Specifically, either don't plug wireless devices on the trusted network, or have some procedure that makes it damn sure any such device will be unusable when the ship is running.
We have some ways of protecting against malicious firmware, but the kind of consumer hardware that gets those is so complex and flawed that you are better without. If the hacker needs full physical access to the ship before the attack, you are about as good as you can get.
Specifically, either don't plug wireless devices on the trusted network, or have some procedure that makes it damn sure any such device will be unusable when the ship is running.
We have some ways of protecting against malicious firmware, but the kind of consumer hardware that gets those is so complex and flawed that you are better without. If the hacker needs full physical access to the ship before the attack, you are about as good as you can get.