The impact of cybersecurity on the regulatory legal framework for maritime security (original) (raw)
Related papers
Commercial Maritime and Cyber Risk Management
Safety & Defense
The starting point of the paper is the recognition of the growing threat of cyber-attacks to commercial maritime. Constantly growing dependency on technology has obvious advantages, on the other hand, however, it makes commercial maritime vessels progressively more vulnerable to cyber-crime, including GPS signal interference, malware attacks or even gaining control over ships’ systems and networks. The main objective of the paper is to present and discuss the Guidelines on Cyber Security Onboard Ships developed by the International Maritime Organization, including best practices for implementation of cyber risk management. The article’s goal is to summarize the guidelines and to familiarize the reader with the reasons why and the methods how they should be implemented. The paper is concluded with an example how the Guidelines can be adopted by national authorities, i.e., a brief presentation of “Code of Practice: Cyber Security for Ships” – a document developed by the British govern...
Cyber security in marine transport
Pomorstvo, 2021
In recent years, the number of cyber attacks, virus carriers, and cybercrime on maritime transport facilities has increased significantly. The emergence of new types of maritime vessels, such as autonomous vessels, dependent entirely on information and communication technologies used for passengers, cargo and baggage transportation, requires legal regulation of relations in this area. Therefore, ensuring cybersecurity in maritime transport and the need to adopt appropriate legal norms, standards and measures at both the international and national levels to manage maritime cyber risks are considered one of the most relevant topics for maritime transport. There is no single, systematic integrated approach, unification of requirements and rules in cybersecurity’s sphere of maritime transport [15]. In this regard, the authors analyze the issues of ensuring cybersecurity in maritime transport, the legal basis of security: some international documents and national legal acts, regulating c...
Analysis of Cyber Risk Management Frameworks for The Maritime Industry
IEEES-092, 2024
Cyber risks in the maritime industry have become an important concern due to the increasing digitalization of maritime systems. This paper aims to underline the importance of a holistic approach to cyber risks in the maritime industry due to the interconnected shore and naval systems. The paper begins by presenting a model-based framework for maritime cyber risk assessment. (Tam & Jones, 2019). In the second part, the paper mentions the guidelines published by organizations in the maritime industry, such as IMO, BIMCO, Intercargo, and INTERTANKO. The third part also discusses the potential cyber risks on the maritime systems, which is addressed in eight different groups by IMO in Maritime Cyber Risk Management MSC-Fal. 1/Circ.3/Rev.2. It also discusses the vulnerabilities of bridge systems such as Electronic Chart Display and Information System (ECDIS), Automatic Identification System (AIS), and Voyage Data Recorder (VDR). It presents a conceptual framework for digitalization capabilities to achieve sustainable cyber resilience in the maritime industry (Annarelli & Palombi, 2021). In conclusion, the paper highlights the importance of SOC2 and ISO 27001, which can be used to help complying maritime companies with the guidelines or regulations. It also underscores the importance of a specific Cyber Risk Management Framework that addresses both shore and naval entities, operating within the scope of the maritime industry.
Cybersecurity Challenges in the Maritime Sector
Network
Cyberattacks have been rapidly increasing over the years, resulting to big financial losses to businesses for recovery, regulatory sanctions, as well as collateral damages, such as reputation and trust. In this respect, the maritime sector, which until now was considered safe due to the lack of Internet connectivity and the isolated nature of ships in the sea, is showing a 900% increase in cybersecurity breaches on operational technology as it enters the digital era. Although some research is being conducted in this area, maritime cybersecurity has not been deeply investigated. Hence, this paper provides a close investigation of the landscape of cybersecurity in the maritime sector with the aim of highlighting security problems and challenges. First, it explores the systems available on ships that could be targeted by attackers, their possible vulnerabilities that an attacker could exploit, the consequences if the system is accessed, and actual incidents. Then, it describes and anal...
