Hostname: page-component-76fb5796d-zzh7m Total loading time: 0 Render date: 2024-04-29T17:21:26.279Z Has data issue: false hasContentIssue false
  • English
  • Français

Literature review on maritime cybersecurity: state-of-the-art

Published online by Cambridge University Press:  06 June 2023

Hongchu Yu Open the ORCID record for Hongchu Yu [Opens in a new window] ,
Qiang Meng ,
Zhixiang Fang  and
Jingxian Liu
Hongchu Yu*
Affiliation:
School of Navigation, Wuhan University of Technology, Wuhan, China Sanya Science and Education Innovation Park of Wuhan University of Technology, Sanya, China
Qiang Meng
Affiliation:
Department of Civil and Environmental Engineering, National University of Singapore, Singapore
Zhixiang Fang
Affiliation:
State Key Laboratory of Information Engineering in Surveying, Mapping and Remote Sensing, Wuhan University, Wuhan, China
Jingxian Liu
Affiliation:
School of Navigation, Wuhan University of Technology, Wuhan, China Sanya Science and Education Innovation Park of Wuhan University of Technology, Sanya, China
*
Corresponding author: Hongchu Yu; Email: hongshuxifan8140@163.com
Get access Rights & Permissions [Opens in a new window]

Abstract

Maritime cybersecurity has attracted increasing attention in industrial and academic scope, which may be relevant to the increasing cyber-incidents in the maritime shipping industry. This paper presents a critical review of publications related to cybersecurity in the maritime transportation industry, to explore the current research status and gaps, as wells as to guide new probe avenues by employing bibliometric approaches. With the advantage of bibliometric methods, the research focus and evolution are conformed and visualised. Representative papers are reviewed together to demonstrate maritime cyber-threats recognition and categories, as well as potential consequence assessment and risk mitigation actions recommendation. This paper also created a detailed database that is comprised of attack form, occurring time, targets, purpose, as well as potential results and cost, which has been included in the Appendix and is fully portable and extendible.

Keywords

maritime cybersecuritycyber-incidents recognitionconsequence assessmentrisk mitigation
Type
Review Article
Information
The Journal of Navigation , Volume 76 , Issue 4-5 , July 2023 , pp. 453 - 466
Check for updates
Copyright
Copyright © The Author(s), 2023. Published by Cambridge University Press on behalf of The Royal Institute of Navigation

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Abkowitz, M. D. and Camp, J. S. (2011). An application of enterprise risk management in the marine transportation industry. WIT Transactions on The Built Environment, 119, 221232.CrossRefGoogle Scholar
Ahvenjärvi, S., Czarnowski, I., Kåla, J., Kyster, A., Meyer, I., Mogensen, J. and Szyman, P. (2019). Safe information exchange on board of the ship. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation, 13, 165171.CrossRefGoogle Scholar
Akpan, F., Bendiab, G., Shiaeles, S., Karamperidis, S. and Michaloliakos, M. (2022). Cybersecurity challenges in the maritime sector. Network, 2(1), 123138.CrossRefGoogle Scholar
Amro, A. and Gkioulos, V. (2022). From Click to Sink: Utilizing AIS for Command and Control in Maritime Cyber Attacks. In Computer Security–ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26–30, 2022, Proceedings, Part III. Cham: Springer Nature Switzerland, pp. 535–553.CrossRefGoogle Scholar
Balduzzi, M., Pasta, A. and Wilhoit, K. (2014). A Security Evaluation of AIS Automated Identification System. In Proceedings of the 30th Annual Computer Security Applications Conference, pp. 436445.CrossRefGoogle Scholar
Becmeur, T., Boudvin, X., Brosset, D., Héno, G., Merien, T., Jacq, O., Kermarrec, Y., and Sultan, B. (2017). A Platform for Raising Awareness on Cyber Security in A Maritime Context. In 2017 International Conference on Computational Science and Computational Intelligence (CSCI). IEEE, pp. 103–108.CrossRefGoogle Scholar
Botunac, I. and Gržan, M. (2017). Analysis of software threats to the automatic identification system. Brodogradnja: Teorija i praksa brodogradnje i pomorske tehnike, 68(1), 97105.CrossRefGoogle Scholar
Bou-Harb, E., Kaisar, E. I. and Austin, M. (2017). On the Impact of Empirical Attack Models Targeting Marine Transportation. In 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS). IEEE, pp. 200205.CrossRefGoogle Scholar
Chiappetta, A. and Cuozzo, G. (2017). Critical Infrastructure Protection: Beyond the Hybrid Port and Airport Firmware Security Cybersecurity Applications on Transport. In 2017 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS). IEEE, pp. 206211.CrossRefGoogle Scholar
Curti, F., Gerlach, J., Kazinnik, S., Lee, M. and Mihov, A. (2019). Cyber Risk Definition and Classification for Financial Risk Management. Federal Reserve Bank of St Louis, August. Mimeo.Google Scholar
Daum, O. (2019). Cyber security in the maritime sector. Journal of Maritime Law and Commerce, 50(1), 119.Google Scholar
DiRenzo, J., Goward, D. A. and Roberts, F. S. (2015). The Little-Known Challenge of Maritime Cyber Security. In 2015 6th International Conference on Information, Intelligence, Systems and Applications (IISA). IEEE, pp. 15.CrossRefGoogle Scholar
Fang, Z., Yu, H., Ke, R., Shaw, S. L. and Peng, G. (2018a). Automatic identification system-based approach for assessing the near-miss collision risk dynamics of ships in ports. IEEE Transactions on Intelligent Transportation Systems, 20(2), 534543.CrossRefGoogle Scholar
Fang, Z., Yu, H., Lu, F., Feng, M. and Huang, M. (2018b). Maritime network dynamics before and after international events. Journal of Geographical Sciences, 28, 937956.CrossRefGoogle Scholar
Frøystad, C., Bernsmed, K. and Meland, P. H. (2017). Protecting Future Maritime Communication. In Proceedings of the 12th International Conference on Availability, Reliability and Security, pp. 110.CrossRefGoogle Scholar
Hareide, O. S., Jøsok, Ø, Lund, M. S., Ostnes, R. and Helkala, K. (2018). Enhancing navigator competence by demonstrating maritime cyber security. The Journal of Navigation, 71(5), 10251039.CrossRefGoogle Scholar
Harris, J. (2021). Future Skills Requirements for a Global Centre of Maritime Training and Education: Skills Challenges for the Solent. (Doctoral dissertation, Centre of Maritime Training and Education: Skills Challenges for the Solent Dr Jack Harris and Professor Peter Sunley, School of Geography and the Environment, University of Southampton).Google Scholar
Heering, D., Maennel, O. M. and Venables, A. N. (2020). Shortcomings in Cybersecurity Education for Seafarers. In 5th International Conference on Maritime Technology and Engineering, Lisbon, Portugal.Google Scholar
Hemminghaus, C., Bauer, J. and Padilla, E. (2021). BRAT: a BRidge Attack Tool for cyber security assessments of maritime systems. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation, 15, 3544.CrossRefGoogle Scholar
Hopcraft, R. and Martin, K. M. (2018). Effective maritime cybersecurity regulation–the case for a cyber code. Journal of the Indian Ocean Region, 14(3), 354366.CrossRefGoogle Scholar
Hopcraft, R., Tam, K., Misas, J. D. P., Moara-Nkwe, K. and Jones, K. (2023). Developing a maritime cyber safety culture: improving safety of operations. Maritime Technology and Research, 5, 1.Google Scholar
Jacq, O., Brosset, D., Kermarrec, Y. and Simonin, J. (2019a). Cyber Attacks Real Time Detection: Towards A Cyber Situational Awareness for Naval Systems. In 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA). IEEE, pp. 12.CrossRefGoogle Scholar
