Match!

MaCRA: a model-based framework for maritime cyber-risk assessment

Published on Mar 1, 2019in WMU journal of maritime affairs
· DOI :10.1007/s13437-019-00162-2
Kimberly Tam4
Estimated H-index: 4
(Plymouth University),
Kevin D. Jones6
Estimated H-index: 6
(Plymouth University)
Abstract
In the current economy, roughly 90% of all world trade is transported by the shipping industry, which is now accelerating its technological growth. While the demand on mariners, ship owners, and the encompassing maritime community for digital advances (particularly towards digitization and automation) has led to efficient shipping operations, maritime cyber-security is a pertinent issue of equal importance. As hackers are becoming increasingly aware of cyber-vulnerabilities within the maritime sector, and as existing risk assessment tools do not adequately represent the unique nature of maritime cyber-threats, this article introduces a model-based risk assessment framework which considers a combination of cyber and maritime factors. Confronted with a range of ship functionalities, configurations, users, and environmental factors, this framework aims to comprehensively present maritime cyber-risks and better inform those in the maritime community when making cyber-security decisions. By providing the needed maritime cyber-risk profiles, it becomes possible to support a range of parties, such as operators, regulators, insurers, and mariners, in increasing overall global maritime cyber-security.
  • References (35)
  • Citations (4)
📖 Papers frequently viewed together
1 Citations
2017
5 Authors (G. Wimpenny, ..., Nick Ward)
2019
3 Authors (Radu Hanzu-Pazara, ..., Remus Zagan)
78% of Scinapse members use related papers. After signing in, all features are FREE.
References35
Newest
#1Nicole Almeida Costa (Chalmers University of Technology)H-Index: 3
Last. Scott MacKinnon (Chalmers University of Technology)H-Index: 16
view all 5 authors...
The aim of this study was to assess proof of concept and usability of a maritime service website prototype in a full-mission ship bridge simulator through Swedish mariners’ experiences and perceptions. This test was part of the European Commission’s EfficienSea2 project for e-navigation. The prototype was intended as an aid to existing standard systems and methodologies for planning, executing and monitoring voyages. The study began with 5 days of simulator trials focused on today’s standard pra...
1 CitationsSource
#1Yemao Man (Chalmers University of Technology)H-Index: 4
#2Monica Lundh (Chalmers University of Technology)H-Index: 8
Last. Scott MacKinnon (Chalmers University of Technology)H-Index: 16
view all 3 authors...
In recent years, the work in engine control rooms (ECRs) onboard ships is becoming increasingly demanding and complex due to growing presence of modern information technology (IT) applications introduced in a problem-patching fashion. Previous studies about ECRs discussed the design issues associated with physical and cognitive ergonomics and lack of regulatory support. This paper has re-examined a design case in an ECR on a merchant ship and discussed the potential of a service-oriented archite...
1 CitationsSource
#1Waldemar Daszuta (UTAS: University of Tasmania)H-Index: 2
#2Samrat Ghosh (UTAS: University of Tasmania)H-Index: 4
Past analysis of accident investigations suggest an absence of or inadequate practices of risk assessment and management on board vessels. Although the International Management Code for the Safe Operation of Ships and for Pollution Prevention (ISM Code) requires that the risk management process must not only be correctly formulated and implemented but also be periodically evaluated in order to verify that these objectives are attained, the correct and effective implementation and application of ...
2 CitationsSource
#1Kimberly Tam (Plymouth University)H-Index: 4
#2Kevin D. Jones (Plymouth University)H-Index: 6
As a $183.3 Billion industry controlling 90 % of all world trade, the shipping community is continuously looking for methods to increase profits while still considering human and environmental safety. As a result of developing technologies and policy that make autonomy a feasible solution, at least three separate organizations are aiming to produce and sail their first autonomous ships by 2020. Thus it is essential to begin assessing their cyber-risk profiles in order to rank and mitigate any vu...
4 CitationsSource
#1Kimberly Tam (Plymouth University)H-Index: 4
#2Kevin D. Jones (Plymouth University)H-Index: 6
ABSTRACTAs the global maritime industry becomes increasingly dependent on advancing technology, it is important for the world to be more aware of, and understand, the possible scope and impacts cyberattacks can have on international shipping. This article explores the maritime-cyber landscape for security flaws related to the area of maritime operations with an emphasis on the system technology involved, how their vulnerabilities enable attacks with cyber elements, and possible outcomes. As ship...
1 CitationsSource
#1Andrei CostinH-Index: 7
Video surveillance, closed-circuit TV and IP-camera systems became virtually omnipresent and indispensable for many organizations, businesses, and users. Their main purpose is to provide physical security, increase safety, and prevent crime. They also became increasingly complex, comprising many communication means, embedded hardware and non-trivial firmware. However, most research to date focused mainly on the privacy aspects of such systems, and did not fully address their issues related to cy...
14 CitationsSource
#1Jori Nordström (Ministry of Interior (Bahrain))H-Index: 1
#2Floris Goerlandt (Aalto University)H-Index: 22
Last. Sanna SonninenH-Index: 1
view all 8 authors...
