MaCRA: a model-based framework for maritime cyber-risk assessment
Tóm tắt
Từ khóa
Tài liệu tham khảo
Allianz Global Corporate and Specialty SE (2016) Safety and shipping review 2016. Allianz Global Corporate and Specialty
Archives UN Administration R (2016) CFR Title 47 (parts 80-end) code of federal regulation title 47 telecommunications revised as of October 1, 2016. Code of Federal Regulations (CFR)
Balduzzi M (2014) AIS exposed understanding vulnerabilities & attacks 2.0. BlackHat
Bateman S (2010) Regional maritime security: threats and risk assessments. University of Wollongong
BBC News (2009) Nuclear subs collide in atlantic. BBC
BigOceanData (2016) AIS and anti-piracy maritime security. BigOceanData
BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO (2016) The guidelines on cyber security onboard ships v2.0. International Chamber of Shipping
Bordonali C, Ferraresi s, Richter W (2017) Shifting gears in cyber security for connected cars. McKinseyĊompany Advanced Industries
Borgovini R, Pemberton s, Rossi M (1993), Failure mode, effects, and criticality analysis (FMECA). Reliability Analysis Center
den Braber F, Hogganvik I, Lund M S, Stølen K, Vraalsen F (2007) Model-based security analysis in seven steps — a guided tour to the coras method. BT Technology Journal
Cappelli D, Moore A, Trzeciak R (2012) The CERT guide to insider threats: How to prevent, detect and respond to information technology crimes (theft, Sabotage, Fraud), Addison-Wesley, Reading
Cassidy W (2017) China-based cyberattack hits logistics operators, shippers. Outsource 5(6):1–8
Cavotec (2014) Moormaster frequently asked questions. Cavotec
CERT Insider Threat Center (2014) Unintentional insider threats: Social engineering. Tech. Rep. CMU/SEI-2013-TN-024, Software Engineering Institute Carnegie Mellon University, Pittsburgh
Cherdantseva Y, Burnap P, Blyth A, Eden P, Jones K, Soulsby H, Stoddart K (2016) A review of cyber security risk assessment methods for scada systems. Computers & Security 56
Coffed J (2014) The threat of gps jamming. Exelis
Collier E (2017) eLoran: More accurate & less vulnerable but not a done deal yet. Marine electronics
Collins R (2017) The state of cybersecurity in the rail industry. White paper
Committee JH, Harwood S (2015) Cyber risk. Joint Hull Committee (JHC)
Control CAT (2015) Cyber security project. https://www.csfi.us
Costa NA, Jakobsen JJ, Weber R, Lundh M, MacKinnon SN (2018) Assessing a maritime service website prototype in a ship bridge simulator: navigators’ experiences and perceptions of novel e-navigation solutions. WMU Journal of Maritime Affairs. https://doi.org/10.1007/s13437-018-0155-2
Costin A (2016) Security of cctv and video surveillance systems: Threats, vulnerabilities, attacks, and mitigations. In: Proceedings of the 6th international workshop on trustworthy embedded devices
CyberKeel (2014a) Maritime cyber-risks. NCC Group Publication
CyberKeel (2014b) Security risks and weaknesses in ecdis systems. NCC Group Publication
Danish Defence Intelligence Sevice’s Center for Cyber Security (2014) Threat assessment: The cyber threat against the maritime sector. Marine Cyberwatch
Daszuta W, Ghosh S (2018) Seafarers’ perceptions of competency in risk assessment and management: an empirical study. WMU Journal of Maritime Affairs. https://doi.org/10.1007/s13437-018-0156-1
Degani A (2004) Taming HAL: Designing Interfaces Beyond 2001. Springer, Berlin
Dyryavyy Y (2014) Preparing for cyber battleships: electronic chart display and information system security. NCC Group Publication
ECDIS Info (2014) ECDIS Regulations. http://www.ecdis-info.com/ecdis_regulations.html
European Cybercrime center (2014) The internet organised crime threat assessment (iOCTA). European Police Office, The Hague
Fitch C (2004) Crime and punishment: The psychology of hacking in the new millennium. SANS Institute
Francillon A, Danev B, Capkun S (2011) Relay attacks on passive keyless entry and start systems in modern cars. Network and Distributed System Security Symposium
