An operational approach to maritime cyber resilience

Erstad, E.; Ostnes, R.; Lund, M. S.

doi:10.12716/1001.15.01.01

Artykuł - szczegóły

Tytuł artykułu

An operational approach to maritime cyber resilience

Autorzy

Erstad E. , Ostnes R. , Lund M. S.

Treść / Zawartość

Pełne teksty:

An Operational Approach_Transnav_1_2021.pdf

Pobierz

Identyfikatory

DOI

10.12716/1001.15.01.01

Warianty tytułu

Języki publikacji

Abstrakty

As a result of the last decades development of technology and increased connectivity of maritime vessels, the need for maritime cyber security is undoubtedly present. In 2017, IMO officially recognized “… the urgent need to raise awareness on cyber threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks”. Thus, Maritime Cyber Resilience is seen as key by IMO in the improvement of the maritime cyber security. It is assumed that human error is the cause of more than half successful cyber-attacks. If technology somehow fails, in example because of a cyber threat, the human is expected to handle the problem and provide a solution. It is therefore necessary to focus on the human aspect when considering maritime cyber threats. This paper aims to provide a working definition of “Maritime Cyber Resilience”. Further, the paper argues why the human should be a focus of study, as the human is at the sharp edge in a potential maritime cyber emergency.

Słowa kluczowe

cyber security maritime cyber resilience cyber resilience cyber attack cyber risk cyber risk managementm maritime cyber security maritime cyber emergency

Wydawca

Faculty of Navigation, Gdynia Maritime University

Czasopismo

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

Rocznik

2021

Tom

Vol. 15 No. 1

Strony

27--34

Opis fizyczny

Bibliogr. 58 poz. rys.

Twórcy

autor

Erstad E.

Norwegian University of Science and Technology, Ålesund, Norway

autor

Ostnes R.

Norwegian University of Science and Technology, Ålesund, Norway

autor

Lund M. S.

