Improving maritime cybersecurity through technology and policy | MIT News

Hailing from the small Balkan country of Montenegro, Strahinja (Strajo) Janjusevic says her life has turned out in unexpected ways, for which she is very grateful. After graduating from high school, he was chosen to represent his country in the United States, studying cyber operations and computer science at the US Naval Academy in Annapolis, Maryland. He has since continued his cybersecurity studies and is currently a second-year master’s student in the Technology and Policy Program (TPP), hosted by the MIT Institute for Data, Systems, and Society (IDSS). His research with the MIT Laboratory for Information and Decision Systems (LIDS) and the MIT Maritime Consortium team aims to improve the cyber security of critical maritime infrastructure using artificial intelligence, considering both technology and policy frameworks.

“My current research focuses on applying AI techniques to cybersecurity problems and exploring the policy implications of these developments, particularly in the context of maritime cybersecurity,” Janjusevic said. “Representing my country at the highest levels of academia and industry has given me a unique perspective on cyber security challenges.”

Janjusevic’s path from Montenegro to Maryland was created by a program that allows selected students from allied countries to attend the US Naval Academy. Janjusevic graduated with a double degree in cyber operations and computer science. His first-hand experience provided opportunities to work with the US military and the National Security Agency, exposed him to high-level cyber security operations and fueled his interest in tackling complex cyber security challenges. During his undergraduate studies, he also worked with Microsoft, developing cloud event response tools, and NASA, visualizing solar data for research applications.

After graduation, he realized that he still needed more knowledge, especially in the area of ​​AI and cybersecurity. The TPP immediately appealed to him because of its dual emphasis on the rigorous engineering innovation and policy analysis required for its effective implementation. Janjusevic’s experience at TPP was a big change from his time at the US Naval Academy, with a different pace and environment. He is very excited to be able to expand his understanding of various fields of research and to apply the discipline and knowledge he has gained during his time at school.

“My TPP experience has been amazing,” said Janjusevic. “The team is really small, so it feels like a family, and everyone is working on different problems that have a big impact.”

Mitigating the risks of emerging technologies

Janjusevic’s thesis brings together the fields of cybersecurity, AI and deep learning, as well as control theory and physics, focusing on protecting maritime cyber-physical systems – in particular, large legacy ships. The hacking of these shipping networks can lead to serious damage to the country’s security, as well as serious economic consequences.

“Strajo works beyond the subtleties of marine GPS,” said Saurabh Amin, the Edmund K. Turner Professor of Civil Engineering. “Such attacks have already lured ships into competitive waters. His approach combines physics-based trajectory models with deep learning, capturing threats that no single method can detect on its own. His expertise has been invaluable in advancing our threat modeling and attack detection work.”

The research uses advanced threat modeling and ship dynamics to train AI systems to distinguish between legitimate navigation and malicious signals. It involves building a framework that uses internal LSTM (long short term memory) to analyze signal integrity, while at the same time using physics-based forecasting to predict ship movements based on environmental factors such as wind and sea state. By comparing these predictions against the reported GPS position, the system can effectively distinguish between natural sensor noise and malicious spoofing attacks. This hybrid framework is designed to empower, not replace, human operators, providing verified navigation data that allows watchdogs to distinguish technical problems from serious cyber attacks.

Sanjusevic was able to supplement his academic research with industry experience. In the summer of 2025, he worked with the Network Detection team at the AI ​​cybersecurity company Vectra AI. There, he investigated the potential threats that new technologies could bring, especially AI agents and the content protocol (MCP) model – an emerging standard for communicating with AI agents. His research showed how this technology could be repurposed for autonomous hacking and advanced command and control. This work on the security risks of agent AI was recently presented in the original paper, “Hiding in AI Traffic: Abusing MCP for LLM-Powered Agentic Red Teaming.”

“I was able to gain hands-on experience and practical knowledge of how the data science team uses AI models to find anomalies in the network,” Janjusevic said. “This work within the industry has directly informed the fuzzy detection models in my research.”

International policy perspective

“Strajo brings not only a high level of intelligence and energy to his work on cyber-physical security on merchant ships, but also a strong sense from his Navy training that is deeply connected to the research effort and sets an effective policy,” said Fotini Christia, Ford International Professor of Social Sciences, director of the IDSS and leader of the MIT Sociotechnical Research Center, Maritime Research Center.

Janjusevic participates in the cybersecurity efforts of the Maritime Consortium, a collaboration between academia, industry, and regulatory agencies focused on developing technical solutions, industry standards, and policies. The alliance includes cooperation with other international members, including from Singapore and South Korea.

“In AI cybersecurity, the policy aspect is very important, as the field is moving fast and the consequences of hacking can be very dangerous,” said Janjusevic. “I think there is still a great need for policy action in this space.”

Janjusevic is also currently helping to organize two major upcoming conferences: the Harvard European Conference in February, which will convene officials and diplomats from around the world, and the Technology and National Security Conference in April, a collaboration between Harvard and MIT that brings together senior leaders from government, industry, and academia to address critical challenges to national security.

“I strive for a position where I can influence and develop the field of cybersecurity through AI, while at the same time leading cooperation and innovation between the United States and Montenegro,” said Janjusevic. “My goal is to be a bridge between Europe and the US in this space of national security, AI, and cybersecurity, bringing my experience to both sides.”