Z. L. Yang,J. Wang,K. X. Li

DOI: https://doi.org/10.1080/03088839.2013.782952

2013-01-01

Abstract:Maritime safety has undergone considerable change in the past decades, particularly inits improved approach to risk quantification analysis. This article reviews the challenges of maritime safety analysis and the different approaches used to quantify the risks in maritime transportation. Formal safety assessment (FSA) is examined with a focus on its deficiencies, and its recent developments are described at the International Maritime Organization (IMO) level. The possible applications of FSA in maritime security and piracy analysis are discussed given its growing impacts on safety at sea. Some new uncertainty and risk modelling techniques are also presented to demonstrate how risk quantification analysis facilitates the transformation of maritime safety culture from a reactive prescriptive scheme towards a proactive goal-setting regime.

Sascha Pristrom,Kevin X. Li,Zaili Yang,Jin Wang

DOI: https://doi.org/10.1080/03088839.2013.851461

2013-01-01

Abstract:This paper studies the contributing factors of maritime piracy by analyzing previous incidents that have been reported to the International Maritime Organization (IMO). Part of the analysis is to filter those ship types that are particularly vulnerable to piracy attacks. The paper also introduces the guidelines developed by the IMO and the industry envisaging to minimize the risk to ships that are exposed to attacks from pirates. It further describes the initiatives taken to develop a sustainable mechanism in the high-risk area (HRA)(1) to suppress piracy and other maritime crimes. This study reflects the fact that maritime security and piracy issues' importance has been increasingly recognized in the 40 year history of Maritime Policy & Management.

Qing Yu,Ângelo Palos Teixeira,Kezhong Liu,Hao Rong,Carlos Guedes Soares

DOI: https://doi.org/10.1016/j.ress.2021.107993

2021-12-01

Abstract:The paper proposes a probabilistic framework for assessing the risk of ships based on a hybrid approach and multiple data sources. A Bayes-based network learning approach uses data from the New Inspection Regime of the Paris MoU on Port State Control to characterise the relationships among risk parameters and uses these parameters to evaluate the ship static risk. Other data sources are used to develop a Bayesian Network model to assess the dynamic risk of the ship. The data is aggregated by Bayesian Network and Evidential Reasoning approaches to evaluate the overall risk of ships in coastal waters. The objective of the study is to develop a model to assess the risk of an individual ship by considering its static risk profile and the geographical-dependant risk factors related to the characteristics of the maritime traffic flow and other local characteristics that influence the navigational risk of the ship. The results show that the integrated approach is able to assess the overall risk of a ship based on multiple data sources, providing empirical evidence of using multiple data sources in risk analysis applications. Moreover, the developed model identifies the most critical circumstances and the key impact factors in the study waters, which can support decisions on risk prevention and mitigation measures and local maritime traffic management.

engineering, industrial,operations research & management science

Massimiliano Marino,Luca Cavallaro,Elisa Castro,Rosaria Ester Musumeci,Matteo Martignoni,Federico Roman,Enrico Foti

DOI: https://doi.org/10.1016/j.oceaneng.2023.113999

IF: 5

2023-04-01

Ocean Engineering

Abstract:Navigation is becoming more and more complex over the years. The increase in maritime traffic and vessel size is inducing a global escalation of ship collision accidents, with consequent losses of human lives and economic assets worth billions. This is particularly true for port basins, with maritime authorities struggling worldwide to keep up with the ever-increasing ship traffic. In this respect, the demand for advanced methods to assess and mitigate ship collision risk has never been higher. The interdependency between physical failures, weather conditions, logistics, governance and human factors requires sophisticated frameworks to effectively assist maritime authorities and navigators in decision-making. The present work reviews the most recent advancements in the risk assessment of ship collision. The article focuses on new, rising technologies, identifying the current main trends and discussing future perspectives and challenges. The review revealed a wide and diversified range of methods, including machine learning, clustering techniques, swarm intelligence algorithms and others. To frame the methods in the current literature and compare them with previous efforts, they are categorized according to literature classifications. Advancements of well-established approaches and new promising tools are discussed, considering methods that allow the inclusion of quantitative and qualitative variables in the assessment. Furthermore, a comprehensive analysis of a database of maritime accidents in port areas is carried out to investigate prevailing trends in both worldwide and Mediterranean Sea contexts. Results indicate that ship collision accidents constitute the majority compared with other types of accidents, especially in the Mediterranean.

