Maritime Security Operations Center (M-SOC): Systematic Literature Review, Research Gaps and Future Areas to Investigate

ABSTRACT: The maritime industry is undergoing rapid digital transformation, integrating advanced technologies to enhance operational efficiency and connectivity. However, this shift introduces significant cybersecurity vulnerabilities, as increasing reliance on digital systems for navigation, communication, and control exposes vessels to cyber threats. Despite growing awareness, the industry lacks unified cybersecurity frameworks, leading to fragmented defenses that attackers can exploit to compromise critical systems such as navigation and control functions. The Maritime Security Operations Centers (M-SOCs) Framework aims to provide a consolidated approach to threat monitoring, detection, and response. However, research on adapting traditional Security Operations Centers (SOCs) to the unique maritime environment remains limited. This paper addresses this gap by conducting a systematic literature review (SLR) using the SALSA (Search, Appraisal, Synthesis, and Analysis) framework to examine the current state of M-SOCs. By analyzing existing research, we identify key trends, challenges, and opportunities in maritime cybersecurity operations. Our findings highlight the need for tailored SOC models that account for the maritime sector’s distinct operational, technological, and personnel constraints. This review contributes to the growing body of knowledge on maritime cybersecurity, offering insights to guide future M-SOC development and implementation. Ultimately, this work supports efforts to strengthen cyber resilience in the maritime domain against evolving threats and increasing attack surface.

KEYWORDS:

REFERENCES

G. A. Weaver, B. Feddersen, L. Marla, D. Wei, A. Rose, and M. Van Moer, “Estimating economic losses from cyber-attacks on shipping ports: An optimization-based approach,” Transp Res Part C Emerg Technol, vol. 137, p. 103423, Apr. 2022, doi: 10.1016/J.TRC.2021.103423.

J. I. Alcaide and R. G. Llave, “Critical infrastructures cybersecurity and the maritime sector,” Transportation Research Procedia, vol. 45, pp. 547–554, 2020, doi: 10.1016/J.TRPRO.2020.03.058.

F. Martínez, L. E. Sànchez, A. Santos-Olmo, D. G. Rosado, and E. Fernàndez-Medina, “Maritime cybersecurity: protecting digital seas,” Int J Inf Secur, pp. 1–29, Jan. 2024, doi: 10.1007/S10207-023-00800-0/TABLES/6.

A. Zolich et al., “Survey on Communication and Networks for Autonomous Marine Systems,” Journal of Intelligent and Robotic Systems: Theory and Applications, vol. 95, no. 3–4, pp. 789–813, Sep. 2019, doi: 10.1007/S10846-018-0833-5/METRICS.

A. Nganga, J. Scanlan, M. Lützhöft, and S. Mallam, “Enabling cyber resilient shipping through maritime security operation center adoption: A human factors perspective,” Appl Ergon, vol. 119, p. 104312, Sep. 2024, doi: 10.1016/J.APERGO.2024.104312.

A. Nganga, G. Nganya, M. Lützhöft, S. Mallam, and J. Scanlan, “Bridging the Gap: Enhancing Maritime Vessel Cyber Resilience through Security Operation Centers,” Sensors 2024, Vol. 24, Page 146, vol. 24, no. 1, p. 146, Dec. 2023, doi: 10.3390/S24010146.

J. Direnzo, D. A. Goward, and F. S. Roberts, “The little-known challenge of maritime cyber security,” IISA 2015 - 6th International Conference on Information, Intelligence, Systems and Applications, Jan. 2016, doi: 10.1109/IISA.2015.7388071.

C. Parka, W. Shib, W. Zhangb, C. Kontovas, and C.-H. Changa, “Cybersecurity in the maritime industry: a literature review”.

“The Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIRED.” Accessed: Jun. 02, 2025. [Online]. Available: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

“Maritime cyber risk.” Accessed: May 30, 2025. [Online]. Available: https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx

“NIS 2 Directive) (Text with EEA relevance”.

C. Bueger and T. Liebetrau, “Critical maritime infrastructure protection: What’s the trouble?,” Mar Policy, vol. 155, Sep. 2023, doi: 10.1016/J.MARPOL.2023.105772.

A. N. Nasr, R. Leiger, I. Zaitseva-Pärnaste, and P. Kujala, “Exploring Historical Maritime Cyber-Attacks and Introducing Maritime Security Operations Center as a Solution to Mitigate Them,” Progress in Marine Science and Technology, vol. 9, pp. 235–245, Nov. 2024, doi: 10.3233/PMST240042.

M. Vielberth, F. Bohm, I. Fichtinger, and G. Pernul, “Security Operations Center: A Systematic Study and Open Challenges,” IEEE Access, vol. 8, pp. 227756–227779, 2020, doi: 10.1109/ACCESS.2020.3045514.

