A Study on Cyber Security Threats in a Shipboard Integrated Navigational System

Journal of Marine Science and Engineering - Tập 7 Số 10 - Trang 364

Boris Sviličić¹, Igor Rudan¹, Alen Jugović¹, Damir Zec¹

¹Faculty of Maritime Studies, University of Rijeka, Studentska ulica 2, 51000 Rijeka, Croatia

Tóm tắt

The integrated navigational system (INS) enhances the effectiveness and safety of ship navigation by providing multifunctional display on the basis of integration of at least two navigational functions, the voyage route monitoring with Electronic Chart Display and Information System (ECDIS) and collision avoidance with radar. The INS is essentially a software platform for fusion of data from the major ECDIS and radar systems with sensors for the additional navigation functions of route planning, status and data display, and alert management. This paper presents a study on cyber security resilience examination of a shipboard INS installed on a RoPax ship engaged in international trade. The study was based on a mixed-method approach, combining an interview of the ship’s navigational ranks and cyber security testing of the INS using an industry vulnerability scanner. The identified threats were analyzed qualitatively to study the source of cyber risks threatening the INS. The results obtained point out cyber threats related to weaknesses of the INS underlying operating system, suggesting a need for occasional preventive maintenance in addition to the regulatory compliance required.

Từ khóa

Tài liệu tham khảo

Svilicic, 2019, Maritime Cyber Risk Management: An Experimental Ship Assessment, J. Navig., 72, 1108, 10.1017/S0373463318001157

Kaleem Awan, M.S., and Al Ghamdi, M.A. (2019). Understanding the Vulnerabilities in Digital Components of An Integrated Bridge System (IBS). J. Mar. Sci. Eng., 7.

Tam, 2019, MaCRA: A model-based framework for maritime cyber-risk assessment, WMU J. Mar. Affairs., 18, 129, 10.1007/s13437-019-00162-2

Chybowski, L., Gawdzinska, K., and Laskowski, R. (2019). Assessing the Unreliability of Systems during the Early Operation Period of a Ship—A Case Study. J. Mar. Sci. Eng., 7.

Tsimplis, 2019, Information Technology in Navigation: Problems in Legal Implementation and Liability, J. Navig., 72, 833, 10.1017/S0373463318001030

Svilicic, B., Kamahara, J., Celic, J., and Bolmsten, J. (2019). Assessing Ship Cyber Risks: A Framework and Case Study of ECDIS Security. WMU J. Mar. Affairs, in press.

Chen, Y., Liu, Q., Wan, C., Li, Q., and Yuan, P. (2019). Identification and Analysis of Vulnerability in Traffic-Intensive Areas of Water Transportation Systems. J. Mar. Sci. Eng., 7.

Svilicic, 2019, Raising Awareness on Cyber Security of ECDIS, TransNav Int. J. Mar. Navig. Safety Sea Trans., 13, 231, 10.12716/1001.13.01.24

Lee, E., Mokashi, A.J., Moon, S.Y., and Kim, G. (2019). The Maturity of Automatic Identification Systems (AIS) and Its Implications for Innovation. J. Mar. Sci. Eng., 7.

Hareide, 2018, Enhancing Navigator Competence by Demonstrating Maritime Cyber Security, J. Navig., 71, 1025, 10.1017/S0373463318000164

Raicu, 2018, Realities in Maritime Domain Regarding Cyber Security Concept, Adv. Eng. Forum, 27, 221, 10.4028/www.scientific.net/AEF.27.221

Dobryakova, 2018, GNSS spoofing detection using static or rotating single-antenna of a static or moving victim, IEEE Access, 6, 79074, 10.1109/ACCESS.2018.2879718

Polatidis, 2018, Cyber-attack path discovery in a dynamic supply chain maritime risk management system, Comput. Stand. Interfaces, 56, 74, 10.1016/j.csi.2017.09.006

Kalogeraki, 2018, Knowledge management methodology for identifying threats in maritime/ logistics supply chains, Knowl. Manag. Res. Pract., 16, 508, 10.1080/14778238.2018.1486789

Lund, M.S., Gulland, J.E., Hareide, O.S., Jøsok, O., and Carlsson Weum, K.O. (June, January 30). Integrity of Integrated Navigation Systems. Proceedings of the IEEE International Workshop on Cyber-Physical Systems Security, Beijing, China.

