Skip to main content Accessibility help

Maritime Cyber Risk Management: An Experimental Ship Assessment

  • Boris Svilicic (a1), Junzo Kamahara (a2), Matthew Rooks (a2) and Yoshiji Yano (a2)

The maritime transport industry is increasingly reliant on computing and communication technologies, and the need for cyber risk management of critical systems and assets on vessels is becoming critically important. In this paper, a comprehensive cyber risk assessment of a ship is presented. An experimental process consisting of assessment preparation activities, assessment conduct and results communication has been developed. The assessment conduct relies on a survey developed and performed by interviewing a ship's crew. Computational vulnerability scanning of the ship's Electronic Chart Display and Information System (ECDIS) is introduced as a specific part of this cyber security assessment. The assessment process presented has been experimentally tested by evaluating the cyber security level of Kobe University's training ship Fukae-maru. For computational vulnerability scanning, an industry-leading software tool has been used, and a quantitative cyber risk analysis has been conducted to evaluate cyber risks on the ship.

Corresponding author
Hide All
Balduzzi, M., Pasta, A. and Wilhoit, K. (2014). A security evaluation of AIS automated identification system. Proceedings of the 30th Annual Computer Security Applications Conference, New Orleans, USA.
Baltic and International Maritime Council. (BIMCO). (2017). The guidelines on cyber security onboard ships. Version 2.0. BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.
Botunac, I. and Grz̆an, M. (2017). Analysis of software threats to the automatic identification system. Brodogradnja, 68, 97105.
Burton, J. (2016). Cyber attacks and maritime situational awareness: Evidence from Japan and Taiwan. Proceedings of the 2016 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, London, UK.
Det Norte Veritas – Germanischer Lloyd (DNV-GL). (2016). Cyber security resilience management for ships and mobile offshore units in operation. DNVGL-RP-0496. DNV-GL.
Ernstsen, J. and Nazir, S. (2018). Consistency in the development of performance assessment methods in the maritime domain. WMU Journal of Maritime Affairs, 17, 7190.
Hareide, O.S., Jøsok, Ø., Lund, M.S, Ostnes, R. and Helkala, K. (2018). Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. The Journal of Navigation, 71, 10251039.
Hassani, V., Crasta, N. and Pascoal, A.M. (2017). Cyber security issues in navigation systems of marine vessels from a control perspective. Proceedings of the International Conference on Ocean, Offshore Mechanics and Arctic Engineering, Trondheim, Norway.
International Maritime Organization - Maritime Safety Committee (IMO-MSC). (2017a). ECDIS – Guidance for good practice. MSC.1/Circ.1503/Rev.1. International Maritime Organization.
IMO-MSC. (2017b). Maritime Cyber Risk Management in Safety Management Systems. MSC 98/23/Add.1. International Maritime Organization.
International Maritime Organization (IMO). (2013). International Ship and Port Facility Security (ISPS) Code. SOLAS/CONF.5/34. International Maritime Organization.
IMO. (2017c). Guidelines on maritime cyber risk management. MSC-FAL.1/Circ.3. International Maritime Organization.
Kobe University. (2018). Research Facilities: The training ship Fukae-maru. Available:
Lee, Y.C., Park, S.K., Lee, W.K. and Kang, J. (2017). Improving cyber security awareness in maritime transport: A way forward. Journal of the Korean Society of Marine Engineering, 41, 738745.
Microsoft. (2018). Microsoft: Search product lifecycle. Available:
National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1. National Institute of Standards and Technology.
Nessus. (2018). Tenable Products: Nessus Professional. Available:
Polatid, N., Pavlidis, M. and Mouratidis, H. (2018) Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards and Interfaces, 59, 7482.
Shapiro, L.R., Maras, M.-H., Velotti, L., Pickman, S., Wei, H.-L. and Till, R. (2018). Trojan horse risks in the maritime transportation systems sector. Journal of Transportation Security, 8, 119.
Svilicic, B. and Kras, A. (2005). Computer Systems Privacy Protection. Journal of Maritime Research Pomorstvo, 19, 275284.
Recommend this journal

Email your librarian or administrator to recommend adding this journal to your organisation's collection.

The Journal of Navigation
  • ISSN: 0373-4633
  • EISSN: 1469-7785
  • URL: /core/journals/journal-of-navigation
Please enter your name
Please enter a valid email address
Who would you like to send this to? *



Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed