Abstract
The maritime industry is rapidly digitizing, integrating advanced technologies such as autonomous navigation, Internet of Things (IoT), and data-driven systems across vessels, ports, and global supply chains. While these innovations enhance operational efficiency, they also expand the attack surface and introduce new cybersecurity risks. In response, a variety of regulatory bodies and industry stakeholders have introduced frameworks and guidelines, such as the IMO's MSC.428(98), NIST Cybersecurity Framework, and IACS UR E26, to manage these emerging threats. However, the fragmented nature, non-binding status, and limited scope of these standards have led to uneven adoption, gaps in enforcement, and weak cyber resilience across the sector. This study extends on prior research analyzing maritime cybersecurity (Clark et al., 2025). Framed around the NIST CSF, the goal of this research was to explore cybersecurity within the maritime industry by applying a technology roadmapping technique to identify challenges and issues in port and ship cybersecurity (Graces et al., 2025; Cummings et al., 2025). Specifically, the current study expands on the findings surrounding the Identify category of the NIST CSF, which found that one of the major challenges within the sector was the lack of concrete regulations and enforcement. A mixed-methods approach, combining a literature review/synthesis of current regulations, expert elicitation, and comparative analysis, was conducted to understand the impact of the lack of clear regulations on the maritime industry. The first stage expanded on the TRM report's results to examine specific regulatory issues identified in the maritime industry. Second, a comparative analysis incorporating bibliographic research from various sources, including peer-reviewed academic journal articles and non-academic publications, was conducted to identify current regulatory and legislative actions in the industry. Finally, expert elicitation includes gathering information from surveys and interviews at the final stage of the research. The final result will be a unified framework that incorporates regulatory recommendations based on the areas identified during the TRM process.
Recommended Citation
Cummings, Jeff; Miller, Kasey; and Clark, Ulku Yaylacicegi, "Uncharted Domain: Regulatory and Framework Challenges in Maritime Cybersecurity" (2026). AMCIS 2026 TREOs. 171.
https://aisel.aisnet.org/treos_amcis2026/171