz et al. [97] made significant contributions by proposing SecureAIS, a key agreement scheme designed to enhance the efficiency and security within AIS systems.The significance of security protocols and algorithms in enhancing maritime cybersecurity has been highlighted in several studies.For instance, Shipunov et al. [64,98] introduced two distinct algorithms aimed at enhancing protective mechanisms in maritime systems.One of these algorithms leverages the principles of forensic science for incident detection, while the other ensures the secure transmission of data to safeguard against potential cyber threats.In a different vein, Koola et al.'s [77] research adopted a systems perspective on cybersecurity management in cyberspace, indicating a more comprehensive approach towards mitigating digital threats.Additionally, Akdag et al. [99] proposed an innovative algorithm designed for deployment in ship position monitoring systems, anticipating that their algorithm could enhance decision-making processes and improve collision avoidance among vessels, thereby contributing to safer and more secure maritime operations.

Technology Infrastructure Resilience
Technology infrastructure resilience, as defined by the NIST CSF v2.0, aims to fortify the security of an organization's technology assets and networks.It emphasizes the implementation of stringent measures to safeguard against unauthorized logical access, unapproved usage, and environmental threats.These safeguards underline the balance of maintaining confidentiality, integrity, and availability of assets, in tune with the organization's risk strategy.Moreover, resilience measures are established to ensure the organization's operations can continue unimpeded even in adverse situations or events.By following these guidelines, organizations can develop a resilient technology infrastructure capable of weathering a variety of cyber threats and challenges.
The need for advanced cybersecurity in ports is gaining momentum in the maritime sector.Canepa et al. [100] devised a simulation platform called CR CyberMar specifically designed to conduct practical and highly realistic cyberattack training for both port and ship systems.Further emphasizing cybersecurity in port operations, Meyer-Larsen et al. [19] highlighted the substantial threats that cyberattacks present to the sustainability of global maritime supply chains.They proposed a system built around blockchain technology to counteract these threats.Adding another dimension to the discourse on ports and cybersecurity, Wiseman et al. [101] introduced an innovative system for exchanging encrypted information through modified images.They first eliminated redundant data from the image in order to retain the core information without any visible corruption.This pruned image was subsequently used to transmit confidential information through an encryption process, thereby strengthening the cyberdefence mechanisms in maritime communications.Transitioning to emerging technologies in maritime protection, Lin et al. [102] suggested an information retrieval system underpinned by cloud computing technology catering to boats and on-shore systems.Carter et al. [103] proposed the integration of fog cloud computing and space information networks to enhance information network's security.Longo et al. [68] introduced an open-source initiative named MaCySTe to counter cyber threats in the maritime sector.Other researchers, including Freire et al. and Vangala et al. [86,104], have explored the applications of blockchain and 5G technology in maintaining data security and improving quality of service in maritime systems using HyperLedger Fabric.A prototype demonstrated its effectiveness in ensuring data security and quality of service (QoS) in a nation-scale MMS, contributing to protective technologies in maritime cybersecurity.
Autonomous vehicles are another potent area for exploration, with one study developing a blockchain-based system to improve security in Maritime Autonomous Surface Ships (MASS) [105].Li et al. [106] discussed confidentiality, availability, and completeness in Autonomous Navigation technologies.Meanwhile, Solnor et al. [107] proposed a cryptography algorithm to safeguard intravehicular communication within Unmanned Surface Vehicles (USVs) from attacks.
When it comes to cyber risk management and training, Antonopoulos et al. [108] have emphasized the role of effective risk management and launched a prediction engine to support maritime cybersecurity personnel.Gurren et al.'s [55] study also focused on the importance of integrating risk assessment methodologies with protective technologies.
From the perspective of the maritime industry, Maeder et al. [109] detailed the use of legacy applications and port community systems to manage processes, emphasizing the importance of enhancing data exchange integrity to mitigate risks from potential threats.They aimed to implement specifications to safeguard these software systems, particularly for a typical container ship, in a bid to minimize the risk of attacks.On the other hand, Kechagias et al. [57] examined the cybersecurity measures of a company in real time, outlining the company's procedures and protective technology.They concluded that the company had the capability to withstand a large-scale cyberattack.Although their contexts differ, both of these studies highlight the crucial role of protective technologies in ensuring the integrity and security of data exchange, demonstrating the pivotal measures that should be implemented for successful threat mitigation in the digital era.
Lastly, in the context of protecting communication systems, Ruhland et al. [110] introduced MARMAC, a cost-effective method for retrofitting and protecting nautical communication systems.On the other hand, Le et al. [111] combined blockchain with electronic seals (e-seals) to enhance data security and traceability during port terminal operations.Not to be left out, Yang et al. [91] proposed an IoT-powered system focusing on maritime transport communication systems to promote network security, reliability, and efficiency.

