Assessing cyber risks on board ships: A literature review
Abstract
Due to the multiple cyber-attacks that resulted in financial losses and personal information breaches, cyber security has become an essential issue for the maritime industry today. This research aims to identify the potential cyber risks associated with operational technology (OT) systems on board ships that influence the cyber security of vessels through a state-of the-art literature review. Assessment of the cyber risks on board is carried out according to their likelihood and severity, using a risk score matrix, based on which, they are classified into three categories: high risk, medium risk, and low risk. Based on the classification of cyber risks on board the ship in the three categories, the measures to mitigate them can be defined, to ensure cyber hygiene on board the ship.
Downloads
References
[2]. International Maritime Organization, Guidelines on Maritime Cyber Risk Management, 2017. Accessed: Aug. 27, 2024. [Online]. Available:
https://wwwcdn.imo.org/localresources/en/O urWork/Security/Documents/Resolution%20M SC.428(98).pdf
[3]. American Bureau of Shipping. “Guide for Cybersecurity Implementation for the Marine and Offshore Industries ABS Cyber safety”, Vol 2, 2021. Accessed: Aug. 27, 2024. [Online]. Available: https://ww2.eagle.org/content/dam/eagle/rule s-and-guides/current/other/251-guide-forcybersecurity-implementation-for-the marine-and-offshore-industries---abscybersafety%C2%AE-volume-2/251cybersafety-v2-cybersecurity-guideaug23.pdf
[4]. BIMCO, Chamber of Shipping of America, Digital Containership Association, International Association of Dry Cargo Shipowners (INTERCARGO), InterManager, International Association of Independent Tanker Owners (INTERTANKO), International Chamber of Shipping (ICS), International Union of . Insurance (IUMI), Oil Companies International Marine Forum (OCIMF), Superyacht Builders Association (Sybass) and World Shipping Council (WSC), “The Guidelines on Cyber Security Onboard Ships”, 2020Accessed: Aug. 27, 2024. [Online]. Available: https://www.bimco.org/about-us-and-ourmembers/publications/the-guidelines-oncyber-security-onboard-ships
[5]. Det Norske Veritas, DNV GL Cyber secure class notation, 2020. Accessed: Aug. 27, 2024. [Online]. Available: https://www.traficom.fi/sites/default/files/media/file/5.%20DNV%20GL%20
Cyber%20secure%20Class%20Notation%20Information%20Day%20Finland
%20handout.pdf
[6]. iTrust Centre for Research in Cyber Security. “Guidelines for cyber risk management in shipboard operational technology systems”, 2022 Accessed: Aug. 27, 2024. [Online]. Available: https://itrust.sutd.edu.sg/research/projects/maritime-cyber/
[7]. National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity”, 2018. Accessed: Aug. 27, 2024.[Online]. Available: https://nvlpubs.nist.gov/nistpubs/cswp/nist.cswp.04162018.pdf
[8]. Det Norske Veritas, “Cyber Security Resilience Management for Ships and Mobile Offshore Units in Operation”, 2016. Accessed: Aug. 2024.
[Online]. Available: https://www.dnv.com/siteassets/images/pdfdocuments/dnv-gl-rp-0496.pdf
[9]. Boyes, H. and Isbell, R. “Code of Practice Cyber Security for Ships”, 2017, Accessed: Aug. 27, 2024. [Online]. Available: https://www.safety4sea.com/wpcontent/uploads/2017/09/UK-CyberSecurity-Code-of-Practice-for-ships2017_09.pdf
[10]. Parka, C., Shib, W., Zhangb, W., Kontovas, C., Changa, C. H. “Cybersecurity in the maritime industry: a literature review”, Proceedings of the International Association of Maritime Universities (IAMU) Conference, 2019, pp.79-86.
[11]. Cassi, E., Scialla, P. and Cavanna, J.P. “Tackling complexity: Protecting against cyber risk in the marine industry”. Lloyd’s Register Group Resilience Engineering, pp. 1-14, 2018. Accessed: Aug. 27, 2024. [Online]. Available: https://www.ccrzkr.org/files/documents/workshops/wrshp05
0919/Docs07_en.pdf
[12]. Schaik, P., Jeske, D., Onibokun, J., Coventry, L., Jansen, J. and Kusev, P. “Risk perceptions of cyber-security and precautionary behavior”, Computers in Human Behavior, vol. 75, no. 1, pp.547-559, 2017.
[13]. Craigen, D., Diakun-Thibault, N. and Purse, R. “Defining cybersecurity”, Technology Innovation Management Review, vol. 4, no.10, pp.13-21, 2014.
[14]. Svilicic, B., Kamahara, J., Rooks, M. and Yano, Y. “Maritime Cyber Risk Management: An Experimental Ship Assessment”. The Journal of Navigation, vol.72, no.5, pp.1108- 1120, 2019.
[15]. Caponi, S. and Belmont, K. “Maritime cybersecurity: A growing threat goes unanswered”, lntellectual Property and Technology Law Journal, vol. 27, no. 1, pp.16-18, 2015.