Understanding of the cyber risk on board ship and ship stability
Abstract
In the last years cyber security has become a relevant issue for the maritime industry. The increasing digitalization in the maritime sector enables the remote communication between the ships and the headquarter company by means of information technology systems, and most of the operational technology (OT) equipment on board ships exchanges online communications data with the shore for monitoring the main functions of the ship. Failure the vessel operational technology (OT) equipment on board ship, like the ECDIS map for navigation, the steering systems and the main engine controls, has serious consequences. In this article we discussed the vulnerability of different OT equipments on board ship, and we highlighted how the hacker can inject some malware that affects the hull stress monitoring systems (HSMS), or can easy manipulate the EDI messaging text of the load plan (there is still a significant lack of security in the validation of message integrity) that finally leads to detrimental effects on the the ship’s stability.
Downloads
References
[2]. BIMCO, “Guide version 3 November” 2019,
https://www.ics-shipping.org/docs/default-source/resources/safety-security-and-operations/guidelines-on-cyber-security-onboard-ships.pdf?sfvrsn=20
[3]. Blog of Lasse Karstensen, “Varnish, Sailing and occasional weekend hacks”, (August 2016). NMEA2000 and CANbus, online - https://lassekarstensen.wordpress.com/2016/08/09/nmea2000-and-canbus/
[4]. Chiţu M.G., Manea E., Bormambet M., “Modelation of the oscillatory motions of the ship for the Mediterranean sea navigation conditions, using the OCTOPUS software”, Analele Universităţii Maritime din Constanţa, an XIV, Vol.19, 2013, pag 37-44, 2013;
[5]. Chiţu M.G., Zăgan R., Manea E, “Dependence analysis for the amplitude oscillatory movements of the ship in response to the incidence wave”, ModTech International Conference, Modern Technologies in Industrial Engineering, 17-20 iunie 2015, https://iopscience.iop.org/1757-899X/5/1 , 2015;
[6]. Chiţu G., Zăgan R.,”Comparative study of dynamic nautical features of turning computer asist and sea trial”, International Journal of Modern Manufacturing Technologies ISSN 2067–3604, Vol. I, No. 1, page 21-24, 2009;
[7]. Chiţu G.M., Zăgan R., “Prediction for roll and roll cross-vertical oscillatory motions of the ship in the real sea using OCTOPUS”, International Conference MODTECH 2013: Modern Technologies in Industrial Engineering, Sinaia, 27-29 June, ISSN 2067–3604, pp. 40-49, Vol. VI, No. 1, 2014;
[8]. European Parliament. Directive (EU) 2016/1148. “Official Journal of the European Union”, 2014(L194):1–30, 2016;
[9]. Futurenautics Research. “Crew Connectivity 2018 Survey Report”. page 29, 2018;
[10]. Gartner. “It glossary, online”. https://www.gartner.com/it-glossary, 2018;
[11]. IMO, “Interim guidelines on maritime cyber risk management”, IMO-MSC 1/CIRC 1526 June 1st edited in June 2016.
[12]. Information Security Audit and Control Association, “The Merging of Cybersecurity and Operational Technology”, pages 1–8, 2016;
[13]. INTERIM GUIDELINES ON MARITIME CYBER RISK MANAGEMENT, MSC.1/Circ. 1526, 1 June 2016;
[14]. Kimberly Tam, Kevin Jones, “Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping”, Journal of Cyber Policy on August 29th 2018, available online: https://www.tandfonline.com/doi/full/10.1080/23738871.2018.1513053
[15]. Lloyd’s Register’s, “Cyber-enabled ships, Deploying information and communications technology in shipping”, First edition, February 2016;
[16]. Maria Papadaki, Kimberly Tam, Kevin D. Jones, “Threats and Impacts in Maritime Cyber Security”, https://www.researchgate.net / publication/304263412_Threats_and_Impacts_in_Maritime_Cyber_Security
[17]. Richard Benham and James Sproule, “Cyber Security”, IOD Policy Report March, 177, 2017;
[18]. Skema , “Interactive Knowledge Platform For Transport And Logistics, Navigation systems including developments in e-navigation”, 2019, http://www.eskema.eu/defaultinfo.aspx?topicid=47&index=4
[19]. BIMCO, “Story in numbers with BIMCO”, online - https://cybersail.org/wp-content/uploads/2017/02/IHS-BIMCO-Survey-Findings.pdf , 2016;
[20]. Sotiria Lagouvardou, “Maritime Cyber Security:concepts, problems and models”, Master Thesis 2018;
[21]. Zăgan R., Raicu G., Hanzu-Pazara R., Enache S., “Realities in maritime domain regarding cyber security concept”, Proceedings of ADEM Conference 2016, Drobeta Turnu Severin, publishing in the Trans Tech Publication volume (book) Advances in Engineering and Management ISSN 1662–8985, Issue 881, page 221-228, DOI: 10.4028/www.scientific.net/AEF.27.221, 2016;
[22]. Zăgan R., Chiţu G.M., Manea E., “Ship manoeuvrability prediction using wavelets and neural networks”, International Conference MODTECH 2014: Modern Technologies in Industrial Engineering, Gliwice, 13-16 July, 2014, Proceedings of MODTECH 2014 International Conference, Advanced Materials Research ISSN 1662–8985, Issue 1033-1036, p946-951, 2014;
[23]. https://cybersail.org/wp-content/uploads/2017/02/IHS-BIMCO-Survey-Findings.pdf
[24]. CyberKeel, “Maritime Cyber-Risks: Virtual Pirates at Large on the Cyber Seas”, Copenhagen: CyberKeel, http://www.cyberkeel.com/images/pdf-files/Whitepaper.pdf , 2014;
[25]. http://www.safety4sea.com/wp-content/uploads/2016/02/ESC-White-paper-on-Maritime-Cyber-Security-2016_02.pdf
[26]. ENISA, “Cyber Security Aspects in the Maritime Sector” https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1 ,
[27]. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
[28]. https://navarino.gr/wp-content/uploads/2018/04/Crew_Connectivity_2018_Survey_Report.pdf
[29]. DNV-GL- RP-0496, “Cyber security resilience management for ships and mobile offshore units in operation”, http://www.gard.no/Content/21865536/DNVGL-RP-0496.pdf , edition September 2016;
[30]. http://www.engineersjournal.ie/2014/07/17/merchant-shipping-and-the-marine-engineering-technology-revolution/
[31]. https://www.pentestpartners.com/security-blog/hacking-tracking-stealing-and-sinking-ships
[32]. http://signalk.org/overview.html
[33]. http://www.shippipedia.com/ship-automation-control-system/
[34]. http://archive.indianexpress.com/news/merchant-vessel-mol-comfort-splits-into-two-off-mumbai-coast-crew-rescued/1130174
[35]. http://www.coastdesign.no/products/loading-computer/?article_id=64
[36]. https://www.pentestpartners.com/security-blog/making-prawn-espressos-or-hacking-ships-by-deciphering-baplie-edifact-messaging/
University of Galati, Fascicle XI Shipbuilding, pp.19-24, 2016.