Abstract
Abstract The integration of Information Communication Technology (ICT) and Operational Technology (OT) in Maritime Autonomous Surface Ships (MASS) has introduced significant advancements in autonomous navigation, operational efficiency, and remote monitoring. However, this growing reliance on interconnected digital infrastructure also exposes MASS to evolving cybersecurity threats. Current approaches to threat identification in maritime systems are largely manual and resource-intensive, making them insufficient for the complexity of autonomous operations. This paper addresses this gap by proposing a structured, automation-oriented threat modeling framework tailored specifically for MASS. The framework systematically identifies critical ICT/OT components, analyzes associated cyber threats, and supports proactive risk mitigation. It integrates the STRIDE methodology with the Microsoft Threat Modeling Tool (MTMT) to enable scalable and reusable threat analyses. A representative use case involving a Level 4 autonomous MASS system is used to demonstrate the framework’s applicability. Key contributions include the development of a generalized threat modeling template for MASS, the generation of a domain-specific threat list, and the creation of an open-source tool to support maritime cybersecurity assessments. To support research and adoption, we contribute the MASS threat modeling template as an open-source resource for the research community. The results provide a foundation for improving cyber resilience in autonomous maritime operations and contribute to the advancement of standardized cybersecurity practices in the maritime domain.