Raising awareness on cyber security of ECDIS

Svilicic, B.; Brčić, D.; Žuškin, S.; Kalebić, D.

doi:10.12716/1001.13.01.24

Artykuł - szczegóły

Tytuł artykułu

Raising awareness on cyber security of ECDIS

Autorzy

Svilicic B. , Brčić D. , Žuškin S. , Kalebić D.

Treść / Zawartość

Pełne teksty:

Pobierz

Identyfikatory

DOI

10.12716/1001.13.01.24

Warianty tytułu

Języki publikacji

Abstrakty

In the maritime transport, the Electronic Chart Display and Information System (ECDIS) has been developed into a complex computer-based ship critical operational technology system, playing central roles in the safe ship navigation and transport. While ECDIS software maintenance is regulated by the International Maritime Organization (IMO) ECDIS performance standards and related circulars, underlying software and hardware arrangements are implemented by ship-owners and supported by ECDIS equipment manufacturers. In this paper, we estimate ECDIS cyber security in order to study the origin of ECDIS cyber security risks. A set of ECDIS systems is examined using an industry-leading vulnerability scanning software tool, and cyber threats regarding the ECDIS backup arrangement, underlying operating system and third party applications are studied.

Słowa kluczowe

cyber security risk analysis ECDIS ECDIS software ECDIS cyber security critical operational technology ECDIS backup ECDIS cyber threats

Wydawca

Faculty of Navigation, Gdynia Maritime University

Czasopismo

TransNav : International Journal on Marine Navigation and Safety of Sea Transportation

Rocznik

2019

Tom

Vol. 13, no. 1

Strony

231--236

Opis fizyczny

Bibliogr. 28 poz., rys., tab.

Twórcy

autor

Svilicic B.

University of Rijeka, Rijeka, Croatia

autor

Brčić D.

University of Rijeka, Rijeka, Croatia

autor

Žuškin S.

University of Rijeka, Rijeka, Croatia

autor

Kalebić D.

University of Rijeka, Rijeka, Croatia

Bibliografia

1. Balduzzi, M., Pasta, A., Wilhoit, K. 2014. A security evaluation of AIS automated identification system. Proceedings of the 30th Annual Computer Security Applications Conference, pp 436-445, New Orleans, USA.
2. Brčić, D., Kos, S., Žuškin, S. 2015. Navigation with ECDIS: Choosing the proper secondary positioning source. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation 9: 317- 326.
3. Burton, J. 2016. Cyber attacks and maritime situational awareness: Evidence from Japan and Taiwan. Proceedings of the 2016 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, London, UK
4. Federal Cyber Emergency Team (CERT.be). 2018. Petya/NotPetya Malware - Report on worldwide infection. Available at: https://www.cert.be/files/CERTbe_Petya_NotPetya_Mal ware_E.pdf (10.12.2018).
5. Filic, M. 2018. Foundations of GNSS Spoofing Detection and Mitigation with Distributed GNSS SDR Receiver. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 12 (4): 649 - 656.
6. Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., Helkala, K. 2018. Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. Journal of Navigation 71: 1025- 1039.
7. Hassani, V., Crasta, N., Pascoal, A.M. 2017. Cyber security issues in navigation systems of marine vessels from a control perspective. Proceedings of the International Conference on Ocean, Offshore Mechanics and Arctic Engineering, Trondheim, Norway
8. International Hydrographic Organization (IHO) (2017). Information on IHO Standards related to ENC and ECDIS. Version 1.1. Monaco: IHO.
9. International Hydrographic Organization (IHO) (2018). Current IHO ECDIS and ENC Standards. Monaco: IHO.
10. International Maritime Organization (2006). MSC.232(82): Adoption of the revised performance standards for Electronic Chart Display and Information Systems (ECDIS). London: IMO.
11. International Maritime Organization (2009). MSC.282(86): Adoption of amendments to the International Convention for the Safety Of Life At Sea, 1974. Annex 1. London: IMO.
12. International Maritime Organization. (2010). SN.1/Circ.266/Rev.1: Maintenance of Electronic Chart Display and Information System (ECDIS) software. London: IMO.
13. International Maritime Organization (2014). International Convention for the Safety of Life at Sea (SOLAS), 1974 as amended. London: IMO.
14. International Maritime Organization. 2017. Resolution MSC.1/Circ.1503/Rev.1, ECDIS – GUIDANCE FOR GOOD PRACTICE. London: IMO.
15. International Maritime Organization. 2017. Resolution MSC.428(98), Maritime Cyber Risk Management in Safety Management Systems. London: IMO.
16. International Maritime Organization. 2017. Resolution MSCFAL.1/Circ.3, Guidelines On Maritime Cyber Risk Management. London: IMO.
17. Kessler, G.C., Craiger, J.P., Haass, J.C. 2018. A Taxonomy Framework for Maritime Cybersecurity: A Demonstration Using the Automatic Identification System. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 12(3): 429 - 437.
18. Lee, Y.C., Park, S.K., Lee, W.K., Kang, J. 2017. Improving cyber security awareness in maritime transport: A way forward. Journal of the Korean Society of Marine Engineering, 41: 738-745.
19. Microsoft. 2018. Microsoft Security Bulletin MS17-010 - Critical. Available at: https://technet.microsoft.com/library/security/MS17-010 (10.12.2018).
20. Nessus. 2018. Tenable Products: Nessus Professional version 8. Available at: https://www.tenable.com/products/nessus/nessusprofessional (10.12.2018)
21. Polatid, N., Pavlidis, M., Mouratidis, H. 2018. Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards Interfaces 59, 74– 82.
22. Shapiro, L.R., Maras, M.H., Velotti, L., Pickman, S., Wei, H.L., Till, R. 2018. Trojan horse risks in the maritime transportation systems sector. Journal of Transportation Security 8, 1–19.
23. Svilicic, B., Kamahara, J., Rooks, M., Yano, Y. 2019. Maritime Cyber Risk Management: An Experimental Ship Assessment. Journal of Navigation: in press. Available at: https://doi.org/10.1017/S0373463318001157 (25.02.2019).
24. Svilicic, B., Celic, J., Kamahara, J., Bolmsten, J. 2018. A Framework for Cyber Security Risk Assessment of Ships. Proceedings of 19th International Association of Maritime Universities Conference, pp 21-28, Barcelona, Spain.
25. Svilicic, B., Kras, A. 2005. Computer Systems Privacy Protection. Pomorstvo - Scientific Journal of Maritime Research 19 (1), 275–284.
26. Tam, K., Jones, K. 2019. MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs: in press. Available at: https://doi.org/10.1007/s13437-019-00162-2 (25.02.2019).
27. Transas. 2018. Navi-Sailor 4000 ECDIS. Available at: http://www.transas.com/products/navigation/ecdis/ECD IS(10.12.2018).
28. United States Computer Emergency Readiness Team (USCERT). 2018. Alert (TA17-181A) Petya Ransomware. Available at: https://www.us-cert.gov/ncas/alerts/TA17181A (10.12.2018).

Uwagi

Opracowanie rekordu w ramach umowy 509/P-DUN/2018 ze środków MNiSW przeznaczonych na działalność upowszechniającą naukę (2019).

Typ dokumentu

Bibliografia

Identyfikator YADDA

bwmeta1.element.baztech-d4845f1d-eec3-4c3d-bf7f-75efcb08fc38