论文信息 - Assessing ship cyber risks: a framework and case study of ECDIS security

Assessing ship cyber risks: a framework and case study of ECDIS security

The growing reliance of the shipping industry on information and communication technologies places a high premium on cyber risk management. The International Maritime Organization has imposed improvement of the approved safety management system of ships by incorporating the cyber risk management no later than the first annual verification of a shipping company’s document of compliance following 1 January 2021. In this paper, we present a framework for assessing cyber risks that affect safe operation of ships. The framework relies on an on-board survey to identify existing safeguards, cyber security testing to detect vulnerabilities and threats, and determination of the cyber risk level. The cyber security testing of the ship’s critical systems and assets, as the specific part of the framework, is introduced and studied. The cyber security testing method is based on computational vulnerability scanning and penetration testing techniques, which is aligned with the upcoming maritime standard IEC 63154. For a case study, the testing of a shipboard Electronic Chart Display and Information System cyber security was performed using an industry vulnerability scanning tool.

[1] Mass Soldal Lund,et al. Enhancing Navigator Competence by Demonstrating Maritime Cyber Security , 2018, Journal of Navigation.

[2] Joe Burton. Cyber attacks and maritime situational awareness evidence from Japan and Taiwan , 2016, 2016 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (CyberSA).

[3] Thomas W. Dillon,et al. Airport body scanning: will the American public finally accept? , 2015 .

[4] Haralambos Mouratidis,et al. Cyber-attack path discovery in a dynamic supply chain maritime risk management system , 2018, Comput. Stand. Interfaces.

[5] Salman Nazir,et al. Consistency in the development of performance assessment methods in the maritime domain , 2018 .

[6] Marco Balduzzi,et al. A security evaluation of AIS automated identification system , 2014, ACSAC.

[7] Marijan Gržan,et al. ANALYSIS OF SOFTWARE THREATS TO THE AUTOMATIC IDENTIFICATION SYSTEM , 2017 .

[8] Kevin D. Jones,et al. MaCRA: a model-based framework for maritime cyber-risk assessment , 2019, WMU Journal of Maritime Affairs.

[9] Marie-Helen Maras,et al. Trojan horse risks in the maritime transportation systems sector , 2018 .

[10] Antonio M. Pascoal,et al. Cyber Security Issues in Navigation Systems of Marine Vessels From Control Perspective , 2017 .

[11] Sang-Kyun Park,et al. Improving cyber security awareness in maritime transport : A way forward , 2017 .