engineering, civil, ocean, marine,oceanography

Ryan Wen Liu,Xiaojie Huo,Maohan Liang,Kai Wang

DOI: https://doi.org/10.1016/j.oceaneng.2022.112895

IF: 5

2022-11-12

Ocean Engineering

Abstract:Ship collisions are the primary threat to traffic safety in the sea, which can seriously threaten human lives, the environment and material assets. Therefore, the detection and analyze of ship collision risks have important theoretical significance and application value. To improve maritime safety and efficiency, we propose a modeling, visualization and prediction framework to analyze ship collision risk. In particular, to fully consider the maneuverability of the ship, we introduce the quaternion ship domain (QSD) into the vessel conflict ranking operator (VCRO). In addition, to further analyze and better understand collision risk, the kernel density estimation (KDE) model is employed to visualize the ship collision risk. The ship collision risk usually contains underlying patterns and laws. Thus, we proposed a convolutional long short-term memory network (ConvLSTM) model, which can extract spatial–temporal features and predict spatial–temporal risk. Finally, to verify the reliability and robustness of the framework, we conducted extensive experiments on the automatic identification system (AIS) data of Chengshantou water. The results show that the framework demonstrates superiority in risk calculation, visualization and prediction. Theoretically, the framework proposed in this paper can serve maritime intelligent transportation system well.

engineering, civil, ocean, marine,oceanography

Iosif Progoulakis,Paul Rohmeyer,Nikitas Nikitakos

DOI: https://doi.org/10.3390/jmse9121384

IF: 2.744

2021-12-05

Journal of Marine Science and Engineering

Abstract:The integration of IT, OT, and human factor elements in maritime assets is critical for their efficient and safe operation and performance. This integration defines cyber physical systems and involves a number of IT and OT components, systems, and functions that involve multiple and diverse communication paths that are technologically and operationally evolving along with credible cyber security threats. These cyber security threats and risks as well as a number of known security breach scenarios are described in this paper to highlight the evolution of cyber physical systems in the maritime domain and their emerging cyber vulnerabilities. Current industry and governmental standards and directives related to cyber security in the maritime domain attempt to enforce the regulatory compliance and reinforce asset cyber security integrity for optimum and safe performance with limited focus, however, in the existing OT infrastructure and systems. The use of outside-of-the-maritime industry security risk assessment tools and processes, such the API STD 780 Security Risk Assessment (SRA) and the Bow Tie Analysis methodologies, can assist the asset owner to assess its IT and OT infrastructure for cyber and physical security vulnerabilities and allocate proper mitigation measures assuming their similarities to ICS infrastructure. The application of cyber security controls deriving from the adaptation of the NIST CSF and the MITRE ATT&CK Threat Model can further increase the cyber security integrity of maritime assets, assuming they are periodically evaluated for their effectiveness and applicability. Finally, the improvement in communication among stakeholders, the increase in operational and technical cyber and physical security resiliency, and the increase in operational cyber security awareness would be further increased for maritime assets by the convergence of the distinct physical and cyber security functions as well as onshore- and offshore-based cyber infrastructure of maritime companies and asset owners.