Detect
The Detect function from NIST CSF v2.0 plays a crucial role.In NIST CSF v2.0, the Detect function refers to the methods and capabilities an organization employs to identify and recognize the occurrence of a cybersecurity event in a timely manner.This involves continuously monitoring systems, networks, and other resources to spot abnormal activities or deviations from typical patterns that may signify a security threat.The primary goal of the Detect function is to ensure swift discovery of potential threats, allowing for immediate response and mitigation to minimize any adverse impact.Delineating this further, Table 4 provides a detailed breakdown of critical categories within the Detect function, substantiating its crucial role and the imperative need for continual research and advancements in this area.The Adverse Event Analysis category is key to managing cybersecurity risks in the maritime sector, focusing on detecting and responding to unusual activities indicative of threats.Research explores system vulnerabilities, including shipboard power, maritime radar, autonomous ships, and IoT.Findings highlight the need for cybersecurity training, securing communication systems, and leveraging technologies like 5G.Innovations such as genetic algorithm-based ANN classifiers and CNN-MLP intrusion detection systems, along with machine learning, are critical for improving threat detection.With the maritime industry's growing complexity, continuous research and vigilance in anomaly detection are essential for strong cybersecurity.

Continuous Monitoring
Continuous monitoring, as defined by the NIST CSF v2.0, is crucial for observing both physical and digital assets for any abnormalities, indicators of compromise, or other potentially adversarial events.Regular monitoring of networks, physical environments, personnel activities, and technology usage are paramount for timely detection of adverse events.Moreover, keeping tabs on the activities and services rendered by external service providers can further aid in identifying any untoward activities.Finally, diligent monitoring of computing hardware, software, runtime environments, and their data can provide early detection of potentially harmful events, reinforcing the cybersecurity defenses of the organization and contributing to its overall resilience.The culmination of these efforts in the maritime sector can vastly improve maritime security, again emphasizing the crucial role of ongoing detection processes.
In the context of continuous monitoring, understanding the mode of operation of cybersecurity threat actors is paramount.Cichocki et al. [112] meticulously explored this avenue, offering an analytical perspective on the cybersecurity threat landscape and homing in on the maritime industry and transportation systems.They dissected the techniques, tactics, and procedures (TTPs) employed by various threat entities, including Bear, Panda, and Buffalo, among others.This piece of research aligns cohesively with the principles of continuous security monitoring, which emphasize regular surveillance, analysis, and appraisal of the evolving cybersecurity threats to maritime domains.
Continuous monitoring emphasizes the need to maintain an ongoing watchful eye over systems in order to rapidly identify anomalies or unusual activities.In the context of the maritime sector, this has additional layers of complexity due to the multifaceted and highly sophisticated technologies employed.Several of these critical technologies harbor vulnerabilities that can potentially impact maritime security, including the Automatic Identification System (AIS) and the Global Navigation Satellite System (GNSS).Androjna et al. [13] have outlined several vulnerabilities inherent in these systems, importantly stressing issues pertaining to tampering and reliability.If these systems are compromised, it could lead to a chain of repercussions affecting the entire organization, further emphasizing the urgent need for robust detection processes.
Moreover, the authors emphasized the importance of conducting frequent penetration tests to monitor the operation and ensure the reliability, resilience, and confidentiality of these critical technologies.Their research underlines the role of the human factor in understanding the vulnerabilities associated with these navigation systems.They provide crucial directions for enhancing the implementation procedures and system usage, helping to improve overall maritime security [17].
Furthermore, amid escalating demands for goods, the next-generation ports need to proactively address efficiency and security challenges.A recent study by Yigit et al. [113] highlighted the increased focus on cybersecurity in seaports.They proposed the utilization of digital twin (DT) technology to augment virtual honeypots for external attacks, and introduced an intelligent mechanism for detecting internal attacks in smart seaports.
