nach oben

Journal of Transportation Security

Erschienen in:

27.09.2020

Appraisal of a Ship’s Cybersecurity efficiency: the case of piracy

verfasst von: Hristos Karahalios

Erschienen in: Journal of Transportation Security | Ausgabe 3-4/2020

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

New information technologies are beneficial for ship operations in terms of safety and utilisation of company resources. However, new cybercrime threats have emergedaffecting, both ship safety and security that need to be assessed and evaluated. At the moment, actions of the maritime industry to keep pace dealing with such threats are slow when compared with other business sectors. As a high concern, maritime pirates could take advantage of cybersecurity breaches to monitor ship activity and gain information for potential protective failures. In 2021 companies and seafarers should be able to demonstrate knowledge and safeguard policies of their companies. Nevertheless, there is limited discussion on how companies will educate seafarers for existing threats. Therefore, in this study, a risk-based methodology is proposed for evaluation of cybersecurity threats in the context of a piracy attack. STPA-SafeSec’s analysis is used to identify security threats, and FAHP is utilised for evaluating the severity of each security constraint. Audits on 15 ships with 315 seafarers indicated that there are significant security gaps mainly due to lack of awareness from operators and seafarers. However, physical security and network protection that already apply to ships are significant security strengths.

Vorheriger Artikel Exploring Contemporary Sea Piracy in Nigeria, the Niger Delta and the Gulf of Guinea

Nächster Artikel Paperless ship navigation: cyber security weaknesses

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Abomhara M (2015) Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. J Cyber Sec Mobil 4(1):65–88

Ahokas J, Kiiski T, Malmsten J, Ojala L. (2017) Cybersecurity in ports: a conceptual approach. In Proc Hamburg Int Conf Logist(HICL) 343-359

Albooyeh S, Yaghmaie F (2019) Evaluation of knowledge management model in construction companies using the fuzzy AHP and fuzzy TOPSIS. Int J Bus Excellence 18(1):64–97

Almklov PG, Rosness R, Størkersen K (2014) When safety science meets the practitioners: does safety science contribute to marginalisation of practical knowledge? Saf Sci 67:25–36

Altawairqi A, Maarek M (2017) Attack modeling for system security analysis. In Int Conf Comput Saf Reliab Sec Springer, Cham, pp 81–86

Aps R, Fetissov M, Goerlandt F, Helferich J, Kopti M, Kujala P (2015) Towards STAMP based dynamic safety management of eco-socio-technical maritime transport system. Proce Engin 128:64–73

Aps R, Fetissov M, Goerlandt F, Kujala P, Piel A (2017) Systems-theoretic process analysis of maritime traffic safety management in the Gulf of Finland (Baltic Sea). Procedia Eng 179:2–12

Aziz A, Tedeschi P, Sciancalepore S, Di Pietro R (2020) SecureAIS-securing pairwise vessels communications. In 2020 IEEE Conf Commun network sec (CNS) (pp. 1-9) IEEE

Bai C, Satir A, Sarkis J (2019) Investing in lean manufacturing practices: an environmental and operational perspective. Int J Prod Res 57(4):1037–1051

Baxter G, Sommerville I (2011) Sociotechnical systems: from design methods to systems engineering. Interac with Comp 23(1):4–17

Blanco-Novoa Ó, Fernández-Caramés TM, Fraga-Lamas P, Vilar-Montesinos MA (2018) A practical evaluation of commercial industrial augmented reality systems in an industry 4.0 shipyard. IEEE Access 6:8201–8218

Bolbot V, Theotokatos G, Bujorianu ML, Boulougouris E, Vassalos D (2018) Vulnerabilities and safety assurance methods in cyber-physical systems: a comprehensive review. Reliab Eng Syst Safety 182:179–193

Boyes H (2015) Cybersecurity and cyber-resilient supply chains. Technol Innov Manage Rev 5(4):28–34

Bugarski V, BačKalić T, Kuzmanov U (2013) Fuzzy decision support system for ship lock control. Expert Syst Appl 40(10):3953–3960