oceanography,engineering, marine, ocean

Anastasia Dimakopoulou,Konstantinos Rantos

DOI: https://doi.org/10.3390/jmse12060919

IF: 2.744

2024-05-31

Journal of Marine Science and Engineering

Abstract:As technology advances and digitalization becomes more prevalent in the industry, the cyber threats to maritime systems and operations have significantly increased. The maritime sector relies heavily on interconnected networks, communication systems, and sophisticated technologies for its operations, making it an attractive target for cybercriminals, nation-states, and other threat actors. Safeguarding the maritime sector against cyber threats is crucial to ensuring the safety, integrity, and efficiency of maritime operations as well as for protecting sensitive information and global trade. The International Maritime Organization (IMO) has played a significant role in addressing cybersecurity issues, leading to the implementation of regulations aimed at risk reduction. This paper delves into the realm of cybersecurity within the maritime industry, offering an in-depth analysis of its various aspects through an extensive literature review based on the latest Version 2.0 of the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (CSF) functional areas. The primary objective is to establish a connection between research and NIST's functions and categories, thereby presenting a nascent perspective and identifying existing security research gaps. Through the adoption of this strategic approach, the present paper aims to cultivate a forward-looking and proactive state of maturity in anticipation of future developments within the maritime industry. The outcomes of this research can provide valuable reference points in academic discourse, potentially leading to new hypotheses, and fuel innovation in developing advanced cybersecurity measures within the maritime industry.

engineering, ocean,oceanography, marine

Yu Zang,Wen Liu,Shikai Sun,Mingzhi Shi,Ming Li,Xiaoyong Kang

DOI: https://doi.org/10.1007/978-981-19-3486-5_5

2022-01-01

Abstract:The intelligent ship is drawing increasing attention with its advantages of safety, reliability, energy-saving, environmental protection, and economic efficiency. Compared with traditional ships, the intelligent ship is manifested based on autonomous situational perception, risk identification, and intelligent decision-making functions. The realization of these functions depend on the support of an efficient, reliable, and stable ship-to-shore communication network. Therefore, network security risk analysis of intelligent ship navigation becomes critical. This paper comprehensively analyzed the intelligent ship navigation network security attacks and risks. Firstly, the intelligent ship and some typical schemes such as Advanced Autonomous Waterborne Applications (AAWA) were introduced, and the technical framework and functional modules of intelligent ship navigation were presented. Then the network security requirements from system potential threats and external malicious attacks were analyzed, four security risks including damage, misdirection, obfuscation, and denial of service were classified. Meanwhile, a risk analysis model to quantify the risks from different modules was envisaged and a case study was carried to verify this model. Finally, we drew some interesting conclusions and prospects.

Ioannis Argyriou,Theocharis Tsoutsos

DOI: https://doi.org/10.3390/jmse12091593

IF: 2.744

2024-09-09

Journal of Marine Science and Engineering

Abstract:Integrating Internet of Things (IoT) devices into port operations has brought substantial improvements in efficiency, automation, and connectivity. However, this technological advancement has also introduced new operational risks, particularly in terms of cybersecurity vulnerabilities and potential disruptions. The primary objective of this scientific article is to comprehensively analyze and identify the primary security threats and vulnerabilities that IoT devices face when deployed in port environments. This includes examining potential risks, such as unauthorized access, cyberattacks, malware, etc., that could disrupt critical port operations and compromise sensitive information. This research aims to assess the critical entities associated with IoT devices in port environments and develop a comprehensive risk-management framework tailored to these settings. It also aims to explore and propose strategic measures and best practices to mitigate these risks. For this research, a risk-management framework grounded in the principles of ORM, which includes risk avoidance, reduction, sharing, and retention strategies, was developed. The primary outcome of this research is the development of a comprehensive risk-management framework specifically tailored for IoT devices in port environments, utilizing Operational Risk-Management (ORM) methodology. This framework will systematically identify and categorize critical vulnerabilities and potential threats for IoT devices. By addressing these objectives, the article seeks to provide actionable insights and guidelines that can be adopted by port authorities and stakeholders to safeguard their IoT infrastructure and maintain operational stability in the face of emerging threats.

