Cyber-Physical Attacks Don't Break One System

A 2024 IEEE study maps how one intrusion cascades across a ship's navigation, power, and comms. Siloed cyber defense is now the vulnerability.

A cyberattack no longer has to destroy a system to defeat it. On a modern platform, it only has to interrupt the network that system depends on — and let the failure spread on its own.

A 2024 study in IEEE Transactions on Smart Grid, Transportation-Energy-Communication Integrated Management of Ship Cyber-Physical Systems Against Cyber Attacks, makes the case concretely for one of the hardest targets in the fleet: a cargo ship. Its conclusion should reframe how the defense industrial base thinks about operational-technology security. The vulnerability is no longer the individual system. It is the way the systems are wired to each other.

The System That Defeats Itself

A modern vessel is a cyber-physical system: navigation tied to propulsion, propulsion tied to fuel and power, power tied to the network that runs sensors, communications, and radar. That integration is what makes the ship efficient. It is also what makes it fragile.

The study's central finding is that this interdependence amplifies the damage. An intrusion at one node does not stay there. Disrupt navigation and the ship slows or reroutes; that shifts propulsion load; that stresses the power grid; that forces load-shedding to systems the mission depends on. One compromised input becomes a cascading failure across functions that were never directly attacked.

In the authors' words, the interdependence among navigation, power, and communication management "might amplify the impacts of cyber attacks to induce cascading failures." That is not a maritime curiosity. It is the defining property of every integrated platform DoD fields — surface ships, aircraft, ground vehicles, installation microgrids, and the sealift fleet that moves the force.

Two Attacks, One Vulnerability

The research isolates two attack classes that matter most, and they map cleanly onto contested-logistics and platform-defense scenarios.

The first is data-availability denial — cutting off the flow of sensor and status data so control systems operate blind. The second is control-signal tampering — injecting false instructions so systems act on bad orders while appearing nominal. The first is a blackout. The second is worse, because the platform keeps moving on instructions it should never have trusted.

Both exploit the same design assumption: the network was built for throughput, not for adversarial conditions. That assumption is everywhere in legacy OT, and it is exactly the gap a peer adversary's electronic-warfare and cyber forces are built to find.

The Fix Is Integration, Not Hardening

The more important half of the paper is the defense. The authors do not propose a taller firewall. They propose treating navigation planning, power management, and network scheduling as one optimization problem — a Time-Sensitive Networking architecture that guarantees lanes for critical control traffic and lets the platform adjust across domains when one is degraded. If the network is contested, the ship reduces power demand; if the grid is stressed, navigation reroutes.

The measured result: the integrated strategy improved system resilience over conventional approaches, minimizing load-shedding and voyage-distance loss under attack. The platform keeps fighting instead of failing.

The lesson generalizes past ships. Defending the cyber layer and the physical layer separately is what produces cascading failure. Resilience comes from optimizing them together.

What This Means for Industry

DoD's zero-trust mandate is overwhelmingly an IT story — identity, networks, data. The cyber-physical layer, where code meets propulsion, power, and weapons, is years behind and is where the requirements are now moving: contested logistics, shipboard and installation OT, ICS/SCADA resilience, and survivable platform networks.

The companies that win the next cycle of this work will not sell a hardened box. They will sell integration — the ability to make a platform's subsystems degrade gracefully and keep operating under attack, and to prove it. That is a systems-engineering and modeling-and-simulation competency, not a point product, and it cuts across the cyber, OT, and platform-integration primes that today bid these scopes in separate lanes.

Positioning starts before the solicitation. The program offices writing these requirements are looking for evidence that a vendor understands cross-domain failure, not just network defense. A capture posture built around "we secure the network" will lose to one built around "we keep the platform mission-capable when the network is contested."

The Signal

Cyber-physical resilience is the next funded requirement, and the defense industrial base is still organized to defend systems one at a time. The intrusion that matters is the one that cascades. Contractors that can model and engineer cross-domain survivability — and demonstrate it before the RFP drops — will define this market. The rest will be selling firewalls into a fight that has already moved past them.

DoD Industry Advisor delivers pre-solicitation positioning, capture-artifact production, and market intelligence for defense contractors.

From our network: Voice for Valor — leadership and lived-experience stories from veterans and first responders. Alpha Zulu Solutions — a service-disabled veteran-owned small business delivering defense technology and supply-chain solutions.