Part of continuous monitoring entails surveillance of key components of maritime operations such as radar systems.Longo et al. [36] underscored the vital role that radar systems play in modern maritime navigation.They unravelled potential threats that compromise data integrity while introducing a novel system crafted to monitor anomalies in the radar video feed in real-time.This work mirrors the essence of continuous monitoring in its strategy to combat cyber threats, emphasizing the importance of constant vigilance and robust detection mechanisms for maritime security.In another article, continuous security monitoring was been instrumental in fostering the development of innovative detection systems.Supporting of this claim, Gyamfi et al. [114] presented a meticulous framework for a Network Attack Detection System (NADS).Ingeniously incorporating adaptive machine learning within a multi-access edge computing platform, the proposed system offers a new form of continuous monitoring by dynamically detecting cyber threats in Maritime Transportation Systems (MTS).
Simultaneously, research by Guo et al. [115] underscores the valuable role played by real-time risk detection methods in continuous security monitoring.Their study proposes a groundbreaking approach to bring cloud computing into the mix of threat detection.Implementing multi-sensor nodes in tandem with a unique self-execution protection strategy, their methodology demonstrates notable improvements in virus intrusion detection and defense rates.This success story attests to the potency of such a cloud computing-oriented approach in enhancing the security realm of intelligent ship networks.Last but not least, the work by Harris et al. [116] throws light on the significant challenges and vulnerabilities that can compromise the readiness of maritime entities against cyberwarfare, particularly focusing on the context of the United States.Their clarion call for continued research in this field underscores the real-world implications of cybersecurity threats in the maritime realm, indicating the urgency and importance of continuous improvements in security monitoring mechanisms.

Adverse Event Analysis
The adverse event analysis category under the NIST CSF v2.0 plays a critical role in identifying, managing, and mitigating cybersecurity risks in various sectors, including the maritime sector.This category focuses on detecting unusual activity that could potentially signify a cybersecurity threat within a system or network.Considering the maritime industry's heavy reliance on technology and interconnected systems, applying the principles of this category to detect irregularities and events is crucial.
Research on maritime cybersecurity is diverse, addressing various vulnerabilities and providing innovative solutions.Heering et al. [117] investigated anomalies related to Estonian shipowners, emphasizing the need for better staff education on cybersecurity.Meanwhile, other researchers such as Billard et al. [118] have focused on Programmable Logic Controller (PLC) and SCADA system vulnerabilities, revealing the challenges in investigating onboard system security.Another important area of research includes the vulnerabilities brought about by autonomous ships and IoT systems.In this context, Mileski et al. [119] revealed weaknesses in the Automatic Identification System (AIS) at Huston port.
Research on ways to fortify communication systems has been pivotal as well.Caprolu, M. et al. [69] exposed the major weaknesses in maritime communication systems and proposed solutions based on the MITRE ATT&CK framework.
Similarly, Hadjidimitriou et al. [120] highlighted the potential of 5G technology in bolstering cy-bersecurity in the maritime sector.To tackle emerging threats, a systematic approach to analyzing NMEA navigation messages was proposed that aimed to develop an NMEA intrusion detection system [121].
Optimizing data flows and handling anomalies in maritime vessel systems has been another focus.Arumugam et al. [90] introduced a genetic algorithm-based ANN classifier (GA-ANN) for this purpose.Underscoring the threat of rootkit attack variants, research by Rath et al. [92] shed light on the need for vigilance in monitoring shipboard power systems.Leveraging machine learning, Wolsing et al. and Lofu et al. [94,122] respectively highlighted the importance of early detection and identification of potential anomalous activities in radar communication and drones in critical infrastructure.
Furthermore, addressing the challenge of malicious web shells in Maritime Intelligent Transport Systems (MITS), Le et al. [123] proposed a high-accuracy hybrid detection method.Together, these research efforts represent substantial progress in enhancing maritime cybersecurity, establishing a strong foundation for future research and policy-making.
Additionally, comprehensive research conducted by Liu et al. [124] addressed cybersecurity threats in the Maritime Transportation Systems (MTS) stemming from IoT data processing.They proposed an Intrusion Detection System (IDS) model based on a Convolutional Neural Network-Multilayer Perception (CNN-MLP) trained through federated learning, thereby reinforcing detection processes without compromising privacy.