“What Is a Security Operations Center (SOC)? | IBM.” Accessed: Jun. 19, 2025. [Online]. Available: https://www.ibm.com/think/topics/security-operations-center

Y. Baddi, M. A. Almaiah, O. Almomani, and Y. Maleh, “The art of cyber defense: From risk assessment to threat intelligence,” The Art of Cyber Defense: From Risk Assessment to Threat Intelligence, pp. 1–310, Nov. 2024, doi: 10.1201/9781032714806.

S. C. Sundaramurthy, J. Case, T. Truong, L. Zomlot, and M. Hoffmann, “A tale of three security operation centers,” Proceedings of the ACM Conference on Computer and Communications Security, vol. 2014-November, no. November, pp. 43–50, Nov. 2014, doi: 10.1145/2663887.2663904.

S. Schinagl, K. Schoon, and R. Paans, “A framework for designing a security operations centre (SOC),” Proceedings of the Annual Hawaii International Conference on System Sciences, vol. 2015-March, pp. 2253–2262, Mar. 2015, doi: 10.1109/HICSS.2015.270.

D. Pati and L. N. Lorusso, “How to Write a Systematic Review of the Literature,” HERD, vol. 11, no. 1, pp. 15–30, Jan. 2018, doi: 10.1177/1937586717747384.

W. Mengist, T. Soromessa, and G. Legese, “Ecosystem services research in mountainous regions: A systematic literature review on current knowledge and research gaps,” Science of The Total Environment, vol. 702, p. 134581, Feb. 2020, doi: 10.1016/J.SCITOTENV.2019.134581.

A. García-Holgado, S. Marcos-Pablos, and F. J. García-Peñalvo, “Guidelines for performing systematic research projects reviews,” International Journal of Interactive Multimedia and Artificial Intelligence, vol. 6, no. 2, pp. 136–144, 2020, doi: 10.9781/IJIMAI.2020.05.005.

W. Mengist, T. Soromessa, and G. Legese, “Method for conducting systematic literature review and meta-analysis for environmental science research,” MethodsX, vol. 7, p. 100777, Jan. 2020, doi: 10.1016/J.MEX.2019.100777.

M. J. Grant and A. Booth, “A typology of reviews: an analysis of 14 review types and associated methodologies,” Health Info Libr J, vol. 26, no. 2, pp. 91–108, Jun. 2009, doi: 10.1111/J.1471-1842.2009.00848.X.

A. Carrera-Rivera, W. Ochoa, F. Larrinaga, and G. Lasa, “How-to conduct a systematic literature review: A quick guide for computer science research,” MethodsX, vol. 9, p. 101895, Jan. 2022, doi: 10.1016/J.MEX.2022.101895.

I. Fernández del Amo, J. A. Erkoyuncu, R. Roy, R. Palmarini, and D. Onoufriou, “A systematic review of Augmented Reality content-related techniques for knowledge transfer in maintenance applications,” Comput Ind, vol. 103, pp. 47–71, Dec. 2018, doi: 10.1016/J.COMPIND.2018.08.007.

A. Martín-Martín, E. Orduna-Malea, M. Thelwall, and E. Delgado López-Cózar, “Google Scholar, Web of Science, and Scopus: A systematic comparison of citations in 252 subject categories,” J Informetr, vol. 12, no. 4, pp. 1160–1177, Nov. 2018, doi: 10.1016/J.JOI.2018.09.002.

E. S. Vieira and J. A. N. F. Gomes, “A comparison of Scopus and Web of science for a typical university,” Scientometrics, vol. 81, no. 2, pp. 587–600, Apr. 2009, doi: 10.1007/S11192-009-2178-0/METRICS.

A. Mucedola, “Toward a better future through maritime security,” Meeting Security Challenges Through Data Analytics and Decision Support, pp. 133–142, Jan. 2016, doi: 10.3233/978-1-61499-716-0-133.

O. Jacq, X. Boudvin, D. Brosset, Y. Kermarrec, and J. Simonin, “Detecting and Hunting Cyberthreats in a Maritime Environment: Specification and Experimentation of a Maritime Cybersecurity Operations Centre,” 2018 2nd Cyber Security in Networking Conference, CSNet 2018, Jan. 2019, doi: 10.1109/CSNET.2018.8602669.

B. Nikolov, “A Concept for Establishing a Security Operations and Training Centre at the Bulgarian Naval Academy,” vol. 46, no. 1, pp. 27–35, 2020, doi: 10.11610/isij.4602.