Norwegian Defence University College, Lillehammer, Norway

Bibliografia

1. Anholt, R., Boersma, F.K.: From security to resilience: New vistas for international responses to protracted crises. In: Linkov, I., Florin, M.-V., and Trump, B.D. (eds.) Resilience (Volume 2, 2018). pp. 25–32 International Risk Governance Center (2018). https://doi.org/10.5075/epfl-irgc-262527.
2. Awan, M.S., Al Ghamdi, M.A.: Understanding the Vulnerabilities in Digital Components of an Integrated Bridge System (IBS). Journal of Marine Science and Engineering. 7, 10, (2019). https://doi.org/10.3390/jmse7100350.
3. Bainbridge, L.: Ironies of automation. Automatica. 19, 6, 775–779 (1983). https://doi.org/10.1016/00051098(83)90046-8.
4. Barrett, M.: Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, https://doi.org/10.6028/NIST.CSWP.04162018, (2018).
5. Bimco, Clia, ICS, Intercargo, Intermanager, Intertanko, IUMI, OCIMF and World Shipping Council: The Guidelines on Cyber Security onboard Ships. BIMCO (ed.) Version 4.0 (2020).
6. Bodeau, D.J., Graubart, R.D., Picciotto, J., McQuaid, R.: Cyber Resiliency Engineering Framework. The MITRE Corporation (2011).
7. Bowditch, N.: The American practical navigator : an epitome of navigation. National Imagery and Mapping Agency (2002).
8. Boyes, H., Isbell, R.: Code of Practice: Cyber Security for Ships. Institution of Engineering and Technology, London, United Kingdom (2017).
9. Cambridge Online Dictionary: Maritime. Cambridge Univeristy Press (2021).
10. Cambridge Online Dictionary: Operation. Cambridge Univeristy Press (2021).
11. da Conceição, V.P., Dahlman, J., Navarro, A.: What is maritime navigation? Unfolding the complexity of a Sociotechnical System. Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 61, 1, 267–271 (2017). https://doi.org/10.1177/1541931213601549.
12. Cutler, T.J.: Dutton’s Nautical Navigation. Naval Institute Press; (2004).
13. Daum, O.: Cyber Security in the Maritime Sector. J. Mar. L. & Com. 50, 1–19 (2019).
14. DiRenzo, J., Goward, D.A., Roberts, F.S.: The littleknown challenge of maritime cyber security. In: 2015 6th International Conference on Information, Intelligence, Systems and Applications (IISA). pp. 1–5 (2015). https://doi.org/10.1109/IISA.2015.7388071.
15. DNV: Cyber security resilience management for ships and mobile offshore units in operation, https://www.dnv.com/maritime/dnvgl-rp-0496recommended-practice-cyber-security-download.html, last accessed 2021/04/15.
16. Fitton, O., Prince, D., Germond, B., Lacy, M.: The future of maritime cyber security. Lancaster University (2015).
17. Giacomello, G., Pescaroli, G.: Managing Human Factors. In: Kott, A. and Linkov, I. (eds.) Cyber Resilience of Systems and Networks. pp. 247–263 Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-319-77492-3_11.
18. Haimes, Y.Y.: On the Definition of Resilience in Systems. Risk Analysis. 29, 4, 498–501 (2009). https://doi.org/10.1111/j.1539-6924.2009.01216.x.
19. Hareide, O.S.: Podkast: Teknologi og mennesket som “sensor,” https://www.kystverket.no/Nyheter/2021/januar/nypodkast-teknologi-og-mennesket-som-sensor/, last accessed 2021/04/16.
20. Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., Helkala, K.: Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. Journal of Navigation. 71, 5, 1025–1039.
21. Hollnagel, E.: Resilience engineering and the built environment. null. 42, 2, 221–228 (2014). https://doi.org/10.1080/09613218.2014.862607.
22. Hollnagel, E., Pariès, J., Woods, D., Wreathall, J.: Epilogue: RAG – The Resilience Analysis Grid. In: Resilience Engineering in Practice. pp. 275–296 CRC Press, London, United Kingdom (2011). https://doi.org/10.1201/9781317065265-19.
23. Hollnagel, E., Woods, D.D., Leveson, N.: Resilience Engineering: Concepts and Precepts. CRC Press (2006).
24. Hollnagel, Erik: How resilient is your organisation? In: An Introduction to the Resilience Analysis Grid (RAG). , Toronto, Canada (2010).
25. Hopcraft, R., Martin, K.M.: Effective maritime cybersecurity regulation – the case for a cyber code. null. 14,3, 354–366 (2018).
26. IACS: Rec 166 - Recommendation on Cyber Resilience, http://www.iacs.org.uk/publications/recommendations/1 61-180/, last accessed 2021/04/15.
27. Inmarsat: Best Practice Information and Communications Technology (ICT) Recommendations, https://www.inmarsat.com/en/insights/maritime/2019/be st-practice-ict-guide.html, last accessed 2021/04/15.
28. International Maritime Organization: Maritime cyber risk, https://www.imo.org/en/OurWork/Security/Pages/Cyber -security.aspx, last accessed 2021/04/15.
29. International Maritime Organization: MSC-FAL.1/Circ.3. Guidelines on maritime cyber risk management, https://www.imo.org/en/OurWork/Security/Pages/Cyber -security.aspx, last accessed 2021/04/15.
30. International Maritime Organization: Resolution MSC.252(83): Adoption of the Revised Performance Standard for Integrated Navigation Systems (INS).
31. International Maritime Organization: Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems, https://www.imo.org/en/OurWork/Security/Pages/Cyber -security.aspx, last accessed 2021/04/15.