oceanography,engineering, marine, ocean

Kateryna Shumilova,Dmytro Shumilov,Anatoly Maltsev

DOI: https://doi.org/10.7225/toms.v13.n01.w20

2024-03-15

Transactions on Maritime Science

Abstract:Modern digital transformation in the shipping industry Shipping 4.0 is accompanied by increased automation and autonomy of the ship. This means strengthening the digitization of the ship's navigation systems (cyber systems). Therefore, the safe operation and navigation of modern ships depends on the adequate operation of cyber-physical systems, which are created on the basis of information and operational technologies. Such interconnections of ship information systems inevitably increase the vulnerability of the ship's digital navigation infrastructure to cyber-attacks. The article examines methods of controlling cyber risks of various origins, which determine the priority of flows, their internal interconnection and relations with the sources of messages that form them. The formalization of the qualitative and quantitative properties of information flows of the voyage cycle using matrix and graph-analytical modeling methods has been carried out. A decomposition of information was built and a cluster of information security of ship maneuvering control was defined, with its access closed for cyber-attacks. In the event of cyber-attacks, it is very important for the navigator to determine the moment of it’s appearance and the state of navigational devices of the bridge. Usually, the working state of the device is determined by the presence of electric current in it. However, only the presence of current in the device during cyber-attacks is not enough to assess its working condition. Inspection and verification of 11 navigation devices on the bridge takes a lot of time, which the navigator does not have in the event of a cyber-attack. Therefore, we propose to introduce an additional function of controlling the working status of each navigational device, and to transmit the results of all devices to a separate navigation cluster Mk of the navigation bridge via shielded cable lines of the vessel without other methods. This will make it possible to gather information about all the devices in one place on the bridge, protect it from cyberattacks, and quickly determine the operating status of all the navigation devices on the bridge. Descriptive modeling of the meaningful categories of the information space of maritime routes during cyberattacks was performed. The proposed classification of cyber risks has a logical structure based on the grouping of message flows, using the cluster connection coefficient between them. This makes it possible to assess the criticality of the impact of cyber-attacks on the ship and to choose ways to reduce their impact on the maneuvering of the ship in the voyage cycle.

Dimitrios Dalaklis,Georgios Katsoulis,Momoko Kitada,Jens-Uwe Schröder-Hinrichs,Aykut I. Ölcer

DOI: https://doi.org/10.33175/mtr.2020.227028

2020-01-06

Maritime Technology and Research

Abstract:Following the so-called “Industrial Revolution”, the shipping industry has benefitted from a very extended number of technology innovations. Over time, shipbuilding practices and the equipment of ships have been significantly improved. Furthermore, during the last couple of decades, the continuous improvement and integration-interconnection of electronics systems (the “network-centric” approach), have created a new operating environment for shipping. It is therefore not a coincidence that recent discussions on digitalization and autonomous ships provide a disruptive picture of how this industry may be transformed in the near future. Contemporary sea-going vessels are equipped with various technologically advanced systems and are highly automated. Today, all systems supporting the conduct of navigation and the various information technology (IT) applications related to ship management activities are heavily reliant upon real-time information to safely/effectively fulfil their allocated tasks. The issues of connectivity and interconnection clearly stand out. It is important to assess how navigation will be conducted in the near future. This analysis is based on a qualitative methodology, and its starting point, which also serves as the necessary “literature review”, is to identify and briefly discuss a certain number of technological developments that follow the network-centric architecture and have been recently introduced as equipment appropriate for ships. Next, it will examine how interactive processes and applications, both on the shore side and onboard vessels, can facilitate a safer working environment for seafarers and allow personnel based ashore to have a better understanding of what is happening at sea, as part of explaining the so-called “net-centric” framework of operations. Another important aim is to evaluate these promising technological trends according to their capacity of adoption in order to promote efficient and safe operations within the extended maritime transport domain. An important conclusion is that a net-centric philosophy and associated software applications can truly break down any existing limitations and create a collaborative environment for people and “machines”, including remotely controlled unmanned vessels.