Franckx E (2001) Fisheries enforcement related legal and institutional issues: national, subregional or regional perspectives. FAO legislative study 71. Development Law Service: Food and Agriculture Organization of the United Nations
Goerlandt F, Montewka J (2015) Maritime transportation risk analysis: review and analysis in light of some foundational issues. Reliability Engineering & System Safety
GPS World staff (2016) US coast guard issues gps jamming alert. GPS World
Grant A, Williams P, Basker S (2014) GPS jamming and the impact on maritime navigation. The General Lighthouse Authorities
Heffner C (2013) Exploiting surveillance cameras like a hollywood hacker. Tactical Network Solutions, Columbia
IMO Navigation (2017) http://www.imo.org/en/OurWork/Safety/Navigation/ , accessed: 2017-05-17
International Chamber of Shipping (2016) Review of maritime transport. United Nations Conference on Trade and Development (UNCTAD)
International Maritime Organization (1974) International convention for the safety of life at sea. IMO
International Maritime Organization (2004) Solas chapter V annex 17: Automatic identification systems (AIS). IMO
International Maritime Organization (2009a) Solas ch V regulation 19: Carriage requirements for shipborne navigational systems and equipment. IMO
International Maritime Organization (2009b) Solas chapter V regulation 19-1: Long range identification and tracking of ships. IMO
Jones K, Tam K, Papadaki M (2016) Threats and impacts in maritime cyber security. IET Engineering & Technology Reference
Kröner U, Greidanus H, Gallagher R, Sironi M, Azzalin G, Littmann F, Tebaldi P, Timossi p, Shaw D (2009) Report on authentication in fisheries monitoring. Joint Research Centre (JRC)
Labunets K, Paci F, Massacci F, Ruprai R (2014) An experiment on comparing textual vs. visual industrial methods for security risk assessment. In: 2014 IEEE 4th International Workshop on Empirical Requirements Engineering (EmpiRE)
Lane RO, Nevell DA, Hayward SD, Beaney TW (2010) Maritime anomaly detection and threat assessment. 13th International Conference on Information Fusion
Latin America & Caribbean (2014) Seized n korean ship: Cuban weapons on board. BBC
Leyden J (2016) Water treatment plant hacked, chemical mix changed for tap supplies. The Register
Lund MS, Solhaug B, Stlen K (2010) Model-Driven Risk analysis: The CORAS approach. Springer Publishing Company, Incorporated
Maersk (2017) A. P. Moller Maersk improves underlying profit and grows revenue in first half of the year. Maersk https://edit.maersk.com/en/the-maersk-group/press-room/press-release-archive/2017/8/a-p-moller-maersk-interim-report-q2-2017
Man Y, Lundh M, MacKinnon SN (2018) Managing unruly technologies in the engine control room: from problem patching to an architectural thinking and standardization. WMU Journal of Maritime Affairs. https://doi.org/10.1007/s13437-018-0159-y
MarEx (2016) Nigerian navy: Crewmembers involved in pirate attacks. The Maritime Executive
Marine Accident Investigation Branch (MAIB) (1997) Safety digest 02/1997. gov.uk
Marine accident investigation branch (2012) Grounding of CSL THAMES in the Sound of Mull 9 august 2011. Marine accident investigation branch (MAIB)
Marine accident investigation branch (2014) Report on the investigation of the grounding of Ovit in the Dover Strait on 18 september 2013. Marine accident investigation branch (MAIB)
Montewka J, Ehlers S, Goerlandt F, Hinz T, Tabri K, Kujala P (2014) A framework for risk assessment for maritime transportation systems—a case study for open sea collisions involving ropax vessels. Reliability Engineering & System Safety
Moorex M (2014) Mooring and auto-mooring solutions. ShipServ
Mordechai G, Kedma G, Kachlon A, Elovici Y (2014) Airhopper: Bridging the air-gap between isolated networks and mobile phones using radio frequencies. Malicious & Unwanted Software Conference
Nankivell KL, Reeves J, Pardo RP (2017) The indo-asia-pacific’s maritime future: A practical assessment of the state of asian seas. Daniel K. Inouye Asia Pacific Center for Security Studies (DKI APCSS) and King’s College London (KCL)