Lewis, 2018, Secure GPS Data for Critical Infrastructure and Key Resources: Cross-Layered Integrity Processing and Alerting Service, Navig. J. Inst. Navig., 65, 389, 10.1002/navi.251

Shapiro, 2018, Trojan horse risks in the maritime transportation systems sector, J. Trans. Secur., 8, 1

Kessler, 2018, A Taxonomy Framework for Maritime Cybersecurity: A Demonstration Using the Automatic Identification System, Trans. Nav. Int. J. Mar. Navig. Safety Sea Trans., 12, 429

Lee, 2017, Improving cyber security awareness in maritime transport: A way forward, J. Korean Soc. Mar. Eng., 41, 738

Borkowski, 2014, Presentation algorithm of possible collision solutions in a navigational decision support system, Sci. J. Marit. Univ. Szczec., 38, 20

Svilicic, B., Rudan, I., Frančić, V., and Mohović, Đ. (2019). Towards a Cyber Secure Shipboard Radar. J. Navig., in press.

International Maritime Organization (2017). Guidelines on Maritime Cyber Risk Management, MSC-FAL.1/Circ.3, IMO.

International Maritime Organization (2017). Maritime Cyber Risk Management in Safety Management Systems, MSC 98/23/Add.1, IMO.

International Electrotechnical Commission (2019). Maritime Navigation and Radiocommunication Equipment and Systems-Cybersecurity-General Requirements, Methods of Testing and Required Test Results. IEC 63154 ED1, IEC.

Vu, 2019, Frequency of use—the First Step Toward Human-Centred Interfaces for Marine Navigation Systems, J. Navig., 72, 1089, 10.1017/S0373463319000183

International Maritime Organization (2007). Adoption of the Revised Performance Standards for Integrated Navigation Systems (INS), Resolution MSC.252(83), IMO.

International Maritime Organization (2017). ECDIS—Guidance for Good Practice, Resolution MSC.1/Circ.1503/Rev.1, IMO.

International Maritime Organization (2004). Adoption of the Revised Performance Standards for Radar Equipment, Resolution MSC.192(79), IMO.

(2019, September 01). Tenable, Tenable Products: Nessus Professional. Available online: https://www.tenable.com/products/nessus/nessus-professional.

Svilicic, B., Celic, J., Kamahara, J., and Bolmsten, J. (2018, January 17–19). A Framework for Cyber Security Risk Assessment of Ships. Proceedings of the 19th International Association of Maritime Universities (IAMU) Conference, Barcelona, Spain.

(2019, September 01). Microsoft, Microsoft Security Bulletin MS17-010 -Critical. Available online: https://technet.microsoft.com/library/security/MS17-010.

(2019, September 01). Swiss Government Computer Emergency Response Team, Notes About the NotPetya Ransomware, Available online: https://www.govcert.admin.ch/blog/32/notes-about-the-notpetya-ransomware#.

(2019, September 01). United States Computer Emergency Readiness Team, Alert (TA17-181A) Petya Ransomware, Available online: https://www.us-cert.gov/ncas/alerts/TA17-181A.

(2019, September 01). Microsoft, Microsoft: Search Product Lifecycle. Available online: https://support.microsoft.com/en-us/lifecycle.

Scholar Hub - Công cụ hỗ trợ trích dẫn và phân tích khoa học Việt Nam

Về chúng tôi

Scholar Hub là công cụ hỗ trợ trích dẫn và phân tích các bài báo, công bố khoa học Việt Nam. Công cụ trợ giúp người nghiên cứu, tạp chí, đơn vị nghiên cứu tra cứu, phân tích và thống kê dữ liệu nghiên cứu khoa học tại Việt Nam và quốc tế.
ScholarHub KHÔNG đăng thông tin tổng hợp, KHÔNG đăng lại nội dung từ các trang báo chí Việt Nam hoặc trang thông tin điện tử khác tại Việt Nam.

Thông tin, cập nhật

Đăng ký Tạp chí tham gia vào Scholar Hub

Phản hồi ý kiến về Scholar Hub

Bài viết, nội dung cập nhật

Chủ đề khoa học

Website liên kết

Hệ thống CSDL Khoa học & Công nghệ

Phần mềm kiểm tra trùng lặp Kiểm Tra Tài Liệu

Phần mềm xuất bản tạp chí điện tử VOJS

Nền tảng trắc nghiệm và đề thi đa lĩnh vực LetQA