32. ISO: ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls, https://www.iso.org/standard/54533.html, last accessed 2021/04/15.
33. ITU: ITU-Tx. 1205. Interfaces. 10, 20–X, 49 (2008).
34. Jensen, L.: Challenges in Maritime Cyber-Resilience. Technology Innovation Management Review. 5, 4, 35–39 (2015). https://doi.org/10.22215/timreview/889.
35. Johnsen, S.: Resilience in Risk Analysis and Risk Assessment. In: Moore, T. and Shenoi, S. (eds.) Critical Infrastructure Protection IV. pp. 215–227 Springer Berlin Heidelberg, Berlin, Heidelberg (2010).
36. Karahalios, H.: Appraisal of a Ship’s Cybersecurity efficiency: the case of piracy. Journal of Transportation Security. 13, 3, 179–201 (2020). https://doi.org/10.1007/s12198-020-00223-1.
37. KVH Intelsat: Crew Connectivity 2018 Survey Report, http://www.crewconnectivity.com/?product=2018-crewconnectivity-survey-report, last accessed 2021/04/15.
38. Linkov, I., Kott, A.: Fundamental Concepts of Cyber Resilience: Introduction and Overview. In: Kott, A. and Linkov, I. (eds.) Cyber Resilience of Systems and Networks. pp. 1–25 Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-319-774923_1.
39. Lund, M.S., Hareide, O.S., Jøsok, Ø.: An Attack on an Integrated Navigation System. Necesse. 3, 2, 149–163 (2018). https://doi.org/10.21339/2464-353x.3.2.149.
40. Madni, A.M., Jackson, S.: Towards a conceptual framework for resilience engineering. IEEE Engineering Management Review. 39, 4, 85–102 (2011). https://doi.org/10.1109/EMR.2011.6093891.
41. Markit, I.: Safety at Sea and BIMCO cyber security white paper, https://ihsmarkit.com/Info/0819/cyber-securitysurvey.html, last accessed 2021/04/15.
42. Martin-Breen, P., Anderies, J.M.: Resilience: A literature review, https://opendocs.ids.ac.uk/opendocs/handle/20.500.1241 3/3692, last accessed 2021/04/15.
43. McGillivary, P.: Why Maritime Cybersecurity Is an Ocean Policy Priority and How It Can Be Addressed. Marine Technology Society Journal. 52, 5, 44–57 (2018). https://doi.org/doi:10.4031/MTSJ.52.5.11.
44. Mileski, J., Clott, C., Galvao, C.B.: Cyberattacks on ships: a wicked problem approach. Maritime Business Review. 3, 4, 414–430 (2018). https://doi.org/10.1108/MABR-082018-0026.
45. Ng, D.: Safety first: maritime cyber security, IMO guidelines and the maritime supply chian. Riviera Maritime Media (2021).
46. . NTNU: Literature review of “Maritime Cyber Resilience,” https://bibsysalmaprimo.hosted.exlibrisgroup.com/primoexplore/search?query=any,contains,%22maritime%20cyb er%20resilience%22&tab=default_tab&search_scope=def ault_scope&vid=NTNU_UB&offset=0, last accessed 2021/04/15.
47. Refsdal, A., Solhaug, B., Stolen, K.: Cyber-Risk Management. Springer International Publishing (2015). https://doi.org/10.1007/978-3-319-23570-7.
48. Relling, T., Lützhöft, M., Ostnes, R., Hildre, H.P.: A Human Perspective on Maritime Autonomy. In: Schmorrow, D.D. and Fidopiastis, C.M. (eds.) Augmented Cognition: Users and Contexts. pp. 350–362 Springer International Publishing, Cham (2018).
49. SAGE Journals: Literature review of “Martime Cyber Resilience,” https://journals.sagepub.com/action/doSearch?filterOpti on=allJournal&AllField=%22maritime+cyber+resilience% 22, last accessed 2021/04/15.
50. von Solms, R., van Niekerk, J.: From information security to cyber security. Computers & Security. 38, 97– 102 (2013). https://doi.org/10.1016/j.cose.2013.04.004.
51. Springer: Literature review of "Maritime Cyber Resilience, https://link.springer.com/search?query=%22maritime+cy ber+resilience%22, last accessed 2021/04/1.
52. Svilicic, B., Brčic, D., Žuškin, S., Kalebic, D.: Raising Awareness on Cyber Security of ECDIS. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation. 13, 1, 231–236 (2019). https://doi.org/10.12716/1001.13.01.24.
53. Svilicic, B., Kamahara, J., Rooks, M., Yano, Y.: Maritime Cyber Risk Management: An Experimental Ship Assessment. Journal of Navigation. 72, 5, 1108–1120 (2019). https://doi.org/10.1017/S0373463318001157.
54. Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A Study on Cyber Security Threats in a Shipboard Integrated Navigational System. Journal of Marine Science and Engineering. 7, 10, (2019). https://doi.org/10.3390/jmse7100364.
55. TransNav.eu: Literature review of “Maritime Cyber Resilience,” https://www.transnav.eu/Search_maritime%20cyber%20 resilience.html, last accessed 2021/04/15.
56. Westrum, R.: A Typology of Resilience Situations. In: Hollnagel, E., Woods, D.D., and Leveson, N. (eds.) Resilience Engineering: Concepts and Precepts. pp. 55– 65 CRC Press, London, United Kingdom (2006). https://doi.org/10.1201/9781315605685-8.
57. Whitman, M.E., Mattord, H.J.: Principles of Information Security. Cengage Learning (2017).
58. Woltjer, R.: Deliverable D1.1 Consolidation of resilience concepts and practices for crisis management, https://h2020darwin.eu/project-deliverables/, last accessed 2021/04/15.

Uwagi

Opracowanie rekordu ze środków MNiSW, umowa Nr 461252 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2021).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-aac45fcf-d045-4e93-acae-288a6d00bb1e