Campos J, Sharma P, Jantunen E, Baglee D, Fumagalli L (2016) The challenges of cybersecurity frameworks to protect data required for the development of advanced maintenance. Procedia CIRP 47:222–227

Centurioni LR, Hormann V, Talley LD, Arzeno I, Beal L, Caruso M, Gordon A (2017) Northern Arabian Sea circulation-autonomous research (NASCar) a research initiative based on autonomous sensors. Oceanography 30(2):74–87

Cone BD, Irvine CE, Thompson MF, Nguyen TD (2007) A video game for cyber security training and awareness. Comput Secur 26(1):63–72

Cusumano E, Ruzza S (2018) Security privatisation at sea: piracy and the commercialisation of vessel protection. Int Rel 32(1):80–103

De S, Zhou Y, Moessner K. (2017) Ontologies and context modeling for the web of things. In Manag web things (pp. 3-36). Morgan Kaufmann

Ding L, Shao Z, Zhang H, Xu C, Wu D (2016) A comprehensive evaluation of urban sustainable development in China based on the TOPSIS-entropy method. Sustainability 8(8):746

DiRenzo J, Goward D A, Roberts F S (2015, July) The little-known challenge of maritime cyber security. In 2015 6th intern Conf inform, Intel, Syst Appl. (IISA) (pp. 1-5) IEEE

Drias Z, Serhrouchni A, Vogel O. (2015) Analysis of cyber security for industrial control systems. In Int Conf cyber sec smart cities, Ind Contr Syst Commun (SSIC) IEEE. August). Pp. 1-8

ENISA (2019) Port Cybersecurity - good practices for cybersecurity in the maritime sector ISBN 978-92-9204-314-8, DOI: https://doi.org/10.2824/328515

Eriksen T, Greidanus H, Delaney C (2018) Metrics and provider-based results for completeness and temporal resolution of satellite-based AIS services. Mar Policy 93:80–92

Fernández-Caramés TM, Fraga-Lamas P, Suárez-Albela M, Vilar-Montesinos M (2018) A fog computing and cloudlet based augmented reality system for the industry 4.0 shipyard. Sensors (Basel, Switzerland) 18(6):1798–1802

Fournier M, Hilliard R C, Rezaee S, Pelot R. (2018) Past, present, and future of the satellite-based automatic identification system: Areas of applications (2004–2016) WMU J Marit Aff 17(3): 311–345

Friedberg I, McLaughlin K, Smith P, Laverty D, Sezer S (2017) STPA-SafeSec: safety and security analysis for cyber-physical systems. J Inf Sec Appl 34:183–196

Geng JB, Ji Q, Fan Y, Shaikh F (2017) Optimal LNG importation portfolio considering multiple risk factors. J Clean Prod 151:452–464

Germond B (2015) The geopolitical dimension of maritime security. Mar Policy 54:137–142

Ghorabaee MK, Amiri M, Zavadskas EK, Turskis Z, Antucheviciene J (2017) A new multi-criteria model based on interval type-2 fuzzy sets and EDAS method for supplier evaluation and order allocation with environmental considerations. Comput Ind Eng 112:156–174

Guariniello C, DeLaurentis D (2014) Communications, information, and cyber security in systems-of-systems: assessing the impact of attacks through interdependency analysis. Procedia Comput Sci 28:720–727

Halgamuge M (2015) Radio hazard safety assessment for marine ship transmitters: measurements using a new data collection method and comparison with ICNIRP and ARPANSA limits. Int J Environ Res Public Health 12(5):5338–5354

Ho W, Ma X (2018) The state-of-the-art integrations and applications of the analytic hierarchy process. Eur J Oper Res 267(2):399–414

Hoehn JR. (2019) Defense Primer: Military Use of the Electromagnetic Spectrum CRS In Focus, IF11155

Irvanizam I, Rusdiana S, Amrusi A, Arifah P, Usman T. (2018) An application of fuzzy multiple-attribute decision making model based on simple additive weighting with triangular fuzzy numbers to distribute the decent homes for impoverished families. In J physics: Conf Serie IOP publishing 1116(2): 02(2016-022021

