Tytuł artykułu
Autorzy
Treść / Zawartość
Pełne teksty:
Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
An increase in the complexity of systems onboard ships in the last decade has seen a rise in the number of reported maritime cyber-attacks. To tackle this rising risk the International Maritime Organization published high-level requirements for cyber risk management in 2017. These requirements obligate organisations to establish procedures, like incident response plans, to manage cyber-incidents. However, there is currently no standardised framework for this implementation. This paper proposes a Cyber Emergency Response Procedure (CERP), that provides a framework for organisations to better facilitate their crew’s response to a cyber-incident that is considerate of their operational environment. Based on an operations flowchart, the CERP provides a step-by-step procedure that guides a crew’s decision-making process in the face of a cyber-incident. This high-level framework provides a blueprint for organisations to develop their own cyber-incident response procedures that are considerate of operational constraints, existing incident procedures and the complexity of modern maritime systems.
Rocznik
Tom
Strony
269--279
Opis fizyczny
Bibliogr. 37 poz., rys.
Twórcy
autor
- Norwegian University of Science and Technology, Ålesund, Norway
autor
- University of Plymouth, Plymouth, United Kingdom
autor
- University of Plymouth, Plymouth, United Kingdom
autor
- University of Plymouth, Plymouth, United Kingdom
Bibliografia
- [1] NORMA Cyber, ʺNORMA Cyber Annual Threat Assessment 2022,ʺ Norwegian Maritime Cyber Resilience Centre, normacyber.no, 2022. [Online]. Available: https://www.normacyber.no/news/norma‐ annual‐threat‐assessment‐2022.
- [2] K. Tam et al., ʺCase Study of a Cyber‐Physical Attack Affecting Port and Ship Operational Safety,ʺ 2021, doi:https://doi.org/10.4236/jtts.2022.121001.
- [3] International Maritime Organization, MSC‐FAL.1/Circ.3. Guidelines on maritime cyber risk management, 2017.[Online]. Available:http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Pages/Cyber‐security.aspx.
- [4] International Maritime Organization, Resolution MSC.428(98) ‐ Maritime Cyber Risk Management in Safety Management Systems, 2017. [Online]. Available: http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Pages/Cyber‐security.aspx. Accessed on: 22.02.2023.
- [5] The Guidelines on Cyber Security onboard Ships Version 4.0, BIMCO, 2020. [Online]. Available: https://www.bimco.org/about‐us‐and‐our‐members/publications/the‐guidelines‐on‐cyber‐security‐onboard‐ships.
- [6] IACS. ʺIACS adopts new requirements on cyber safety.ʺ IACS. https://iacs.org.uk/news/iacs‐adopts‐new‐requirements‐on‐cyber‐safety/ (accessed 20 February,2023).
- [7] E. Erstad, M. S. Lund, and R. Ostnes, ʺNavigating Through Cyber Threats, A Maritime Navigator’s xperience,ʺ 2022, doi:https://doi.org/10.54941/ahfe1002205.
- [8] International Maritime Organization. ʺMaritime Safety.ʺ IMO.https://www.imo.org/en/OurWork/Safety/Pages/default.aspx (accessed 20 February, 2023).
- [9] International Maritime Organization, International safety management code: with guidelines for its implementation, 2018 edition.; Fifth edition. ed. (ISM‐Code). London: International Maritime Organization, 2018.
- [10] International Maritime Organization, SOLAS,Consolidated Edition, 2020 (SOLAS). London: International Maritime Organization, 2020.
- [11] International Maritime Organization. ʺThe International Safety Management (ISM) Code.ʺ IMO.https://www.imo.org/en/ourwork/humanelement/pages/ISMCode.aspx (accessed 23 February, 2023).
- [12] International Chamber of Shipping, Bridge ProceduresGuide. Marisec, 2022.
- [13] ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems— Overview and vocabulary, ISO, iso.org, 2020.[Online]. Available: https://www.iso.org/standard/73906.html.
- [14] ISO/IEC 27001:2017 Information security, cybersecurity and privacy protection — Information security management systems — Requirements, ISO, iso.org, 2017. [Online]. Available: https://www.iso.org/standard/82875.html.
- [15] ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls, ISO, iso.org, 2022. [Online]. Available:https://www.iso.org/standard/75652.html.
- [16] Directive (EU) 2016/1148 European Union Parliament, Official Journal of the European Union, 2016. [Online]. Available: https://eur‐lex.europa.eu/legal‐content/EN/TXT/PDF/?uri=CELEX:32016L1148&from=EN.
- [17] DIRECTIVE (EU) 2022/2555, European Union Parliament, Official Journal of the European Union, 2022. [Online]. Available: https://eur‐lex.europa.eu/legal‐content/EN/TXT/PDF/?uri=CELEX:32022L2555&qid=1677163438395&from=en.
- [18] Framework for improving critical infrastructure cybersecurity, N. I. o. S. a. T. NIST, 2018. [Online]. Available:https://www.nist.gov/cyberframework/framework.