Respond
The Respond function forms a crucial part of the NIST CSF v2.0, and is designed to outline the proper activities and actions that an organization should take in the event of a detected cybersecurity incident.It strengthens an organization's ability to confine and curtail the scope of potential cybersecurity dangers.Crucial outcome categories encompassed within this function include incident management, incident analysis, incident response reporting and communication, and incident mitigation.A detailed breakdown of the critical components within the Respond function based on an extensive review of the literature is outlined in the subsequent Table 5.This illuminates both the vital role each component plays in incident response and the necessity of continued research and development in these areas.Incident analysis is key for cybersecurity.It shapes response tactics, aids recovery, and improves security practices.Deep analysis clarifies complexities, underscores the need for robust information security, and highlights cyber-physical system safety.Across various domains, detailed analysis is vital for managing and reducing cyber incidents.

Incident Management
According to the NIST CSF v2.0, incident management outlines the systematic process of detecting, triaging, categorizing, escalating, and responding to cybersecurity incidents while coordinating with third parties and initiating incident recovery as needed.
In alignment with this category, Bernal et al. [125] explored the cybersecurity threats faced by the Colombian government.Their research introduced the MS-CSIRT (Management System Computer Security Incident Response Teams) methodology.This unifying approach aligns various CSIRT guidelines towards a consolidated communication command in cybersecurity, effectively surveilling Information Technology (IT), Technological Operations (TO), Internet Connection Sharing (ICS), and Internet of Things (IoT) infrastructures.MS-CSIRT has found applications across various sectors, including ICS, IoT, gas and energy, mining, maritime, agro-industrial, and more.Subsequently, Onishchenko et al. [95] shed light on the struggles caused by lack of understanding of new technologies, particularly on the part of ship personnel.To address this, they introduce a response plan enabling risk identification and assessment, system vulnerability recognition, and enhancing the confidentiality of data.Their study included the development of a data exchange protocol along with an algorithm, named CLion, for detecting encrypted keywords in messages, targeting data secured in Ship Information Systems (SIS) and shipping company information systems within a software environment.On a similar note, Onishchenko et al. [95] offered an elementary response plan aimed at fortifying ship control systems, promoting their continuous updating considering real-time ship system situations, crew performance analysis, and emerging cyber threats.This approach underlines the adaptability of plans in response to changing contexts and establishes a theoretical groundwork for encrypted data search engines, ultimately enhancing data security in ship information networks.Lastly, a study by Rath et al. [92] put forward the importance of all-encompassing response planning, specifically in safeguarding Medium Voltage DC (MVDC) shipboard microgrids from cyber threats.This research emphasizes the essential role that evasion, detection, and deception frameworks play as preemptive defense mechanisms, strengthening the resilience of responses to potential attacks.