Iosif Progoulakis,Ioannis K. Dagkinis,Anastasia Dimakopoulou,Theodoros Lilas,Nikitas Nikitakos,Panagiotis M. Psomas

DOI: https://doi.org/10.3390/jmse12101757

IF: 2.744

2024-10-04

Journal of Marine Science and Engineering

Abstract:The maritime industry's increasing integration of IT/OT systems into vessel operations has significantly elevated its exposure to cyber–physical threats, making the development of effective cyber risk management strategies a necessity. This paper provides an outlook of the current landscape of cyber security threats and vulnerabilities for the maritime sector and vessels. An outline of the relevant governmental and industry directives, standards, and guidelines for cyber security in maritime vessels is given. Considering maritime vessels as critical elements of the maritime critical infrastructure sector, a number of relevant cyber–physical security assessment methods are presented. Bridging cyber–physical security, process safety, and security, API SRA (American Petroleum Institute Security Risk Analysis) and BTA (Bow-Tie Analysis) are presented as the most applicable cyber–physical security assessment methods for complex maritime vessels, such as an offshore oil and gas drillship. The scenario of a cyber-attack on the Dynamic Positioning (DP) system of a drillship is presented with the use of API SRA and BTA. The difficulties in the implementation of NIST CSF v2.0 and IACS UR E26 and UR E27 in the maritime sector are also discussed. The need for intensified research on and the formulation of bespoke cyber security measures to mitigate the evolving cyber threats within the maritime domain is highlighted. The need for the allocation of training and resources for the reinforcement of the capacity of a maritime vessel's crew in the mitigation of cyber threats and safe maritime operations is emphasized.

oceanography,engineering, marine, ocean

Dan Lan,Peilong Xu,Jia Nong,Junkang Song,Jie Zhao

DOI: https://doi.org/10.1007/s44196-024-00539-z

IF: 2.259

2024-06-15

International Journal of Computational Intelligence Systems

Abstract:The improvement in transportation efficiency, security, safety, and environmental effects may be possible due to the impending advent of autonomous ships. Automatic situational awareness, risk detection, and intelligent decision-making are the key features of the intelligent ship network, differentiating it from conventional ships. There is an immediate need to implement a system for marine information management and network security due to the growing importance of this field, which poses a risk to national and societal stability due to factors, such as the diversity and complexity of marine information types, the challenges associated with data collection, and other similar factors. By recognizing different vulnerabilities and through research cases of the ship systems and Artificial Intelligence (AI) technologies, this paper presents Adaptive Fuzzy Logic-assisted Vulnerability Analysis of Intelligent Ship Networks (AFL-VA-ISN) in various cyberattack scenarios for autonomous ship intrusion detection and information management. Fuzzy logic has been combined with AI, providing a framework for handling uncertainty and imprecision in intelligent ship networks and effective decision-making. This work presents a method for detecting anomalies in risk data based on the collaborative control structure of the Ship Information System. Maintaining the network security of intelligent ships is the primary focus of this research, which mainly employed multi-sensor nodes to evaluate data containing information about malicious attacks and placed self-execution protection organize generating nodes into place to intercept and protect against attacks. The experimental outcomes demonstrate that the suggested AFL-VA-ISN model increases the data transmission rate by 99.2%, attack detection rate by 98.5%, risk assessment rate by 97.5%, and access control rate of 96.3%, and reduces the network latency rate of 11.4% compared to other existing models.

computer science, artificial intelligence, interdisciplinary applications

Joseph O. Eichenhofer,Elisa Heymann,Barton P. Miller,Arnold Kang

DOI: https://doi.org/10.48550/arXiv.2006.12056

2020-06-22

Abstract:Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems open to cyber-attack. Assessments of the security of maritime shipping systems have focused on identifying risks but have not taken the critical (and expensive) next step of actually identifying vulnerabilities present in these systems. While such risk assessments are important, they have not provided the detailed identification of security issues in the systems that control these ports and their terminals. In response, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping. We performed an analysis of the information flow involved in the maritime shipping process, and then executed an in-depth vulnerability assessment of the software that manages freight systems. In this paper, we show the flow of information involved in the freight shipping process and explain how we performed the in-depth assessment, summarizing our findings. Like every large software system, maritime shipping systems have vulnerabilities.

