Maritime Cyber Risk Management: An Experimental Ship Assessment

Sviličić, Boris; Kamahara, Junzo; Rooks, Matthew; Yano, Yuji

doi:10.1017/s0373463318001157

Cited by 54 publications

(35 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Thus, maritime cyber security, understood as measures taken to protect network and computer assets both on ships, terminals, ports, and all computerized equipment supporting maritime operations, is an important aspect for maintaining the integrity of information exchange, without modifications and losses. Thus, the need for cyberrisk management is becoming critically important [3].…”

Section: Introductionmentioning

confidence: 99%

Safe Information Exchange on Board of the Ship

Ahvenjärvi¹,

Czarnowski²,

KÁla³

et al. 2019

TransNav

View full text Add to dashboard Cite

Information exchange is an important component of life and human behavior on the personal level. It is also an important factor from the perspective of a technical and business processes. An interesting safety-critical environment for information exchange is a ship, where different kinds of information is sent and received both internally and externally. Information is exchanged internally for communication among the crew and in different technical systems onboard the ship. In many cases, safety of information exchange is especially crucial. This paper presents a taxonomy of information, bearing in mind its exchange, and discusses the problem of safe information exchange considering different systems existing on board the ship and the relation between different actors. The issue of safe information exchange from the perspective of maritime training is also discussed.

show abstract

Section: Introductionmentioning

confidence: 99%

Safe Information Exchange on Board of the Ship

Ahvenjärvi¹,

Czarnowski²,

KÁla³

et al. 2019

TransNav

View full text Add to dashboard Cite

show abstract

“…In the case of the tested INS, the manufacturer of the underlying operating system will discontinue support and strongly recommend moving to next generation before the end of the current year (2019) [34]. The identified cyber threats corresponded to the previous findings with shipboard ECDIS and radar systems, indicating the same cyber risk threatening each of the navigation systems that are from different manufacturers and are installed on different types of ships [1,21].…”

Section: Risk Level Determinationmentioning

confidence: 72%

“…The identified threats were analyzed qualitatively to study the source of cyber risks threatening the INS. The results obtained point out cyber threats related to weaknesses of the INS underlying operating system, suggesting a need for occasional preventive maintenance in addition to the regulatory compliance required.Recently, cybersecurity assessments of a shipboard ECDIS and a shipboard radar have been presented [1,21]. Although both the ECDIS and radar are IMO type approved and computer-based systems, they are installed as an individual equipment, providing their basic functionality.…”

mentioning

confidence: 99%

See 1 more Smart Citation

A Study on Cyber Security Threats in a Shipboard Integrated Navigational System

Sviličić

Rudan

Jugović

et al. 2019

JMSE

View full text Add to dashboard Cite

The integrated navigational system (INS) enhances the effectiveness and safety of ship navigation by providing multifunctional display on the basis of integration of at least two navigational functions, the voyage route monitoring with Electronic Chart Display and Information System (ECDIS) and collision avoidance with radar. The INS is essentially a software platform for fusion of data from the major ECDIS and radar systems with sensors for the additional navigation functions of route planning, status and data display, and alert management. This paper presents a study on cyber security resilience examination of a shipboard INS installed on a RoPax ship engaged in international trade. The study was based on a mixed-method approach, combining an interview of the ship's navigational ranks and cyber security testing of the INS using an industry vulnerability scanner. The identified threats were analyzed qualitatively to study the source of cyber risks threatening the INS. The results obtained point out cyber threats related to weaknesses of the INS underlying operating system, suggesting a need for occasional preventive maintenance in addition to the regulatory compliance required.

show abstract

“…Ship operational technology systems for a last two decades have been intensively developed by means of digitalization, integration and networking. The development resulted in complex and computerbased technology systems, and therefore there is urgent need for safeguarding shipping from cyber threats and vulnerabilities (Svilicic et al 2019, Tam et al 2019, Filic 2018, Kessler et al 2018, Polatid et al 2018, Hareide et al 2018, Shapiro et al, 2018, Svilicic et al 2018, Lee et al 2017, Hassani et al 2017, Burton 2016, Balduzzi et al 2014, Svilicic et al 2005. The International Maritime Organization (IMO) has recently published the Guidelines on high-level recommendations for maritime cyber risk management (IMO MSC-FAL.1/Circ.3 2017), and imposed to include cyber risk assessment in the implementation of the International Safety Management (ISM) Code safety management system on ships by 1st of January 2021 (IMO MSC.428(98) 2017).…”

Section: Introductionmentioning

confidence: 99%

Raising Awareness on Cyber Security of ECDIS

Sviličić¹,

Brčić²,

Žuškin³

et al. 2019

TransNav

Self Cite

View full text Add to dashboard Cite

In the maritime transport, the Electronic Chart Display and Information System (ECDIS) has been developed into a complex computer-based ship critical operational technology system, playing central roles in the safe ship navigation and transport. While ECDIS software maintenance is regulated by the International Maritime Organization (IMO) ECDIS performance standards and related circulars, underlying software and hardware arrangements are implemented by ship-owners and supported by ECDIS equipment manufacturers. In this paper, we estimate ECDIS cyber security in order to study the origin of ECDIS cyber security risks. A set of ECDIS systems is examined using an industry-leading vulnerability scanning software tool, and cyber threats regarding the ECDIS backup arrangement, underlying operating system and third party applications are studied.

show abstract

Maritime Cyber Risk Management: An Experimental Ship Assessment

Cited by 54 publications

References 9 publications

Safe Information Exchange on Board of the Ship

Safe Information Exchange on Board of the Ship

A Study on Cyber Security Threats in a Shipboard Integrated Navigational System

Raising Awareness on Cyber Security of ECDIS

Contact Info

Product

Resources

About