Jacq, O., Laso, P. M., Brosset, D., Simonin, J., Kermarrec, Y. and Giraud, M. A. (2019b). Maritime Cyber Situational Awareness Elaboration for Unmanned Vehicles. In Maritime Situational Awareness Workshop.Google Scholar
Jensen, L. (2015). Challenges in maritime cyber-resilience. Technology Innovation Management Review, 5(4), 35.CrossRefGoogle Scholar
Jones, K. D., Tam, K. and Papadaki, M. (2016). Threats and Impacts in Maritime Cyber Security.Google Scholar
Kalogeraki, E. M., Apostolou, D., Polemi, N. and Papastergiou, S. (2018a). Knowledge management methodology for identifying threats in maritime/logistics supply chains. Knowledge Management Research & Practice, 16(4), 508524.CrossRefGoogle Scholar
Kalogeraki, E. M., Papastergiou, S., Mouratidis, H. and Polemi, N. (2018b). A novel risk assessment methodology for SCADA maritime logistics environments. Applied Sciences, 8(9), 1477.CrossRefGoogle Scholar
Karantjias, A., Polemi, N. and Papastergiou, S. (2014). Advanced Security Management System for Critical Infrastructures. In IISA 2014, The 5th International Conference on Information, Intelligence, Systems and Applications. IEEE, pp. 291297.CrossRefGoogle Scholar
Karim, M. S. (2022). Maritime cybersecurity and the IMO legal instruments: Sluggish response to an escalating threat? Marine Policy, 143, 105138.CrossRefGoogle Scholar
Kayisoglu, G., Bolat, P. and Tam, K. (2022). Evaluating SLIM-based human error probability for ECDIS cybersecurity in maritime. Journal of Navigation, 75(6), 13641388.CrossRefGoogle Scholar
Kidd, R. and McCarthy, E. (2019). Maritime education in the age of autonomy. WIT Transactions on the Built Environment, 187, 221230.CrossRefGoogle Scholar
Lee, A. R. and Wogan, H. P. (2018). All at Sea: The Modern Seascape of Cybersecurity Threats of the Maritime Industry. In OCEANS 2018 MTS/IEEE Charleston. IEEE, pp. 18.CrossRefGoogle Scholar
Liu, Z., Zhang, B., Zhang, M., Wang, H. and Fu, X. (2023). A quantitative method for the analysis of ship collision risk using AIS data. Ocean Engineering, 272, 113906.CrossRefGoogle Scholar
Lovell, K. N. and Heering, D. (2019). Exercise Neptune: Maritime Cybersecurity Training Using the Navigational Simulators. In 5th InterdisciPlinary Cyber Research Conference 2019, p. 34.Google Scholar
Lund, M. S., Gulland, J. E., Hareide, O. S. and Weum, K. O. C. (2018a). Integrity of Integrated Navigation Systems. In 2018 IEEE Conference on Communications and Network Security (CNS). IEEE, pp. 15.CrossRefGoogle Scholar
Lund, M. S., Hareide, O. S. and Jøsok, Ø. (2018b). An Attack on an Integrated Navigation System.Google Scholar
Meland, P. H., Nesheim, D. A., Bernsmed, K. and Sindre, G. (2022). Assessing cyber threats for storyless systems. Journal of Information Security and Applications, 64, 103050.CrossRefGoogle Scholar
Möller, D. P., Jehle, I. A., Froese, J., Deutschmann, A. and Koch, T. (2018). Securing Maritime Traffic Management. In 2018 IEEE International Conference on Electro/Information Technology (EIT). IEEE, pp. 04530458.CrossRefGoogle Scholar
Mouratidis, H. and Diamantopoulou, V. (2018). A security analysis method for industrial internet of things. IEEE Transactions on Industrial Informatics, 14(9), 40934100.CrossRefGoogle Scholar
Mraković, I. and Vojinović, R. (2019). Maritime cyber security analysis–How to reduce threats? Transactions on Maritime Science, 8(01), 132139.CrossRefGoogle Scholar
Papastergiou, S. and Polemi, N. (2014). Harmonizing Commercial Port Security Practices & Procedures in Mediterranean Basin. In IISA 2014, The 5th International Conference on Information, Intelligence, Systems and Applications. IEEE, pp. 292297.Google Scholar
Perrine, K. A., Levin, M. W., Yahia, C. N., Duell, M. and Boyles, S. D. (2019). Implications of traffic signal cybersecurity on potential deliberate traffic disruptions. Transportation Research Part A: Policy and Practice, 120, 5870.Google Scholar
Polatidis, N., Pavlidis, M. and Mouratidis, H. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards & Interfaces, 56, 7482.CrossRefGoogle Scholar
Polemi, N. and Papastergiou, S. (2015). Current Efforts in Ports and Supply Chains Risk Assessment. In 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE, pp. 349354.CrossRefGoogle Scholar
Potamos, G., Theodoulou, S., Stavrou, E. and Stavrou, S. (2023). Building Maritime Cybersecurity Capacity Against Ransomware Attacks. In Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media: Cyber Science 2022; 20–21 June; Wales. Singapore: Springer Nature Singapore, pp. 87101.Google Scholar
Pseftelis, T. and Chondrokoukis, G. (2021). A study about the role of the human factor in maritime cybersecurity. SPOUDAI-Journal of Economics and Business, 71(1-2), 5572.Google Scholar
Shapiro, L. R., Maras, M. H., Velotti, L., Pickman, S., Wei, H. L. and Till, R. (2018). Trojan horse risks in the maritime transportation systems sector. Journal of Transportation Security, 11(3-4), 6583.CrossRefGoogle Scholar
Silverajan, B. and Vistiaho, P. (2019). Enabling Cybersecurity Incident Reporting and Coordinated Handling for Maritime Sector. In 2019 14th Asia Joint Conference on Information Security (AsiaJCIS). IEEE, pp. 8895.CrossRefGoogle Scholar
Silverajan, B., Ocak, M. and Nagel, B. (2018). Cybersecurity Attacks and Defences for Unmanned Smart Ships. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE, pp. 1520.CrossRefGoogle Scholar
Söner, Ö, Kayisoglu, G., Bolat, P. and Tam, K. (2023). Cybersecurity risk assessment of VDR. The Journal of Navigation, First View, 118.Google Scholar
Spidalieri, F. and McArdle, J. (2016). Transforming the next generation of military leaders into cyber-strategic leaders: the role of cybersecurity education in US service academies. The Cyber Defense Review, 1(1), 141164.Google Scholar
Spousta, R. and Chan, S. (2016). Ocean Data Vulnerability to Cyber Manipulation and Consequences for Infrastructural Resilience. In 2016 Future Technologies Conference (FTC). IEEE, pp. 672680.CrossRefGoogle Scholar
Svilicic, B., Rudan, I., Jugović, A. and Zec, D. (2019a). A study on cyber security threats in a shipboard integrated navigational system. Journal of Marine Science and Engineering, 7(10), 364.CrossRefGoogle Scholar
Svilicic, B., Brčić, D., Žuškin, S. and Kalebić, D. (2019b). Raising awareness on cyber security of ECDIS. TransNav: International Journal on Marine Navigation and Safety of Sea Transportation, 13, 1.CrossRefGoogle Scholar
Svilicic, B., Kamahara, J., Celic, J. and Bolmsten, J. (2019c). Assessing ship cyber risks: a framework and case study of ECDIS security. WMU Journal of Maritime Affairs, 18(3), 509520.CrossRefGoogle Scholar
Svilicic, B., Kamahara, J., Rooks, M. and Yano, Y. (2019d). Maritime cyber risk management: an experimental ship assessment. The Journal of Navigation, 72(5), 11081120.CrossRefGoogle Scholar
Svilicic, B., Rudan, I., Frančić, V. and Doričić, M. (2019e). Shipboard ECDIS cyber security: third-party component threats. Pomorstvo, 33(2), 176180.CrossRefGoogle Scholar
Tam, K. and Jones, K. (2019a). MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs, 18(1), 129163.CrossRefGoogle Scholar
Tam, K. and Jones, K. (2019b). Forensic Readiness Within the Maritime Sector. In 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA). IEEE, pp. 14.CrossRefGoogle Scholar
Tam, K., Hopcraft, R., Moara-Nkwe, K., Misas, J. P., Andrews, W., Harish, A. V., Giménez, P., Crichton, T. and Jones, K. (2021a). Case Study ofa Cyber-Physical Attack Affecting Port and Ship Operational Safety. Journal of Transportation Technologies, 12, 127.CrossRefGoogle Scholar
Tam, K., Moara-Nkwe, K. and Jones, K. (2021b). The use of cyber ranges in the maritime context: assessing maritime-cyber risks, raising awareness, and providing training. Maritime Technology and Research, 3(1), 1630.Google Scholar
Thant, M. M. (2018). The Legal, Administrative and Operational Framework for the Safe Maritime Transport of Dangerous Goods: Myanmar as a Case Study.Google Scholar
Xu, L., Chen, N., Chen, Z., Zhang, C. and Yu, H. (2021). Spatiotemporal forecasting in earth system science: methods, uncertainties, predictability and future directions. Earth-Science Reviews, 222, 103828.CrossRefGoogle Scholar
Xu, L., Yu, H., Chen, Z., Du, W., Chen, N. and Zhang, C. (2023). Monthly ocean primary productivity forecasting by joint use of seasonal climate prediction and temporal memory. Remote Sensing, 15(5), 1417.CrossRefGoogle Scholar
Yamada, H. (2020). Development of Maritime Education and Training Methods with Technological Innovation: Japan as a Case Study Focusing on MASS.Google Scholar
Yu, H., Fang, Z., Murray, A. T. and Peng, G. (2019). A direction-constrained space-time prism-based approach for quantifying possible multi-ship collision risks. IEEE Transactions on Intelligent Transportation Systems, 22(1), 131141.CrossRefGoogle Scholar
Yu, H., Fang, Z., Fu, X., Liu, J. and Chen, J. (2021a). Literature review on emission control-based ship voyage optimization. Transportation Research Part D: Transport and Environment, 93, 102768.CrossRefGoogle Scholar
Yu, H., Murray, A. T., Fang, Z., Liu, J., Peng, G., Solgi, M. and Zhang, W. (2021b). Ship path optimization that accounts for geographical traffic characteristics to increase maritime port safety. IEEE Transactions on Intelligent Transportation Systems, 23(6), 57655776.CrossRefGoogle Scholar
Yu, H., Meng, Q., Fang, Z., Liu, J. and Xu, L. (2023). A review of ship collision risk assessment, hotspot detection and path planning for maritime traffic control in restricted waters. The Journal of Navigation, 75(6), 127.Google Scholar
Zăgan, R., Raicu, G., Hanzu-Pazara, R. and Enache, S. (2018). Realities in Maritime Domain Regarding Cyber Security Concept. In Advanced Engineering Forum, Vol. 27. Trans Tech Publications Ltd, pp. 221228.CrossRefGoogle Scholar
Supplementary material: File

Yu et al. supplementary material

Yu et al. supplementary material
Download Yu et al. supplementary material(File)
File 4.6 MB