Incident Analysis
Incident analysis is the crucial process of examining cybersecurity incidents to inform response activities and support recovery operations.Through systematic analysis, organizations can extract valuable lessons to enhance their overall cybersecurity posture and responsiveness to future incidents.This process is instrumental in minimizing adverse effects, ensuring rapid system recovery, preserving data integrity, and maintaining organizational resilience in the face of escalating and evolving cyber threats.
One study that epitomizes this category is the work by Pirbhulal et al. [126].Their paper presents a detailed examination of the RAMS (Reliability, Availability, Maintainability and Safety/security) analysis of critical infrastructures and the development of relevant techniques, methodologies, protocols, models, and tools.It highlights a comparative assessment of existing solutions in the domains of power grid station applications, cyber-physical systems, cloud computing, shipping transportation, and industrial control systems.Apart from this, the paper by Wang et al. [127] underscores the intricate relationship between internal information security, response costs, and security intentions within a shipping company.Their findings illuminate the positive impact of information security marketing on overall information security and how awareness is significantly influenced by relationships between marketing, response costs, and security intentions.Effective information security can help in mitigating response costs and enhancing security intentions.Furthermore, Carreras Guzman et al. [128] presented a rich insight into cybersecurity physical systems, specifically, their basic characteristics and relationships with other systems, the dependency between automation levels and human roles, and the implementation of systems for a combination of security and safety.They notably extended the application of their analysis to the maritime industry.

Recover
In order to maintain resilience planning and restore any services or capabilities that have been impeded by a cybersecurity incident, recovery requires developing and implementing the appropriate measures.The Recover function lessens the impact of a cybersecurity incident and facilitates a timely return to normal operations.The subcategories in this function consist of incident recovery plan execution and incident recovery communication.Table 6 provides a comprehensive illustration of the Recover function as per our findings.

Incident Recovery Plan Execution
The NIST CSF's v2.0 incident recovery plan execution category covers the implementation and upkeep of recovery protocols.Ensuring the prompt restoration of assets or systems that may have been impacted or compromised by cybersecurity incidents is the main goal.In order to minimize the effects of incidents and enable a prompt return to regular operations, this entails using a methodical approach to recover infrastructure, data, and critical functionalities.
The literature on recovery planning underscores the significance of implementing effective processes and procedures to restore systems and assets impacted by cybersecurity incidents.Weaver et al. [53] conducted a notable study assessing the effects of a cyberattack on the Maritime Transportation System (MTS).Their research examined the consequences of the attack while detailing recovery actions, involving a reshaping of resource allocation and movement security plans for vehicles, personnel, and missions.Introducing the Dynamic Discretization Discovery (DDD) algorithm for the Disrupted Capacitated Continuous Time Network Design Problem (DC-CTSNDP), this study enhances existing approaches, aiming for optimal solutions with minimal losses.
In a complementary study, Koola et al. [77] delved into an overall recovery strategy, introducing three key parameters (Detect, Isolate, and Recover) aligned with standard antivirus software practices.Their research emphasized the challenges associated with recovering lost data and explored the potential of emerging technologies for facilitating improved data analysis, particularly through the creation of action history graphs.
When taken as a whole, these studies offer insightful information that is helpful in creating strategies and plans for effective recovery.Although Koola et al.'s [77] emphasis on overall recovery strategies and the difficulties associated with data recovery sheds light on the complex aspects of cybersecurity incident recovery, Weaver et al.'s [53] optimization algorithm helps to tackle the nuances of resource allocation.When combined, these viewpoints offer a thorough outlook that can help organizations to improve their cybersecurity resilience.

