Maritime Cybersecurity Reading List
56 essential books for maritime cybersecurity professionals — from shipboard OT security to satellite threats, carefully curated by industry practitioners.
Featured Books
Our top picks for maritime cybersecurity professionals
2025 Maritime Security: A Comprehensive Guide for Shipowners, Seafarers and Administrations (2nd Edition)
Maritime Cybersecurity — Core Titles
13 books
Maritime Cybersecurity: A Guide for Leaders and Managers
The definitive guide to maritime cybersecurity. Covers the intersection of the maritime transportation system and information security, including maritime cyber risk management, cyberattacks on shipping lines, port cybersecurity, threats against shipboard networks, GPS/AIS spoofing, threats against industrial control systems and autonomous vessels, and strategies for maritime cyberdefense.
Issues in Maritime Cyber Security
Pioneering academic work from CCICADA (DHS Center of Excellence at Rutgers). Addresses how cyber networks are a major component of the Maritime Transportation System. Beneficial as a textbook for courses on risk analysis, national security, cyber threats, or maritime policy.
Cyber Security Workbook for On Board Ship Use (6th Edition)
The industry-standard practical workbook for Masters and senior officers. Aligned with IMO Resolution MSC.428(98). Contains 14 checklists and 7 annexes including Cyber Security Risk Assessment and Creating a Cyber Security Plan. Updated annually with new threats and case studies. Essential for ISM Code compliance.
Port Cybersecurity: Securing Critical Information Infrastructures and Supply Chains
Examines how ports assess cyber risks and vulnerabilities, with focus on Critical Information Infrastructure (CII) ecosystems. Author worked for European Commission and managed security projects for NSA, NATO, Greek Ministry of Defense, and European Commission.
Maritime Security: An Introduction (2nd Edition)
Comprehensive introduction to maritime security including cybersecurity. Explains how commercial seaports and vessels function, current threats, and security policies needed. New chapters on transnational crime, migration, and legal/cybersecurity issues.
Understanding Maritime Security
Latest academic perspective from Oxford University Press. Co-author advised UK Cabinet Office, Ministry of Defence, and Department for Transport on the 2022 UK National Strategy for Maritime Security. Covers evolving maritime security landscape including cyber threats.
Maritime Security: A Practical Guide for Mariners
Written by the Maritime Director of SAMI (Security Association for the Maritime Industry). Covers evolution of maritime security, ISPS Code compliance, and the rapidly developing area of cybersecurity.
2025 Maritime Security: A Comprehensive Guide for Shipowners, Seafarers and Administrations (2nd Edition)
Official ICS guidance covering all aspects of maritime security including cyber risk management. Essential reference for shipowners, operators, and maritime administrations implementing security programs.
Guide to Maritime Security & The ISPS Code (2021 Edition)
Official IMO publication incorporating guidance on maritime cyber risk management. Second edition includes updated sources supporting ISPS Code implementation. Essential for understanding the regulatory framework that governs maritime cybersecurity requirements.
Unmanned and Autonomous Ships
Explores automated shipping including cybersecurity implications. Covers ship design, command and control, navigation, communications, and security for autonomous vessels. Essential reading as MASS (Maritime Autonomous Surface Ships) become reality.
A Practitioner's Guide to Effective Maritime and Port Security
International perspective on port operations security covering ISPS Code implementation, facility security plans, port access control, and coordination challenges between vessel operators, port authorities, and national agencies.
BIMCO Guidelines on Cyber Security Onboard Ships (5th Ed.)
The authoritative industry guidance document co-authored by all major maritime associations and P&I clubs. Defines the framework for cyber risk assessment, crew training, incident response planning, and recovery procedures onboard. Aligned with IMO MSC-FAL.1/Circ.3 and the ISM Code.
Bridge Team Management (2nd Ed.)
Foundational text on bridge resource management (BRM) — the human factors framework governing how vessel bridge teams communicate, share situational awareness, and make decisions under pressure. Essential for maritime cyber scenarios affecting navigation systems.
Industrial Control Systems & OT Security
9 books
Industrial Cybersecurity: Efficiently Secure Critical Infrastructure Systems
Author has 20+ years of experience in industrial network design, pentesting, and threat hunting, currently Manager at Ernst and Young. Covers ICS technology, architectures, communication media, and protocols. Directly applicable to shipboard OT systems.
Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions
From the trusted Hacking Exposed series. Shows how to assess ICS exposure and develop risk management plans, use threat modeling, implement ICS penetration testing, and understand how attackers exploit industrial protocols.
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
Comprehensive guide to securing industrial networks. Covers unique protocols and applications that are foundation of ICS. Applicable to maritime SCADA systems.
Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS
Foundational text explaining how to develop and implement cybersecurity programs for ICS. Examines potential threats including malware, botnets, and outlines inherent ICS vulnerabilities. Essential for understanding shipboard control system security.
Cyber-security of SCADA and Other Industrial Control Systems
Part of Springer's Advances in Information Security series. Covers ICS cyber threats, attacks, metrics, risk, situational awareness, intrusion detection, and security testing. Tutorial chapters plus advanced topics on ICS governance and responses to attacks.
Handbook of SCADA/Control Systems Security
Fundamental outline of security concepts and methodologies pertaining to SCADA systems in critical utility and industrial systems. Essential reference for securing industrial automation and process control systems.
Cyber Security Operational Technology Best Practice
Practical guide to OT security in manufacturing, power generation, and transportation sectors. Addresses growing concerns about cyber attacks that can cause physical damage to equipment or disrupt essential services. Directly relevant to maritime OT environments.
Pentesting Industrial Control Systems
Hands-on guide to analyzing and navigating ICS intricacies. Covers setting up ICS lab, open source intel-gathering, SOPs for ICS penetration testing, and connecting OT to engineering workstations. Essential for maritime security assessors.
Engineering-Grade OT Security: A Manager's Guide
Written for non-technical managers who own OT security decisions. Cuts through compliance checkbox thinking to explain what actually reduces risk in industrial environments — with particular attention to the gap between IT security controls and what works in OT.
Cyber-Physical Security & Critical Infrastructure
5 books
Cyber-Physical Attacks: A Growing Invisible Threat
How computers can disable systems and affect the physical world. Covers embedded systems, SCADA, and more. Written for non-experts and physical security professionals.
Critical Infrastructure Security: Cybersecurity Lessons Learned from Real-World Breaches
From introduction to critical infrastructure concepts through the vulnerability lifecycle. Covers real-world breaches and examines threats from DDoS to APTs. Essential for understanding how critical infrastructure attacks apply to maritime sector.
Maritime Critical Infrastructure Protection: DHS Need to Better Address Port Cybersecurity
Official GAO report on port cybersecurity vulnerabilities. Documents how US ports handle $1.3 trillion in cargo annually and how maritime stakeholders rely on ICT to manage cargo movement. Essential policy document for understanding regulatory landscape.
Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)
Presents Idaho National Laboratory's CCE methodology — a consequence-first approach to critical infrastructure security that starts by identifying worst possible outcomes and works backward to determine what an adversary must compromise.
The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
Former White House cybersecurity coordinator provides a policy-level analysis of the cyber threat landscape, bridging national security policy and corporate cybersecurity with specific attention to critical infrastructure and regulatory frameworks.
Supply Chain Security
2 books
Supply Chain Security: A Comprehensive Approach
Tools for ensuring supply chain security including rapid response protocols. Author has 27+ years of experience in domestic and international logistics, trade, and transportation security.
Cyber Security and Supply Chain Management: Risks, Challenges, and Solutions
How firms can manage cyber risk in procurement, manufacturing, and logistics. Supply chain is often the core area of cyber vulnerability and first line of defense. Essential for understanding third-party risk in maritime operations.
Frameworks & Risk Management
5 books
Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework
Fundamentals of cybersecurity risk planning using NIST Framework. Covers user and network infrastructure planning, plus detection tools and techniques. Perfect for maritime organizations implementing risk-based cybersecurity per IMO guidelines.
ISO 27001 Controls: A Guide to Implementing and Auditing
Implementing and auditing 93 controls to reduce information security risks. ISO 27001 is increasingly referenced in maritime cybersecurity requirements, including IACS E26/E27. Essential for compliance officers.
NIS2 Compliance Made Simple
Practical breakdown of the NIS2 Directive for CISOs and compliance officers. Covers scope determination, security measures requirements, incident reporting timelines (24h/72h), and personal liability for management.
Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware
Rigorous analysis of how cyber insurance has evolved — from early policies through NotPetya 'act of war' exclusion controversies to current coverage debates. Indispensable for ransom payment and insurance notification decisions.
