Skip to main content Accessibility help
×
Home
Hostname: page-component-7ccbd9845f-692xr Total loading time: 0.376 Render date: 2023-01-28T15:08:58.041Z Has data issue: true Feature Flags: { "useRatesEcommerce": false } hasContentIssue true

Maritime Cyber Risk Management: An Experimental Ship Assessment

Published online by Cambridge University Press:  07 February 2019

Boris Svilicic*
Affiliation:
(University of Rijeka, Faculty of Maritime Studies, Studentska ulica 2, 51000 Rijeka, Croatia)
Junzo Kamahara
Affiliation:
(Kobe University, Graduate School of Maritime Sciences, 5-1-1 Fukaeminami-machi, Higashinada-ku, Kobe, Japan)
Matthew Rooks
Affiliation:
(Kobe University, Graduate School of Maritime Sciences, 5-1-1 Fukaeminami-machi, Higashinada-ku, Kobe, Japan)
Yoshiji Yano
Affiliation:
(Kobe University, Graduate School of Maritime Sciences, 5-1-1 Fukaeminami-machi, Higashinada-ku, Kobe, Japan)
*

Abstract

The maritime transport industry is increasingly reliant on computing and communication technologies, and the need for cyber risk management of critical systems and assets on vessels is becoming critically important. In this paper, a comprehensive cyber risk assessment of a ship is presented. An experimental process consisting of assessment preparation activities, assessment conduct and results communication has been developed. The assessment conduct relies on a survey developed and performed by interviewing a ship's crew. Computational vulnerability scanning of the ship's Electronic Chart Display and Information System (ECDIS) is introduced as a specific part of this cyber security assessment. The assessment process presented has been experimentally tested by evaluating the cyber security level of Kobe University's training ship Fukae-maru. For computational vulnerability scanning, an industry-leading software tool has been used, and a quantitative cyber risk analysis has been conducted to evaluate cyber risks on the ship.

Type
Research Article
Copyright
Copyright © The Royal Institute of Navigation 2019 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

REFERENCES

Balduzzi, M., Pasta, A. and Wilhoit, K. (2014). A security evaluation of AIS automated identification system. Proceedings of the 30th Annual Computer Security Applications Conference, New Orleans, USA.CrossRefGoogle Scholar
Baltic and International Maritime Council. (BIMCO). (2017). The guidelines on cyber security onboard ships. Version 2.0. BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.Google Scholar
Botunac, I. and Grz̆an, M. (2017). Analysis of software threats to the automatic identification system. Brodogradnja, 68, 97105.CrossRefGoogle Scholar
Burton, J. (2016). Cyber attacks and maritime situational awareness: Evidence from Japan and Taiwan. Proceedings of the 2016 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, London, UK.CrossRefGoogle Scholar
Det Norte Veritas – Germanischer Lloyd (DNV-GL). (2016). Cyber security resilience management for ships and mobile offshore units in operation. DNVGL-RP-0496. DNV-GL.Google Scholar
Ernstsen, J. and Nazir, S. (2018). Consistency in the development of performance assessment methods in the maritime domain. WMU Journal of Maritime Affairs, 17, 7190.CrossRefGoogle Scholar
Hareide, O.S., Jøsok, Ø., Lund, M.S, Ostnes, R. and Helkala, K. (2018). Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. The Journal of Navigation, 71, 10251039.CrossRefGoogle Scholar
Hassani, V., Crasta, N. and Pascoal, A.M. (2017). Cyber security issues in navigation systems of marine vessels from a control perspective. Proceedings of the International Conference on Ocean, Offshore Mechanics and Arctic Engineering, Trondheim, Norway.CrossRefGoogle Scholar
International Maritime Organization - Maritime Safety Committee (IMO-MSC). (2017a). ECDIS – Guidance for good practice. MSC.1/Circ.1503/Rev.1. International Maritime Organization.Google Scholar
IMO-MSC. (2017b). Maritime Cyber Risk Management in Safety Management Systems. MSC 98/23/Add.1. International Maritime Organization.Google Scholar
International Maritime Organization (IMO). (2013). International Ship and Port Facility Security (ISPS) Code. SOLAS/CONF.5/34. International Maritime Organization.Google Scholar
IMO. (2017c). Guidelines on maritime cyber risk management. MSC-FAL.1/Circ.3. International Maritime Organization.Google Scholar
Kobe University. (2018). Research Facilities: The training ship Fukae-maru. Available: https://www.maritime.kobe-u.ac.jp/en/study/fukaemaru_e.html.Google Scholar
Lee, Y.C., Park, S.K., Lee, W.K. and Kang, J. (2017). Improving cyber security awareness in maritime transport: A way forward. Journal of the Korean Society of Marine Engineering, 41, 738745.CrossRefGoogle Scholar
Microsoft. (2018). Microsoft: Search product lifecycle. Available: https://support.microsoft.com/en-us/lifecycle.Google Scholar
National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1. National Institute of Standards and Technology.Google Scholar
Nessus. (2018). Tenable Products: Nessus Professional. Available: https://www.tenable.com/products/nessus/nessus-professional.Google Scholar
Polatid, N., Pavlidis, M. and Mouratidis, H. (2018) Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards and Interfaces, 59, 7482.CrossRefGoogle Scholar
Shapiro, L.R., Maras, M.-H., Velotti, L., Pickman, S., Wei, H.-L. and Till, R. (2018). Trojan horse risks in the maritime transportation systems sector. Journal of Transportation Security, 8, 119.Google Scholar
Svilicic, B. and Kras, A. (2005). Computer Systems Privacy Protection. Journal of Maritime Research Pomorstvo, 19, 275284.Google Scholar
22
Cited by

Save article to Kindle

To save this article to your Kindle, first ensure coreplatform@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Maritime Cyber Risk Management: An Experimental Ship Assessment
Available formats
×

Save article to Dropbox

To save this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Dropbox account. Find out more about saving content to Dropbox.

Maritime Cyber Risk Management: An Experimental Ship Assessment
Available formats
×

Save article to Google Drive

To save this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Google Drive account. Find out more about saving content to Google Drive.

Maritime Cyber Risk Management: An Experimental Ship Assessment
Available formats
×
×

Reply to: Submit a response

Please enter your response.

Your details

Please enter a valid email address.

Conflicting interests

Do you have any conflicting interests? *