The International Maritime and Logistics Conference “Marlog 9”, 2020
Ships are increasingly using systems that rely on digitization, digitalization, integration, and automation, which call for cyber risk management on board. As technology continues to develop, information technology (IT) and operational technology (OT) onboard ships are being networked together-and more frequently connected to the internet. In 2017, the International Maritime Organization (IMO) adopted resolution MSC.428(98) on Maritime Cyber Risk Management in Safety Management System (SMS). The Resolution stated that an approved Safety Management System SMS should take into account cyber risk management in accordance with the objectives and functional requirements of the International Safety Management (ISM) CODE. The IMO encourages administrations to ensure that cyber risks are appropriately addressed in safety management systems no later than the first annual verification of the company's Document of Compliance after 1 January 2021. This paper presents Guidelines on Cyber Security Onboard Ships that are aligned with IMO resolution MSC.428 to asses companies to identify risks arising from the use of IT and OT onboard ships and establish appropriate safeguards against cyber incidents, The aim of this study is to analyze cyber vulnerabilities of significant maritime technologies to the port facilities and on board of vessels , Evaluates the different frame works and guidelines on maritime cyber risk management to demonstrate the seriousness of maritime cyber threats for national security. INTRODUCTION The growth of digitalization and the connectedness produce pressure on the industry to be more and more connected. Nonetheless, the absolute dependency of systems and equipment regarding interconnectivity operations is creating more vulnerability and representing an increase in opportunities for the cyber-criminal (NEP&I, 2017), the world is relying more on technology than ever before. Numerous applications of technology have become a fundamental part of shipping, providing real information and effective communication around the world, instantaneously. Digital technology has advanced and increased exponentially in recent years; information technology (IT) and operational technology (OT) are more frequently connected to the world wide web than ever before, and the shipping industry cannot escape this reality (IMO, 2018). However, technology is also bringing along certain risks regarding safety and security of shipping operations that could possibly spill over to the economic domain, considering that both
A Retrospective Analysis of Maritime Cyber Security Incidents
TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation
The maritime industry is undergoing a rapid evolution through the introduction of new technology and the digitization of existing services. At the same time, the digital attack surface is increasing, and incidents can lead to severe consequences. This study analyses and gives an overview of 46 maritime cyber security incidents from the last decade (2010-2020). We have collected information from open publications and reports, as well as anonymized data from insurance claims. Each incident is linked to a taxonomy of attack points related to onboard or off-ship systems, and the characteristics have been used to create a Top-10 list of maritime cyber threats. The results show that the maritime sector typically has incidents with low frequency and high impact, which makes them hard to predict and prepare for. We also infer that different types of attackers use a variety of attack points and techniques, hence there is no single solution to this problem. http://www.transnav.eu the International Journal on Marine Navigation and Safety of Sea Transportation Volume 15 Number 3
Maritime Security Editorial Note
hen considering the term “maritime security”, a traditional approach immediately refers to the naval strategy aspects with regard the protection of national maritime borders and sensitive maritime trade choke-points. Over the past few years, however, due to a gradual emergence of various issues related to or occurring in the maritime domain, the international security studies field has experienced a birth of a new sub-division, focused on the maritime domain, its global importance, and a variety of off-shore based threats that generate an increasing impact factor on the on-shore environment. Researchers from different backgrounds have engaged into adjoined projects with an aim to merge methodologies available in the traditional security studies, contemporary critical security studies, law of the sea studies, maritime law studies and other related fields. This ambitious endeavour has just begun, and aims to form an international, multi-disciplinary forum (political sciences, law, economy, sociology and others) where researchers and practitioners will be given an opportunity to accumulate knowledge and experience, and gather with an aim to define the outreach of this new emerging sub-field – the international maritime security studies.
Addressing the Cyber-Security of Maritime Shipping
European Transport Conference 2016Association for European Transport (AET), 2016
Attacks on software occur worldwide on a daily basis targeting individuals, corporations and governments alike. The computer systems that control maritime shipping are at risk from serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these computer systems. These vulnerabilities leave such information systems open to cyber-attack. Disruption of those systems could have disastrous consequences at worldwide level. The assessment of the security of maritime shipping systems has had two significant limitations. First, existing studies have been directed at identifying risks, but have not taken the critical (and expensive) next step of actually identifying the vulnerabilities present in these systems. Second, these studies have focused on overall port operations. While such an overview is important, and has resulted on overall recommendations for changes in policy, they have not provided an evaluation of security issues in the computer systems that control these ports and their terminals. We need a focused, detailed, in-depth vulnerability assessment of the software that manages freight systems. In this paper, we survey the state of the art in cyber-security for maritime shipping, identify the main problems and current initiatives, and then outline a new research direction for improving the security of our freight systems.
Cyber Security in the Maritime Industry: A Systematic Survey of Recent Advances and Future Trends
Information, 2022
The paper presents a classification of cyber attacks within the context of the state of the art in the maritime industry. A systematic categorization of vessel components has been conducted, complemented by an analysis of key services delivered within ports. The vulnerabilities of the Global Navigation Satellite System (GNSS) have been given particular consideration since it is a critical subcategory of many maritime infrastructures and, consequently, a target for cyber attacks. Recent research confirms that the dramatic proliferation of cyber crimes is fueled by increased levels of integration of new enabling technologies, such as IoT and Big Data. The trend to greater systems integration is, however, compelling, yielding significant business value by facilitating the operation of autonomous vessels, greater exploitation of smart ports, a reduction in the level of manpower and a marked improvement in fuel consumption and efficiency of services. Finally, practical challenges and fut...