- [19] ENISA, ʺANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR,ʺ https://www.enisa.europa.eu/publications/cyber‐security‐aspects‐in‐the‐maritime‐sector‐1, 2011. [Online]. Available:https://www.enisa.europa.eu/publications/cyber‐security‐aspects‐in‐the‐maritime‐sector‐1.
- [20] Cyber security resilience management for ships and mobile offshore units in operation, DNV, standards.dnv.com, 2016. [Online]. Available: https://standards.dnv.com/explorer/document/0ED73B3 209DA42CDA6392BC3946585C9/4.
- [21] Rec 166 ‐ Recommendation on Cyber Resilience, IACS,2020. [Online]. Available: http://www.iacs.org.uk/publications/recommendations/161‐180/.
- [22] The Guidelines on Cyber Security onboard Ships Version 1.0, BIMCO, 2016. [Online]. Available:https://www.bimco.org/about‐us‐and‐our‐ourmembers/ publications/the‐guidelines‐on‐cyber‐securityonboard ships.
- [23] ISO 23806:2022 Ships and marine technology — Cyber safety, ISO, iso.org, 2022. [Online]. Available:https://www.iso.org/standard/77027.html.
- [24] Vessel Cyber Risk Management Work Instruction, United States Coast Guard, https://www.dco.uscg.mil/, 2020. [Online]. Available: https://www.dco.uscg.mil/Our‐Organization/Assistant‐Commandant‐for‐Prevention‐Policy‐CG‐5P/Inspections‐ Compliance‐CG‐5PC‐/Commercial‐Vessel‐Compliance/CVCmms/.
- [25] IACS UR E26 Cyber resilience of ships, IACS, https://iacs.org.uk/, 2022. [Online]. Available:https://iacs.org.uk/news/iacs‐adopts‐new‐requirementson‐cyber‐safety/.
- [26] IACS UR E27 Cyber resilience of ships equipment,IACS, https://iacs.org.uk/, 2022. [Online]. Available:https://iacs.org.uk/news/iacs‐adopts‐new‐requirementson‐cyber‐safety/.
- [27] T.‐r. Qin, W.‐j. Chen, and X.‐k. Zeng, ʺRisk management modeling and its application in maritime safety,ʺ Journal of Marine Science and Application, vol. 7, no. 4, pp. 286‐291, 2008.
- [28] ISO 5807:1985 Information processing —Documentation symbols and conventions for data, program and system flowcharts, program network charts and system resources charts, ISO, iso.org, 1985. [Online]. Available:https://www.iso.org/standard/11955.html.
- [29] M. Raimondi, G. Longo, A. Merlo, A. Armando, and E.Russo, ʺTraining the maritime security operations centre teams,ʺ in 2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022: IEEE, pp. 388‐393, doi: https://doi.org/10.1109/csr54599.2022.9850324.
- [30] P. Greig, A. Maloney, and H. Higham, ʺEmergencies in general practice: could checklists support teams in stressful situations?,ʺ (in eng), Br J Gen Pract, vol. 70, no.695, pp. 304‐305, Jun 2020, doi: 10.3399/bjgp20X709373.
- [31] D. L. Hepner et al., ʺOperating room crisis checklists and emergency manuals,ʺ Anesthesiology, vol. 127, no. 2, pp. 384‐392, 2017.
- [32] BIMCO, International Chamber of Shipping, and Witherby Publishing Group, Cyber Security Workbook for On Board Ship Use ‐ 4th Edition, 2023. Livingston: Witherby Publishing Group, 2023.
- [33] F. S. Foundation. ʺFSF ALAR Briefing Note 1.5, Normal Checklists.ʺ SKYbrary Aviation Safety.https://skybrary.aero/bookshelf/fsf‐alar‐briefing‐note‐15‐normal‐checklists (accessed 21 February, 2023).
- [34] G. Di Stefano, F. Gino, G. Pisano, and B. R. Staats,ʺLearning by Thinking: How Reflection Can Spur Progress Along the Learning Curve,ʺ Management Science, Harvard Business School NOM Unit Working Paper No. 14‐093, 2014, doi: https://dx.doi.org/10.2139/ssrn.2414478.
- [35] A. Nganga, M. Lützhöft, J. Scanlan, and S. Mallam, ʺTimely Maritime Cyber Threat Resolution in a Multi‐Stakeholder Environment,ʺ 2022.
- [36] G. Stoker, J. Greer, U. Clark, and C. Chiego,ʺConsidering Maritime Cybersecurity at a Non‐Maritime Education and Training Institution,ʺ in Proceedings of the EDSIG Conference ISSN, 2022, vol. 2473, p. 4901.
- [37] E. Erstad, R. Ostnes, and M. S. Lund, ʺAn Operational Approach to Maritime Cyber Resilience,ʺ TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, vol. 15, no. 1, pp. 27‐34, 2021, doi:https://doi.org/10.12716/1001.15.01.01.
Uwagi
Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-8f1cdd27-6020-4621-a1c1-884fc2c95c96