Islam R, Khan F, Abbassi R, Garaniya V (2018) Human error assessment during maintenance operations of marine systems-what are the effective environmental factors? Saf Sci 107:85–98

Jacq O, Boudvin X, Brosset D, Kermarrec Y, Simonin J. (2018) Detecting and hunting cyberthreats in a maritime environment: specification and experimentation of a maritime cybersecurity operations Centre. In 2nd cyber sec Netw Conf (CSNet) IEEE 1-8

Jang-Jaccard J, Nepal S (2014) A survey of emerging threats in cybersecurity. J Comput Syst Sci 80(5):973–993

Jensen L (2015) Challenges in maritime cyber-resilience. Technol Innov Manage Rev 5(4):35–39

Johnson C (2011) Using assurance cases and Boolean logic driven Markov processes to formalise cyber security concerns for safety-critical interaction with global navigation satellite systems. Electr Commun EASST 45:1–18

Jones CB (2017) Cyber-security and combatting cyber-attacks: a study. J Excellence in Comput Sci Eng 3(2):1–16

Karahalios H (2017) Effect of human behaviour in shipboard firefighting decisions: the case of fire in engine rooms. J Conting Crisis Manage 25(4):256–268

Kartal ŞE, Uğurlu Ö, Kaptan M, Arslanoğlu Y, Wang J, Loughney S (2019) An analysis and comparison of multinational officers of the watch in the global maritime labor market. Marit Policy Manage 46(6):757–780

Kazaras K, Kirytopoulos K, Rentizelas A (2012) Introducing the STAMP method in road tunnel safety assessment. Saf Sci 50(9):1806–1817

Kessler GC (2019) Cybersecurity in the maritime domain. USCG Proc Mar Saf Sec Counc 76(1):34–39

Kessler GC, Craiger JP, Haass JC (2018) A taxonomy framework for maritime Cybersecurity: a demonstration using the automatic identification system. TransNav: Intern J Mar Navig Saf Sea Transp 12(3):429–435

Knowsler G. (2017) Maersk cyber attack forces carrier to put cargo bookings on hold. URL: http: //fairplay.ihs.com/article/4288541/maersk-cyber-attack-forces-carrier-to-put-cargo-bookingson- hold

Kokangül A, Polat U, Dağsuyu C (2017) A new approximation for risk assessment using the AHP and fine Kinney methodologies. Saf Sci 91:24–32

Kos S, Brčić D, Pušić D (2013) Protection and risks of ENC data regarding safety of navigation. Mar Navig Saf Sea Transp: Advan Mar Navig:49–56

Koshevyy V, Shishkin O (2019) Standardization of interface for VHF, MF/HF communication using DSC within Itsintegration with INS in the framework of e-navigation concept. TransNav: Intern J Mar Navig Saf Sea Transp 13(3):593–596

Kubler S, Robert J, Derigent W, Voisin A, Le Traon Y (2016) A state-of-the-art survey & testbed of fuzzy AHP (FAHP) applications. Exp Syst Appl 65:398–422

Kyriakidis M, Majumdar A, Ochieng WY (2018) The human performance railway operational index-a novel approach to assess human performance for railway operations. Reliab Eng Syst Saf 170:226–243

Lee CW (2018) A system theoretic approach to cybersecurity risks analysis of passenger autonomous vehicles. MIT Thesis, Cambridge

Lee E, Mokashi AJ, Moon SY, Kim G (2019) The maturity of automatic identification systems (AIS) and its implications for innovation. J Mar Sci Engin 7(9):287–294

Leveson N (2004) A new accident model for engineering safer systems. Saf Sci 42(4):237–270

Li CC, Dong Y, Xu Y, Chiclana F, Herrera-Viedma E, Herrera F (2019) An overview on managing additive consistency of reciprocal preference relations for consistency-driven decision making and fusion: taxonomy and future directions. Inf Fusion 52:143–156

Liang D, Xu Z (2017) The new extension of TOPSIS method for multiple criteria decision making with hesitant Pythagorean fuzzy sets. Appl Soft Comput 60:167–179