Cryptography and Security

George Grispos,William R. Mahoney

DOI: https://doi.org/10.48550/arXiv.2208.03607

2022-08-07

Abstract:Maritime shipping has become a trillion-dollar industry that now impacts the economy of virtually every country around the world. It is therefore no surprise that countries and companies have spent billions of dollars to modernize shipping vessels and ports with various technologies. However, the implementation of these technologies has also caught the attention of cybercriminals. For example, a cyberattack on one shipping company resulted in nearly $300 millions in financial losses. Hence, this paper describes cybersecurity vulnerabilities present in the international shipping business. The contribution of this paper is the identification and dissection of cyber vulnerabilities specific to the shipping industry, along with how and why these potential vulnerabilities exist.

Cryptography and Security,Computers and Society

Jakub Montewka,Teemu Manderbacka,Pekka Ruponen,Markus Tompuri,Mateusz Gil,Spyros Hirdaris

DOI: https://doi.org/10.1016/j.ress.2021.108145

2022-02-01

Abstract:The continuous monitoring and assessment of operational vulnerability and accident susceptibility of passenger ships is crucial from the perspective of ship and passenger safety. Despite the existing solutions for vulnerability monitoring, stemming mainly from watertight door operations, a comprehensive framework for accident susceptibility assessment and monitoring is missing in the literature. Therefore, this paper offers a straightforward approach, utilizing heuristics rooted in the solid foundations of the first principles related to human performance. The proposed approach allows the evaluation of accident susceptibility of a ship in operation involved in open-sea and coastal navigation. The framework presented is based on observable and relevant factors, known to affect the navigator's performance, and as a consequence accident probability. The layout of the framework as well as the parameters of the developed model are based on literature survey in maritime and aviation domains, knowledge elicited from maritime experts and extensive simulations with the use of an in-house developed ship-ship encounter simulator. Subsequently, the model is applied to selected case studies, involving two distinctive ship types, namely a large cruise ship and a RoPax vessel. The results obtained for the case study presented in this paper reveal that most of their time the analyzed ships operate with negligible accident susceptibility (87%), while 1% of the cases are labelled as very high accident susceptibility. The remaining share of 12% is distributed among low, moderate and high values of accident susceptibility. The results are in line with earlier studies conducted in the same area but adopting different methods. The proposed solution can be applied as an onboard decision support tool, evaluating the operational accident susceptibility and vulnerability, thus increasing the crew's situational awareness. Additionally, it can be applied to historical data, allowing ship navigational safety diagnosis and implementation of appropriate countermeasures.

engineering, industrial,operations research & management science

Imran Ashraf,Yongwan Park,Soojung Hur,Sung Won Kim,Roobaea Alroobaea,Yousaf Bin Zikria,Summera Nosheen

DOI: https://doi.org/10.1109/tits.2022.3164678

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Impressive technological advancements over the past decades commenced significant advantages in the maritime industry sector and elevated commercial, operational, and financial benefits. However, technological development introduces several novel risks that pose serious and potential threats to the maritime industry and considerably impact the maritime industry. Keeping in view the importance of maritime cyber security, this study presents the cyber security threats to understand their impact and loss scale. It serves as a guideline for the stakeholders to implement effective preventive and corrective strategies. Cyber security risks are discussed concerning maritime security, confidentiality, integrity, and availability, and their impact is analyzed. The proneness of the digital transformation is analyzed regarding the use of internet of things (IoT) devices, modern security frameworks for ships, and sensors and devices used in modern ships. In addition, risk assessment methods are discussed to determine the potential threat and severity along with the cyber risk mitigation schemes and frameworks. Possible recommendations and countermeasures are elaborated to alleviate the impact of cyber security breaches. Finally, recommendations about the future prospects to safeguard the maritime industry from cyber-attacks are discussed, and the necessity of efficient security policies is highlighted.