Discussion
The integration of the NIST CSF into maritime operations has revealed a multifaceted and intricate landscape of cybersecurity challenges and solutions.The research literature demonstrates a concerted effort on the part of the maritime sector to adapt and align with the evolving cybersecurity landscape, marked by a diverse range of approaches spanning various aspects of the NIST CSF, from the identification of threats to recovery planning.Our review of 119 recent literature articles revealed that only four papers [20][21][22][23] explicitly addressed the NIST CSF domain.Despite appearing 136 times across various functional areas spanning diverse discussion topics, none of the papers made reference to or were centred around the newest version, the NIST CSF v2.0, which could be due to the recentness of its publication.
According to the NIST CSF v2.0, as categorized in Table 7 below, our study provides an insightful approach to understanding its integration into maritime operations while answering research questions RQ1, RQ2, and RQ3.RQ1.What are the most recent advancements in the literature on maritime cybersecurity with reference to the NIST CSF functions and their related cybersecurity categories?
Recent advancements in maritime cybersecurity literature, as aligned with the NIST CSF Functions, include: • Govern Function: There has been a focus on 'Organizational Context' [24][25][26][27][28] and 'Risk Management Strategy' [14, [29][30][31][32][33], with several articles addressing these areas.This indicates progress in the understanding and implementation of cybersecurity within the organizational frameworks and risk management processes of maritime operations.• Cybersecurity Supply Chain Risk Management: Although there are gaps, the literature has begun to address the importance of cybersecurity in the maritime supply chain [34][35][36].Considering the interconnected nature of global supply chains, advancements in this area are critical for mitigating the potential widespread impact of cybersecurity breaches.The research aims to develop a proactive approach to cybersecurity in the maritime industry, anticipating future developments and challenges.This strategic focus is expected to contribute to the maturity of maritime cybersecurity and lead to the development of advanced measures to protect against cyber threats.
These advancements reflect a growing alignment with the NIST CSF and a concerted effort to address the dynamic cybersecurity challenges within the maritime industry.
The literature suggests that while there are areas of progress, there is also a need for ongoing research and development to further enhance the cybersecurity posture of maritime operations.RQ2.How mature are the respective cybersecurity functions in the maritime domain?
The maturity of the NIST CSF v2.0 in maritime operations has yet to fully evolve.While areas involving the Govern, Identify, and Protect functions have received considerable coverage in the literature, there are significant gaps, particularly with respect to the Respond and Recover functions, particularly the incident response reporting and communication, incident mitigation, and incident recovery communication processes.Furthermore, only three articles were found on cybersecurity for maritime supply chains [34][35][36], a particularly critical area; this lack of comprehensive coverage implies a need for further research to reinforce maritime cybersecurity, especially in the context of response and recovery strategies.Overall, while the maritime sector has made strides in aligning with NIST CSF v2.0, as shown in the study, there remains room for maturity and advancement.RQ3.Are there any identified gaps in maritime cybersecurity that necessitate attention from the scientific community?In light of the data presented in Table 7 below, further research is required to address a number of observed gaps, particularly within the Govern, Respond, and Recover functions of the NIST CSF v2.0.Notably, within the Govern function, there is a lack of research on the categories of roles, responsibilities, and authorities, policy, and oversight, all of which are essential for establishing a clear governance structure for cybersecurity in maritime operations.Moreover, the category of cybersecurity supply chain risk management is particularly crucial in the maritime industry in light of the interconnected nature of global supply chains.Cybersecurity breaches could potentially disrupt not only a single ship or company, but ripple through the entire network, causing widespread damage.A gap in the literature on this area suggests an urgent need for research into strategies, protocols, and frameworks that specifically address cybersecurity risks in maritime supply chains.Furthermore, the Respond function reveals gaps in incident response reporting and communication as well as incident mitigation, both of which are critical areas for effectively managing the impact of cybersecurity incidents.The research indicates another significant shortfall in the Recover function, particularly in incident recovery communication, which is vital for coordinating cohesive post-incident recovery efforts.This gap points to the need for research into communication protocols and strategies that can aid in swift and efficient recovery from cybersecurity breaches in the maritime context.By addressing these research gaps, the maritime sector could potentially achieve a more robust and comprehensive approach to cybersecurity.