How to Measure Anything in Cybersecurity Risk
Rigorous application of decision analysis to cybersecurity risk quantification. Challenges qualitative risk matrices and replaces them with calibrated probability estimates and Monte Carlo methods.
Incident Response & Threat Hunting
8 books
Digital Forensics and Incident Response (3rd Edition)
Cutting-edge digital forensic activities and incident response with focus on ransomware attacks. Covers incident response frameworks and how to proactively use forensic skills in threat hunting. Essential for maritime incident responders.
Practical Threat Intelligence and Data-Driven Threat Hunting (2nd Edition)
Roadmap to becoming a proficient threat hunter using MITRE ATT&CK Framework and open source tools. Learn to set up environment to centralize data, master data collection and analysis. Applicable to maritime SOC operations.
Ransomware and Cyber Extortion: Response and Prevention
The go-to practitioner reference on ransomware. Covers the full lifecycle: initial access vectors, dwell time, data exfiltration before encryption, ransom negotiation, payment mechanics, recovery, and post-incident hardening. One of the few books to treat negotiation as a technical discipline with its own methodology.
The Ransomware Book: Understand. Prevent. Recover. (2nd Ed.)
Notable for its explicit chapter dedicated to tabletop exercises. Takes a real-world operational approach: ransomware actor economics, affiliate models, negotiation case studies, and recovery playbooks drawn from hundreds of actual incidents.
Ransomware Protection Playbook
An actionable blueprint for detection, containment, and recovery. The playbook format makes it directly usable during and after incidents — sections can be printed and distributed as checklists. Useful for organizations building their first ransomware response procedure.
Incident Response Techniques for Ransomware Attacks
A forensics-focused guide that dissects the full kill chain — initial compromise, lateral movement, data staging, deployment — and explains how forensic investigators reconstruct timelines after the fact.
Intelligence-Driven Incident Response: Outwitting the Adversary
A methodological framework for integrating threat intelligence into incident response operations. Draws on the Diamond Model and F3EAD cycle to show how IR teams can pivot from reactive firefighting to adversary-led hunting.
Blue Team Handbook: Incident Response Edition (2nd Ed.)
A dense, practical quick-reference guide for incident responders — covering triage, evidence collection, network forensics, log analysis, malware identification, and communication protocols. Known as the 'Blue Team Bible'.
Cybersecurity Leadership & Crisis Management
2 books
CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers
Comprehensive leadership reference drawing on insights from 75+ CISO practitioners. Covers building security programs, managing boards, handling incidents, navigating regulatory requirements, and leading during crises.
The CISO Mentor: Pragmatic Advice for Emerging Risk Management Leaders
Practical, direct advice for security leaders navigating the political and organizational realities of the CISO role. Focused on conversations, decisions, and trade-offs that define security leadership under pressure.
Tabletop Exercises & Wargaming
1 book
Cybersecurity Tabletop Exercises: From Planning to Execution
The definitive practitioner guide to running cybersecurity tabletop exercises. Covers objective setting, scenario design, participant selection, facilitation techniques, inject management, and post-exercise reporting. Praised by IBM X-Force, Secureworks, FortiGuard.
Cyber Attack Case Studies
8 books
The Art of Attack: Attacker Mindset for Security Professionals
Teaches security professionals to think like attackers — covering social engineering, physical penetration, and the psychology of manipulation. Directly applicable to insider threat scenarios.
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
The essential maritime cybersecurity case study — includes the most detailed published reconstruction of Maersk's catastrophic NotPetya infection: $300M in losses, 45,000 PCs wiped, 4,000 servers destroyed. Winner of the Cornelius Ryan Award.
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Definitive account of Stuxnet — the first publicly acknowledged state-developed cyberweapon designed to cause physical destruction. The ICS attack methodology directly informs OT threat scenarios.
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
A New York Times journalist's decade-long investigation into the global zero-day market — governments paying millions for undisclosed vulnerabilities, a shadow economy that has made the world measurably less secure.
Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency
Focuses on blockchain forensics — how investigators trace cryptocurrency transactions that ransomware gangs assumed were untraceable. Directly relevant to ransom payment decision points.
The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime
Structured analytical methodology for understanding adversary operations. Includes detailed analysis of the Colonial Pipeline attack: how DarkSide operated, detection opportunities missed, and how the response unfolded.