engineering, electrical & electronic,transportation science & technology, civil

Jianke Guo,Tianqi Feng,Shaobo Wang,Yafeng Qin,Xuhui Yu

DOI: https://doi.org/10.1016/j.trd.2024.104166

IF: 7.041

2024-03-20

Transportation Research Part D Transport and Environment

Abstract:In maritime transport, ports undertake the routes and markets of surrounding ports after they fail during emergencies. The transfer and replacement of routes are subject to port-hinterland relationships, spatial agglomeration, and geopolitical environments, which are realistic expressions of port location from the perspectives of economy, geography, and geopolitics. However, the irreplaceability of ports influenced by geographic location has been ignored in previous evaluations of network vulnerability, which has exaggerated the network vulnerability. To address the aforementioned problems, an irreplaceability model based on the port's geographical location was constructed. This model systematically simulates the changing trend of shipping network vulnerability and reveals the damage effect of the shipping network under the influence of emergencies to bring the vulnerability assessment results of shipping networks closer to reality.

transportation,transportation science & technology,environmental studies

Maurantonio Caprolu,Roberto Di Pietro,Simone Raponi,Savio Sciancalepore,Pietro Tedeschi

DOI: https://doi.org/10.1109/MCOM.001.1900632

2020-03-04

Abstract:Vessels cybersecurity is recently gaining momentum, as a result of a few recent attacks to vessels at sea. These recent attacks have shacked the maritime domain, which was thought to be relatively immune to cyber threats. The cited belief is now over, as proved by recent mandates issued by the International Maritime Organization (IMO). According to these regulations, all vessels should be the subject of a cybersecurity risk analysis, and technical controls should be adopted to mitigate the resulting risks. This initiative is laudable since, despite the recent incidents, the vulnerabilities and threats affecting modern vessels are still unclear to operating entities, leaving the potential for dreadful consequences of further attacks just a matter of "when", not "if". In this contribution, we investigate and systematize the major security weaknesses affecting systems and communication technologies adopted in modern vessels. Specifically, we describe the architecture and main features of the different systems, pointing out their main security issues, and specifying how they were exploited by attackers to cause service disruption and relevant financial losses. We also identify a few countermeasures to the introduced attacks. Finally, we highlight a few research challenges to be addressed by industry and academia to strengthen vessels security.

Cryptography and Security

Steve Symes,Eddie Blanco-Davis,Tony Graham,Jin Wang,Edward Shaw

DOI: https://doi.org/10.1007/s11804-024-00443-0

2024-10-03

Journal of Marine Science and Application

Abstract:This study is an investigation into cyberattacks on autonomous vessels, focusing on previous "real-world" cyberattacks and their consequences. The future of commercial and noncommercial shipping is moving toward autonomous vessels. Autonomous ships can provide significant financial and logistical benefits for shipping companies and their stakeholders. However, these vessels suffer from shortcomings concerning cybersecurity. Previous cyberattacks are investigated to understand how the command system of an autonomous ship is infiltrated, the consequences of an attack, and the shortfalls of the security of the vessel. This aim is achieved via a literature review concerning cyberattacks on autonomous vessels with a focus on sources indicating how the security systems of previous vessels were breached, the consequence of said cyberattacks, and their capability for recovery. Sources used include Web of Science, Scopus, Google Scholar, Mendeley, Zotero, SciFinder, broadsheet, and newspaper articles. The results of the literature review showed that autonomous vessels are significantly vulnerable to cyberattacks. Autonomous vessels were determined to have relatively easy-to-breach security systems. In most cases, the consequences of a cyberattack had a negative financial impact, a loss of cargo, and a potential breach of oceanic airspace, resulting in military action. The vessels analyzed were left "dead in the water" until they were recovered, and after a severe attack, the affected shipping company servers suffered potential weeklong incapacitation. This study also aims to fill the gaps in the transport industry and maritime market concerning the security of autonomous vessels and viable recovery procedures.

engineering, marine