Conclusions
The comprehensive review of literature and analysis conducted in this research provides a critical examination of maritime cybersecurity through the framework of the NIST CSF v2.0, revealing significant gaps in the academic and industry-specific literature within this domain.Despite the framework's potential for broad industry application, its use in maritime cybersecurity remains under development, with sparse examples of its practical implementation.
The need for in-depth academic research to address the implementation gaps of the NIST CSF v2.0 in maritime cybersecurity is clear.To bridge these gaps, targeted educational initiatives are essential in order to enhance maritime professionals' understanding of the NIST CSF v2.0 while promoting its adoption across operational and strategic levels.Furthermore, collaborative efforts between academia, industry, and regulatory bodies are critical to assess the framework's practical benefits and integration.Additionally, longitudinal studies across the industry are vital for tracking the framework's effectiveness and providing Key Performance Indicators (KPIs) for continual improvement.These steps are crucial for advancing maritime cybersecurity resilience.
This study marks a pivotal contribution to maritime cybersecurity research by identifying significant gaps in the application of the NIST CSF v2.0 within the maritime sector.It advocates for tailored cybersecurity strategies that align with maritime-specific challenges, and encourages a re-evaluation of current practices.By emphasizing the need for industryspecific customization, this research sets a new direction for inquiry and positions itself as a catalyst for future exploration and the development of a maritime-centric cybersecurity framework.This research underscores the urgency for academia and maritime industry to collaborate in closing the identified gaps and enhancing cybersecurity.
In summary, the research and application of the NIST CSF v2.0 within the maritime cybersecurity context is currently in its infancy due to its recent availability.The framework boasts tremendous potential to transform and elevate cybersecurity practices in the maritime domain; yet, given its recent arrival, a noticeable research gap exists around understanding its adaptability and practicality in the maritime setting.The onus now lies with academia and industry experts to navigate this uncharted territory, thereby unlocking a multitude of research opportunities.The forthcoming period promises an exciting surge in scholarly activity, with focused discussions and in-depth exploration of how to tailor and incorporate the tenets of the NIST CSF v2.0 to meet maritime-specific cybersecurity demands.This collective effort will hopefully pave the way for the formulation of potent and effective cybersecurity strategies that are well-equipped to guard maritime operations against escalating cyber threats.

Figure 2 .
Figure 2. Distribution by year of publications included in our systematic review.

Table 3 .
Protect.The NIST CSF emphasizes the need for Identity Management, Authentication, and Access Control in maritime cybersecurity.Research shows that secure management systems and multi-factor authentication improve security without sacrificing usability.It's crucial to balance these aspects in the digital maritime industry, with ongoing advancements needed to keep systems resilient in a interconnected world.

Table 4 .
Detect.Continuous Monitoring is crucial for detecting anomalies in the maritime sector's physical and digital realms.It requires constant oversight of networks, user activities, and technology, including third-party services and system components.Highlighted vulnerabilities in critical technologies like AIS and GNSS underscore the need for persistent surveillance.Advanced tools like Digital Twin technology and real-time risk detection enhance system defense.Ongoing enhancements in monitoring are essential to counter evolving cybersecurity threats.

Table 6 .
Recover.Incident Recovery Plan Execution into company strategies is vital for cybersecurity resilience.Recovery plans aim for quick, effective incident handling to minimize disruption and damage.Research highlights unique strategies, like optimization algorithms, to combat issues like data loss.These findings stress the importance of adept recovery planning in boosting cybersecurity robustness.With rapid tech progress, recovery strategies must evolve to protect systems and assets effectively.
• Strategic and Proactive Research:

Table 7 .
Insights on RQ1, RQ2, and RQ3.Within the "Govern" function, only 2 out of the 6 categories were recognized.As per the NIST CSF v2.0, this is significant as it sets the stage for how an organization carries out the remaining five functions.The research community definitely needs to focus on the 4 categories that have not been identified.The research community has demonstrated maturity in this function, with all categories having been identified.However, there is a definite need to focus more on the "Identity Management, Authentication, and Access Control" category, as only 2 articles have been identified.In light of our research, 2 crucial aspects of the "Respond" function 'Incident Response Reporting and Communication' and 'Incident Mitigation' have not been identified.This presents a significant gap as these elements play key roles in handling cybersecurity incidents effectively.Our research, which accounts for only 2 articles under the "Recover" function, particularly in the 'Incident Recovery Plan Execution' category, reveals a distinct void in the area of 'Incident Recovery Communication'.The research community definitely needs to focus on this function.