The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime
Narrative non-fiction following volunteer researchers who reverse-engineer ransomware to create free decryptors. Provides unique insight into how ransomware works at the code level and the ecosystem of victims, responders, and criminals.
Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks
A Yale law professor reconstructs five landmark hacks — from the Morris Worm to Fancy Bear's DNC intrusion — combining legal analysis, technical accuracy, and philosophical depth.
Security Awareness & Culture
1 book
Cybersecurity ABCs: Delivering Awareness, Behaviours and Culture Change
Guide to creating enhanced security culture through improved understanding and practice at individual level. Key awareness, behaviour and culture concepts from the ground up. Essential for maritime organizations addressing the human factor in cybersecurity.
Tabletop Exercises — Recommended Reading
Curated reading list for Ogmios Maritime Cybersecurity Tabletop Exercise participants
Maritime Cybersecurity: A Guide for Leaders and Managers
The definitive guide to maritime cybersecurity. Covers the intersection of the maritime transportation system and information security, including maritime cyber risk management, cyberattacks on shipping lines, port cybersecurity, threats against shipboard networks, GPS/AIS spoofing, threats against industrial control systems and autonomous vessels, and strategies for maritime cyberdefense.
Issues in Maritime Cyber Security
Pioneering academic work from CCICADA (DHS Center of Excellence at Rutgers). Addresses how cyber networks are a major component of the Maritime Transportation System. Beneficial as a textbook for courses on risk analysis, national security, cyber threats, or maritime policy.
Maritime Security: An Introduction (2nd Edition)
Comprehensive introduction to maritime security including cybersecurity. Explains how commercial seaports and vessels function, current threats, and security policies needed. New chapters on transnational crime, migration, and legal/cybersecurity issues.
Industrial Cybersecurity: Efficiently Secure Critical Infrastructure Systems
Author has 20+ years of experience in industrial network design, pentesting, and threat hunting, currently Manager at Ernst and Young. Covers ICS technology, architectures, communication media, and protocols. Directly applicable to shipboard OT systems.
Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions
From the trusted Hacking Exposed series. Shows how to assess ICS exposure and develop risk management plans, use threat modeling, implement ICS penetration testing, and understand how attackers exploit industrial protocols.
Industrial Network Security: Securing Critical Infrastructure Networks for Smart Grid, SCADA, and Other Industrial Control Systems
Comprehensive guide to securing industrial networks. Covers unique protocols and applications that are foundation of ICS. Applicable to maritime SCADA systems.
Ransomware and Cyber Extortion: Response and Prevention
The go-to practitioner reference on ransomware. Covers the full lifecycle: initial access vectors, dwell time, data exfiltration before encryption, ransom negotiation, payment mechanics, recovery, and post-incident hardening. One of the few books to treat negotiation as a technical discipline with its own methodology.
The Ransomware Book: Understand. Prevent. Recover. (2nd Ed.)
Notable for its explicit chapter dedicated to tabletop exercises. Takes a real-world operational approach: ransomware actor economics, affiliate models, negotiation case studies, and recovery playbooks drawn from hundreds of actual incidents.
Ransomware Protection Playbook
An actionable blueprint for detection, containment, and recovery. The playbook format makes it directly usable during and after incidents — sections can be printed and distributed as checklists. Useful for organizations building their first ransomware response procedure.
Incident Response Techniques for Ransomware Attacks
A forensics-focused guide that dissects the full kill chain — initial compromise, lateral movement, data staging, deployment — and explains how forensic investigators reconstruct timelines after the fact.
Intelligence-Driven Incident Response: Outwitting the Adversary
A methodological framework for integrating threat intelligence into incident response operations. Draws on the Diamond Model and F3EAD cycle to show how IR teams can pivot from reactive firefighting to adversary-led hunting.
Blue Team Handbook: Incident Response Edition (2nd Ed.)
A dense, practical quick-reference guide for incident responders — covering triage, evidence collection, network forensics, log analysis, malware identification, and communication protocols. Known as the 'Blue Team Bible'.
Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE)
Presents Idaho National Laboratory's CCE methodology — a consequence-first approach to critical infrastructure security that starts by identifying worst possible outcomes and works backward to determine what an adversary must compromise.
The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats
Former White House cybersecurity coordinator provides a policy-level analysis of the cyber threat landscape, bridging national security policy and corporate cybersecurity with specific attention to critical infrastructure and regulatory frameworks.