M. Raimondi, G. Longo, A. Merlo, A. Armando, and E. Russo, “Training the Maritime Security Operations Centre Teams,” Proceedings of the 2022 IEEE International Conference on Cyber Security and Resilience, CSR 2022, pp. 388–393, 2022, doi: 10.1109/CSR54599.2022.9850324.

P. de La Vallée, G. Iosifidis, A. Rossi, M. Dri, and W. Mees, “Sector-Specific Training - A Federated Maritime Scenario,” Communications in Computer and Information Science, vol. 1689, pp. 21–35, Jan. 2022, doi: 10.1007/978-3-031-20215-5_3.

A. Nganga, M. Lützhöft, J. Scanlan, and S. Mallam, “Timely Maritime Cyber Threat Resolution in a Multi-Stakeholder Environment,” 2022.

B. M. Nikolov, “Improving Cybersecurity Capabilities at Nikola Vaptsarov Naval Academy by Building and Developing a Security Operations and Training Center,” Communications in Computer and Information Science, vol. 1790 CCIS, pp. 219–242, 2023, doi: 10.1007/978-3-031-44440-1_30/FIGURES/5.

“Publish or Perish.” Accessed: May 22, 2025. [Online]. Available: https://harzing.com/resources/publish-or-perish

“Voyant Tools.” Accessed: May 22, 2025. [Online]. Available: https://voyant-tools.org/

“VOSviewer - Visualizing scientific landscapes.” Accessed: May 22, 2025. [Online]. Available: https://www.vosviewer.com/

N. J. van Eck and L. Waltman, “Software survey: VOSviewer, a computer program for bibliometric mapping,” Scientometrics, vol. 84, no. 2, pp. 523–538, Jan. 2010, doi: 10.1007/s11192-009-0146-3.

R. Hopcraft, “Developing Maritime Digital Competencies,” IEEE Communications Standards Magazine, vol. 5, no. 3, pp. 12–18, Sep. 2021, doi: 10.1109/MCOMSTD.101.2000073.

K. Kanwal, W. Shi, C. Kontovas, Z. Yang, and C. H. Chang, “Maritime cybersecurity: are onboard systems ready?,” Maritime Policy and Management, vol. 51, no. 3, pp. 484–502, Apr. 2024, doi: 10.1080/03088839.2022.2124464;CTYPE:STRING:JOURNAL.

“Home - Suricata.” Accessed: Jun. 19, 2025. [Online]. Available: https://suricata.io/

“Splunk | The Key to Enterprise Resilience.” Accessed: Jun. 19, 2025. [Online]. Available: https://www.splunk.com/

“Home | Moodle.org.” Accessed: Jun. 19, 2025. [Online]. Available: https://moodle.org/?lang=en

“Prometheus - Monitoring system & time series database.” Accessed: Jun. 19, 2025. [Online]. Available: https://prometheus.io/

“Grafana: The open and composable observability platform | Grafana Labs.” Accessed: Jun. 19, 2025. [Online]. Available: https://grafana.com/

F. Akpan, G. Bendiab, S. Shiaeles, S. Karamperidis, and M. Michaloliakos, “Cybersecurity Challenges in the Maritime Sector,” Network 2022, Vol. 2, Pages 123-138, vol. 2, no. 1, pp. 123–138, Mar. 2022, doi: 10.3390/NETWORK2010009.

R. Vaarandi and S. Mäses, “How to Build a SOC on a Budget,” 2022, doi: 10.1109/CSR54599.2022.9850281.

Joseph. Muniz, Gary. McIntyre, and Nadhem. AlFardan, “Security operations center : building, operating, and maintaining your SOC,” 2016.

I. Taqafi, Y. Maleh, and K. Ouazzane, “A MATURITY CAPABILITY FRAMEWORK FOR SECURITY OPERATION CENTER,” EDPACS, vol. 67, no. 3, pp. 21–38, 2023, doi: 10.1080/07366981.2023.2159047.

P. Danquah, “Security Operations Center: A Framework for Automated Triage, Containment and Escalation,” Journal of Information Security, vol. 11, pp. 225–240, 2020, doi: 10.4236/jis.2020.114015.

M. Rosso, M. Campobasso, G. Gankhuyag, and L. Allodi, “SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers; SAIBERSOC: Synthetic Attack Injection to Benchmark and Evaluate the Performance of Security Operation Centers”, doi: 10.1145/3427228.

Citation note:

Nasr A.N., Vaarandi R., Zaitseva-Pärnaste I., Kujala P.: Maritime Security Operations Center (M-SOC): Systematic Literature Review, Research Gaps and Future Areas to Investigate. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 19, No. 4, doi:10.12716/1001.19.04.11, pp. 1141-1155, 2025

BibTeX EndNote