Efficient response to maritime incidents and accidents requires good communication processes and situation awareness by all involved parties, in particular between the Search and Rescue (SAR) response operators and the crew of the distressed vessel. In this paper, a method is proposed for enhancing the communication between the involved parties, by focusing on the safety status of the vessel. Borrowing ideas from well-established working methods in especially emergency medicine, the Vessel TRIAG...
14 CitationsSource
#1Desmond Schmidt (QUT: Queensland University of Technology)H-Index: 7
#2Kenneth Radke (QUT: Queensland University of Technology)H-Index: 6
Last. Michał Ren (Adam Mickiewicz University in Poznań)H-Index: 3
view all 5 authors...
Detection and prevention of global navigation satellite system (GNSS) “spoofing” attacks, or the broadcast of false global navigation satellite system services, has recently attracted much research interest. This survey aims to fill three gaps in the literature: first, to assess in detail the exact nature of threat scenarios posed by spoofing against the most commonly cited targets; second, to investigate the many practical impediments, often underplayed, to carrying out GNSS spoofing attacks in...
29 CitationsSource
#1David Ríos Insua (CSIC: Spanish National Research Council)H-Index: 5
#2David Banks (Duke University)H-Index: 24
Last. Jesus Rios (IBM)H-Index: 10
view all 3 authors...
Adversarial risk analysis has been introduced as a framework to deal with risks derived from intentional actions of adversaries. The analysis supports one of the decisionmakers, who must forecast the actions of the other agents. Typically, this forecast must take account of random consequences resulting from the set of selected actions. The solution requires one to model the behavior of the opponents, which entails strategic thinking. The supported agent may face different kinds of opponents, wh...
13 CitationsSource
#1Yulia Cherdantseva (Cardiff University)H-Index: 5
#2Peter Burnap (Cardiff University)H-Index: 19
Last. Kristan Stoddart (Aberystwyth University)H-Index: 4
view all 7 authors...
This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation...
136 CitationsSource
Cited By4
Newest
#1Boris SviličićH-Index: 6
#2Junzo Kamahara (Kobe University)H-Index: 7
Last. Johan BolmstenH-Index: 1
view all 4 authors...
The growing reliance of the shipping industry on information and communication technologies places a high premium on cyber risk management. The International Maritime Organization has imposed improvement of the approved safety management system of ships by incorporating the cyber risk management no later than the first annual verification of a shipping company’s document of compliance following 1 January 2021. In this paper, we present a framework for assessing cyber risks that affect safe opera...
1 CitationsSource
The integrated navigational system (INS) enhances the effectiveness and safety of ship navigation by providing multifunctional display on the basis of integration of at least two navigational functions, the voyage route monitoring with Electronic Chart Display and Information System (ECDIS) and collision avoidance with radar. The INS is essentially a software platform for fusion of data from the major ECDIS and radar systems with sensors for the additional navigation functions of route planning,...
Source
#1Kimberly Tam (Plymouth University)H-Index: 4
#2Kevin D. Jones (Plymouth University)H-Index: 6
Forensic investigation is an essential response strategy following a cyber-related incident, and forensic readiness is the capability to gather critical digital information and maximize its use as evidence. The effectiveness of this data is highly dependent on the readiness, quality, and trustworthiness of the data itself. Far from a passive post-analysis tool, there have been many instances where an organization has benefited from gathering, and using, digital evidence to improve their cyber-se...
Source
#1Kimberly TamH-Index: 4
#2Kevin D. JonesH-Index: 6
To ensure the safety of ships and ports, groups and individuals, at all levels of the maritime sector, use analysis to identify potential hazards and their outcomes. One of the most relied upon methods is using a risk assessment tool to define and prioritise threats. A disadvantage of most existing assessment frameworks, however, is their inability to update risks dynamically as factors, such as the environment, change. In the maritime sector, a range of dynamic factors is needed to measure risk...
Source
#1Kimberly Tam (Plymouth University)H-Index: 4
#2Kevin D. Jones (Plymouth University)H-Index: 6
As a $183.3 Billion industry controlling 90 % of all world trade, the shipping community is continuously looking for methods to increase profits while still considering human and environmental safety. As a result of developing technologies and policy that make autonomy a feasible solution, at least three separate organizations are aiming to produce and sail their first autonomous ships by 2020. Thus it is essential to begin assessing their cyber-risk profiles in order to rank and mitigate any vu...
4 CitationsSource
#1Kimberly Tam (Plymouth University)H-Index: 4
#2Kevin D. Jones (Plymouth University)H-Index: 6
ABSTRACTAs the global maritime industry becomes increasingly dependent on advancing technology, it is important for the world to be more aware of, and understand, the possible scope and impacts cyberattacks can have on international shipping. This article explores the maritime-cyber landscape for security flaws related to the area of maritime operations with an emphasis on the system technology involved, how their vulnerabilities enable attacks with cyber elements, and possible outcomes. As ship...
1 CitationsSource