Factors Affecting Cyber Risk in Maritime

Published on Jun 3, 2019
· DOI :10.1109/CYBERSA.2019.8899382
Kimberly Tam6
Estimated H-index: 6
(Plymouth University),
Kevin D. Jones7
Estimated H-index: 7
(Plymouth University)
To ensure the safety of ships and ports, groups and individuals, at all levels of the maritime sector, use analysis to identify potential hazards and their outcomes. One of the most relied upon methods is using a risk assessment tool to define and prioritise threats. A disadvantage of most existing assessment frameworks, however, is their inability to update risks dynamically as factors, such as the environment, change. In the maritime sector, a range of dynamic factors is needed to measure risks, but most conventional frameworks are unable to use them to revise and update their risk profiles. In addition to static and dynamic, maritime operational risks can be affected by elements classified as cyber, cyber-physical, or physical in nature. This demonstrates the relatively equal presence of information and operational technology (i.e. IT/OT) used, however most quantitative risk assessment frameworks are normally limited to one or the other. This article explores the full range of cyber-related risk factor types within maritime in order to evaluate applicable risk frameworks and suggest improvements that could help each of those tools assess maritime-cyber risks specifically.
  • References (21)
  • Citations (0)
📖 Papers frequently viewed together
2 Citations
4 Authors (Maryam Zahid, ..., Zahid Mehmood)
78% of Scinapse members use related papers. After signing in, all features are FREE.
#1Kimberly Tam (Plymouth University)H-Index: 6
#2Kevin D. Jones (Plymouth University)H-Index: 7
In the current economy, roughly 90% of all world trade is transported by the shipping industry, which is now accelerating its technological growth. While the demand on mariners, ship owners, and the encompassing maritime community for digital advances (particularly towards digitization and automation) has led to efficient shipping operations, maritime cyber-security is a pertinent issue of equal importance. As hackers are becoming increasingly aware of cyber-vulnerabilities within the maritime s...
4 CitationsSource
#1Yemao Man (Chalmers University of Technology)H-Index: 5
#2Monica Lundh (Chalmers University of Technology)H-Index: 10
Last. Scott MacKinnon (Chalmers University of Technology)H-Index: 17
view all 3 authors...
In recent years, the work in engine control rooms (ECRs) onboard ships is becoming increasingly demanding and complex due to growing presence of modern information technology (IT) applications introduced in a problem-patching fashion. Previous studies about ECRs discussed the design issues associated with physical and cognitive ergonomics and lack of regulatory support. This paper has re-examined a design case in an ECR on a merchant ship and discussed the potential of a service-oriented archite...
1 CitationsSource
#1Waldemar Daszuta (UTAS: University of Tasmania)H-Index: 2
#2Samrat Ghosh (UTAS: University of Tasmania)H-Index: 5
Past analysis of accident investigations suggest an absence of or inadequate practices of risk assessment and management on board vessels. Although the International Management Code for the Safe Operation of Ships and for Pollution Prevention (ISM Code) requires that the risk management process must not only be correctly formulated and implemented but also be periodically evaluated in order to verify that these objectives are attained, the correct and effective implementation and application of ...
2 CitationsSource
#1Kimberly Tam (Plymouth University)H-Index: 6
#2Kevin D. Jones (Plymouth University)H-Index: 7
As a $183.3 Billion industry controlling 90 % of all world trade, the shipping community is continuously looking for methods to increase profits while still considering human and environmental safety. As a result of developing technologies and policy that make autonomy a feasible solution, at least three separate organizations are aiming to produce and sail their first autonomous ships by 2020. Thus it is essential to begin assessing their cyber-risk profiles in order to rank and mitigate any vu...
7 CitationsSource
#1Kimberly Tam (Plymouth University)H-Index: 6
#2Kevin D. Jones (Plymouth University)H-Index: 7
ABSTRACTAs the global maritime industry becomes increasingly dependent on advancing technology, it is important for the world to be more aware of, and understand, the possible scope and impacts cyberattacks can have on international shipping. This article explores the maritime-cyber landscape for security flaws related to the area of maritime operations with an emphasis on the system technology involved, how their vulnerabilities enable attacks with cyber elements, and possible outcomes. As ship...
1 CitationsSource
#1Tian Chai (Dalian Maritime University)H-Index: 1
#2Jinxian Weng (Shanghai Maritime University)H-Index: 18
Last. Xiong De-qi (Dalian Maritime University)H-Index: 2
view all 3 authors...
Abstract This study develops a quantitative risk assessment (QRA) model to evaluate the risk of ship being involved in ship collisions which takes into account the frequency and consequence of all possible accident scenarios. Two accident consequence types including human life loss and oil pollution which is measured in terms of the volume of oil spilled are considered in this study. The proposed QRA model consists of a collision frequency estimation model, an event tree and consequence estimati...
17 CitationsSource
#1Jori Nordström (Ministry of Interior (Bahrain))H-Index: 1
#2Floris Goerlandt (Aalto University)H-Index: 23
Last. Sanna SonninenH-Index: 1
view all 8 authors...
Efficient response to maritime incidents and accidents requires good communication processes and situation awareness by all involved parties, in particular between the Search and Rescue (SAR) response operators and the crew of the distressed vessel. In this paper, a method is proposed for enhancing the communication between the involved parties, by focusing on the safety status of the vessel. Borrowing ideas from well-established working methods in especially emergency medicine, the Vessel TRIAG...
14 CitationsSource
#1Yulia Cherdantseva (Cardiff University)H-Index: 6
#2Peter Burnap (Cardiff University)H-Index: 21
Last. Kristan Stoddart (Aberystwyth University)H-Index: 5
view all 7 authors...
This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation...
136 CitationsSource
Last. Amir KhazaeeH-Index: 2
view all 4 authors...
Nowadays electricity is one of the most significant requirements and base of life facilities. Any interruption in supplying and providing power, like widespread blackouts will cause irreparable effects on different aspects of a society. Technology increasing progress provides remote control and monitoring of power grid through the supervisory control and data acquisition (SCADA) system and substation automation which decreases the costs of power transition and control, increases the efficiency a...
2 CitationsSource
#1Keith A. StoufferH-Index: 10
#2Joseph A. Falco (NIST: National Institute of Standards and Technology)H-Index: 10
Last. Karen A. ScarfoneH-Index: 28
view all 3 authors...
This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their unique performance, reliability, and safety requirements. The document provides an overview of ICS and typical system topologies, identifies typical threats and vulnerabilities to these systems, and provid...
588 CitationsSource
Cited By0