National PNT Advisory Board (2010) Jamming the global positioning system: A national security threat recent events and potential cures. General Lighthouse Authorities
NIST (2012) Guide for conducting risk assessments - information security. NIST Special publication 800–30
Nordström J, Goerlandt F, Sarsama J, Leppänen P, Nissilä M, Ruponen P, Lübcke T, Sonninen S (2016) Vessel triage: A method for assessing and communicating the safety status of vessels in maritime distress situations. Safety Science
Norway MP (2017) Inert gas system (IGG). Maritime Protection AS
Offshore Blue (2013) Tales of the unexpected. The Navigator: Inspiring professionalism in marine navigators
Offshore Blue (2016) A re-cap of the navtex system. Navigator’s Newsletter
Rolls Royce (2017) Autonomous ships: The next step. Marine Ship Intelligence
Rothblum A (2000) Human error and marine safety. International Workshop on Human Factors in Offshore Operations (HFW2002)
Safa HH, Souran DM, Ghasempour M, Khazaee A (2016) Cyber security of smart grid and scada systems, threats and risks. In: CIRED Workshop 2016
Santamarta R (2014a) Satcom terminals: Hacking by air, sea, and land
Santamarta R (2014b) A wake-up call for satcom security. IOActive
Santamarta R (2015) Maritime security: Hacking into a voyage data recorder (VDR). IOActive
Schmidt D, Radke K, Camtepe S, Foo E, Ren M (2016) A survey and analysis of the gnss spoofing threat and countermeasures. ACM Comput Surv
SeaCert (2016) Global maritime distress and safety system (GMDSS) radio operator. Maritime NZ
ESC Global Security (2015) Maritime cyber security white paper: Safeguarding data through increased awareness. ESCGS Cyber Security White Papers
Simon H, Ray H (2005) A taxonomy of network and computer attacks. Computers and Security
Snyder D, Powers J, Bodine-Baron E, Fox B, Kendrick L, Powell M (2015) Improving the cybersecurity of u.s air force military systems throughout their life cycles. RAND corporation Research Report
Sommestad T, Ekstedt M, Holm H (2013) The cyber security modeling language: A tool for assessing the vulnerability of enterprise system architectures. IEEE Systems Journal
Stålhane T, Sindre G (2014) An experimental comparison of system diagrams and textual use cases for the identification of safety hazards. Int J Inf Syst Model Des
Suh J (2014) The failure of the south korean national security state
Tam K, Jones KD (2018b) Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping. https://doi.org/10.1080/23738871.2018.1513053
Traub P, Hudson R (2007) Alarm management strategies on ships bridges and railway control rooms, a comparison of approaches and solutions. Paper read at RINA Event, at London
Trend news agency (2012) Iran oil tankers said by zanzibar to signal wrong flag. Bloomberg
United States General Accounting Office (1999) Information security risk assessment practices of leading organizations. GAO/AIMD-98-68
US Army Criminal Investigation Command (2017a) Cyber sextortion. CPF 0002-17-CID361-9H
US Army Criminal Investigation Command (2017b) Cybersecurity: Sextortion exploitation of u.s. service members. U.S. Army Criminal Investigation Command
US Department of Homeland Security (2015) Gps and critical infrastructure. Civil GPS Service Interface Committee
USMRC Maritime Cyber Assurance Research (2016) The reality of shipboard cyber vulnerabilities. USMRC Maritime Cyber Assurance Team (MCAT)
Vandenborn Y, Bell R (2015) Standard safety special edition - ECDIS assisted grounding. Marine accident investigation branch (MAIB)
Wagstaff J (2014) All at sea: Global shipping fleet exposed to hacking threat. Reuters, Canary Wharf
Weintrit A (2015) Activities in Navigation: Marine Navigation and Safety of Sea Transportation. Taylor & Francis Group
Wingrove M (2016) Lack of training causes ship accidents and detentions. Marine Electronics & Communications
Yeomans G (2014) Autonomous vehicles handing over control: Opportunities and risks for insurance. Lloyd’s, London