An Operational Approach to Maritime Cyber Resilience

As a result of the last decades development of technology and increased connectivity of maritime vessels, the need for maritime cyber security is undoubtedly present. In 2017, IMO officially recognized “... the urgent need to raise awareness on cyber threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks”. Thus, Maritime Cyber Resilience is seen as key by IMO in the improvement of the maritime cyber security. It is assumed that human error is the cause of more than half successful cyber-attacks. If technology somehow fails, in example because of a cyber threat, the human is expected to handle the problem and provide a solution. It is therefore necessary to focus on the human aspect when considering maritime cyber threats. This paper aims to provide a working definition of “Maritime Cyber Resilience”. Further, the paper argues why the human should be a focus of study, as the human is at the sharp edge in a potential maritime cyber emergency. http://www.transnav.eu the International Journal on Marine Navigation and Safety of Sea Transportation Volume 15

[1]  Dylan D. Schmorrow Cali M. Fidopiastis Augmented Cognition: Users and Contexts , 2018, Lecture Notes in Computer Science.

[2]  Erik Hollnagel,et al.  Resilience engineering and the built environment , 2014 .

[3]  Igor Linkov,et al.  Fundamental Concepts of Cyber Resilience: Introduction and Overview , 2018, Cyber Resilience of Systems and Networks.

[4]  Mass Soldal Lund,et al.  Enhancing Navigator Competence by Demonstrating Maritime Cyber Security , 2018, Journal of Navigation.

[5]  Joakim Dahlman,et al.  What is maritime navigation? Unfolding the complexity of a Sociotechnical System , 2017 .

[6]  Herbert J. Mattord,et al.  Principles of Information Security , 2004 .

[7]  David Brčić,et al.  Raising Awareness on Cyber Security of ECDIS , 2019, TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation.

[8]  Hristos Karahalios Appraisal of a Ship’s Cybersecurity efficiency: the case of piracy , 2020, Journal of Transportation Security.

[9]  Adam Sedgewick,et al.  Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0 , 2014 .

[10]  Yacov Y Haimes,et al.  On the Definition of Resilience in Systems , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[11]  Azad M. Madni,et al.  Towards a Conceptual Framework for Resilience Engineering , 2009, IEEE Systems Journal.

[12]  R. Shepherd Maritime , 1998 .

[13]  Gianluca Pescaroli,et al.  Managing Human Factors , 2018, Cyber Resilience of Systems and Networks.

[14]  Stig Ole Johnsen,et al.  Resilience in Risk Analysis and Risk Assessment , 2010, Critical Infrastructure Protection.

[15]  Benjamin Dutton,et al.  Dutton's nautical navigation , 2003 .

[16]  William Ewart Henley,et al.  OPERATION , 1973, ISO 22301:2019 and business continuity management – Understand how to plan, implement and enhance a business continuity management system (BCMS).

[17]  David W. White CERT Resiliency Engineering Framework , 2007 .

[18]  Adam Weintrit,et al.  Marine Navigation and Safety of Sea Transportation , 2009 .

[19]  Fred S. Roberts,et al.  The little-known challenge of maritime cyber security , 2015, 2015 6th International Conference on Information, Intelligence, Systems and Applications (IISA).

[20]  Lars Jensen,et al.  Challenges in Maritime Cyber-Resilience , 2015 .

[21]  Keith M. Martin,et al.  Effective maritime cybersecurity regulation – the case for a cyber code , 2018, Journal of the Indian Ocean Region.

[22]  K. Stølen,et al.  Cyber-Risk Management , 2015, SpringerBriefs in Computer Science.

[23]  Rossouw von Solms,et al.  From information security to cyber security , 2013, Comput. Secur..

[24]  Junzo Kamahara,et al.  Maritime Cyber Risk Management: An Experimental Ship Assessment , 2019, Journal of Navigation.

[25]  Nathaniel Bowditch,et al.  American Practical Navigator: An Epitome of Navigation , 1958 .

[26]  I. Linkov,et al.  Cyber Resilience of Systems and Networks , 2021 .

[27]  Ron Westrum,et al.  A Typology of Resilience Situations , 2017 .

[28]  Phil McGillivary,et al.  Why Maritime Cybersecurity Is an Ocean Policy Priority and How It Can Be Addressed , 2018, Marine Technology Society journal.

[29]  Mohammed A. Al Ghamdi,et al.  Understanding the Vulnerabilities in Digital Components of An Integrated Bridge System (IBS) , 2019, Journal of Marine Science and Engineering.

[30]  F. K. Boersma,et al.  From security to resilience: New vistas for international responses to protracted crises. , 2018 .

[31]  Lisanne Bainbridge,et al.  Ironies of automation , 1982, Autom..

[32]  Oliver Fitton,et al.  The future of maritime cyber security , 2015 .

[33]  Margareta Lützhöft,et al.  A Human Perspective on Maritime Autonomy , 2018, HCI.

[34]  Christopher Clott,et al.  Cyberattacks on ships: a wicked problem approach , 2018, Maritime Business Review.

[35]  Alen Jugović,et al.  A Study on Cyber Security Threats in a Shipboard Integrated Navigational System , 2019, Journal of Marine Science and Engineering.

[36]  Mass Soldal Lund,et al.  An Attack on an Integrated Navigation System , 2018 .

[37]  Erik Hollnagel,et al.  Epilogue: RAG – The Resilience Analysis Grid , 2017 .

[38]  Erik Hollnagel,et al.  How Resilient Is Your Organisation? An Introduction to the Resilience Analysis Grid (RAG) , 2010 .

[39]  Robert L. Wears,et al.  Resilience Engineering: Concepts and Precepts , 2006, Quality and Safety in Health Care.