Engineering-Grade OT Security: A Manager's Guide
Written for non-technical managers who own OT security decisions. Cuts through compliance checkbox thinking to explain what actually reduces risk in industrial environments — with particular attention to the gap between IT security controls and what works in OT.
The Dark Art and Science of GPS Spoofing: Satellite Wars, Hijacked Signals, and The Invisible Threat
A dedicated treatment of GPS spoofing covering technical mechanisms, geopolitical motivations behind state-sponsored spoofing campaigns, and documented case studies including the Black Sea incidents.
NIS2 Compliance Made Simple
Practical breakdown of the NIS2 Directive for CISOs and compliance officers. Covers scope determination, security measures requirements, incident reporting timelines (24h/72h), and personal liability for management.
Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware
Rigorous analysis of how cyber insurance has evolved — from early policies through NotPetya 'act of war' exclusion controversies to current coverage debates. Indispensable for ransom payment and insurance notification decisions.
How to Measure Anything in Cybersecurity Risk
Rigorous application of decision analysis to cybersecurity risk quantification. Challenges qualitative risk matrices and replaces them with calibrated probability estimates and Monte Carlo methods.
A Practitioner's Guide to Effective Maritime and Port Security
International perspective on port operations security covering ISPS Code implementation, facility security plans, port access control, and coordination challenges between vessel operators, port authorities, and national agencies.
BIMCO Guidelines on Cyber Security Onboard Ships (5th Ed.)
The authoritative industry guidance document co-authored by all major maritime associations and P&I clubs. Defines the framework for cyber risk assessment, crew training, incident response planning, and recovery procedures onboard. Aligned with IMO MSC-FAL.1/Circ.3 and the ISM Code.
Bridge Team Management (2nd Ed.)
Foundational text on bridge resource management (BRM) — the human factors framework governing how vessel bridge teams communicate, share situational awareness, and make decisions under pressure. Essential for maritime cyber scenarios affecting navigation systems.
CISO Compass: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers
Comprehensive leadership reference drawing on insights from 75+ CISO practitioners. Covers building security programs, managing boards, handling incidents, navigating regulatory requirements, and leading during crises.
The CISO Mentor: Pragmatic Advice for Emerging Risk Management Leaders
Practical, direct advice for security leaders navigating the political and organizational realities of the CISO role. Focused on conversations, decisions, and trade-offs that define security leadership under pressure.
Cybersecurity Tabletop Exercises: From Planning to Execution
The definitive practitioner guide to running cybersecurity tabletop exercises. Covers objective setting, scenario design, participant selection, facilitation techniques, inject management, and post-exercise reporting. Praised by IBM X-Force, Secureworks, FortiGuard.
The Art of Attack: Attacker Mindset for Security Professionals
Teaches security professionals to think like attackers — covering social engineering, physical penetration, and the psychology of manipulation. Directly applicable to insider threat scenarios.
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
The essential maritime cybersecurity case study — includes the most detailed published reconstruction of Maersk's catastrophic NotPetya infection: $300M in losses, 45,000 PCs wiped, 4,000 servers destroyed. Winner of the Cornelius Ryan Award.
Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon
Definitive account of Stuxnet — the first publicly acknowledged state-developed cyberweapon designed to cause physical destruction. The ICS attack methodology directly informs OT threat scenarios.
This Is How They Tell Me the World Ends: The Cyberweapons Arms Race
A New York Times journalist's decade-long investigation into the global zero-day market — governments paying millions for undisclosed vulnerabilities, a shadow economy that has made the world measurably less secure.
Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency
Focuses on blockchain forensics — how investigators trace cryptocurrency transactions that ransomware gangs assumed were untraceable. Directly relevant to ransom payment decision points.
The Art of Cyberwarfare: An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime
Structured analytical methodology for understanding adversary operations. Includes detailed analysis of the Colonial Pipeline attack: how DarkSide operated, detection opportunities missed, and how the response unfolded.
The Ransomware Hunting Team: A Band of Misfits' Improbable Crusade to Save the World from Cybercrime
Narrative non-fiction following volunteer researchers who reverse-engineer ransomware to create free decryptors. Provides unique insight into how ransomware works at the code level and the ecosystem of victims, responders, and criminals.
Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks
A Yale law professor reconstructs five landmark hacks — from the Morris Worm to Fancy Bear's DNC intrusion — combining legal analysis, technical accuracy, and philosophical depth.