McBride TA (2008) Model for investigating software accidents. J Res Pract Inf Technol 40(1):19–24

Mergel I, Edelmann N, Haug N (2019) Defining digital transformation: results from expert interviews. Gov Inf Q 36(4):101385–101390

Pak JY, Yeo GT, Oh SW, Yang Z (2015) Port safety evaluation from a captain’s perspective: the Korean experience. Saf Sci 72:172–181

Papanikolaou A, Boulougouris E. 1998 Design aspects of survivability of surface naval and merchant ships. In Proc Int Conf Naval Technol St John's Newfoundland September

Peña LE, Zapata MA, Barrios M (2019) Analytic hierarchy process approach for the selection of stream-gauging sites. Hydrol Sci J 64(14):1783–1792

Pristrom S, Yang Z, Wang J, Yan X. (2016) A novel flexible model for piracy and robbery assessment of merchant ship operations. Reliab Eng Syst Saf (201155: 196-211

Puisa R, Lin L, Bolbot V, Vassalos D (2018) Unravelling causal factors of maritime incidents and accidents. Saf Sci 110:124–141

Qu Z, Wan C, Yang Z, Lee P T W. (2018) A discourse of multi-criteria decision making (MCDM) approaches. In multi- Criter Decis Mak in Marit stud Logist (pp. 7-29) springer, Cham

Rao M, Kamila NK (2017) Tracking intruder ship in wireless environment. Hum -centric Comput Inf Sci 7(1):14–18

Rezai A, Keshavarzi P, Moravej Z (2017) Key management issue in SCADA networks: a review. Eng Sci Technol Int J 20(1):354–363

Roberts FS (2019) From football to oil rigs: risk assessment for combined cyber and physical attacks. J Ben -Cost Anal 10(2):251–273

Sabaliauskaite G, Mathur A P. (2015) Aligning cyber-physical system safety and security. In complex Syst design manage Asia (pp. 41-53) springer, Cham

Sarkodie PA, Zhang ZK, Benuwa BB, Ghansah B, Ansah E (2018) A survey of advanced marine communication and navigation technologies: developments and strategies. In Int J Eng Res Afr Trans Tech Publications 34:102–115

Schmittner C, Ma Z, Puschner P (2016) Limitation and improvement of STPA-sec for safety and security co-analysis. Int Conf Comput Saf Reliab Sec Springer Cham:195–209

Singh S, Olugu EU, Musa SN, Mahat AB (2018) Fuzzy-based sustainability evaluation method for manufacturing SMEs using balanced scorecard framework. J Intell Manuf 29(1):1–18

Škrlec Z, Bićanić Z, Tadić J. (2014) Maritime cyber defense 6^th Int Marit Sci Conf (IMSC), Proc April Solin Croatia 28–29

Soner O, Celik E, Akyuz E (2017) Application of AHP and VIKOR methods under interval type 2 fuzzy environment in maritime transportation. Ocean Eng 129:107–116

Sullivan AK (2010) Piracy in the horn of Africa and its effects on the global supply chain. J Trans Sec 3(4):231–243

Svilicic B, Brčić D, Žuškin S, Kalebić D (2019a) Raising awareness on cyber security of ECDIS. TransNav: Int J Mar Navig Saf Sea Transp 13(1):231–236

Svilicic B, Rudan I, Frančić V, Doričić M (2019b) Shipboard ECDIS cyber security: third-party component threats. Pomorstvo 33(2):176–180

Tam K, Jones KD (2018) Maritime cybersecurity policy: the scope and impact of evolving technology on international shipping. J Cyber Policy 3(2):147–164

Tam K, Jones K (2019) MaCRA: a model-based framework for maritime cyber-risk assessment. WMU J Marit Aff 18(1):129–163

Tavana M, Hatami-Marbini A (2011) A group AHP-TOPSIS framework for human spaceflight mission planning at NASA. Experts Syst with Appl 38(11):13588–13603

Thieme CA, Utne IB, Haugen S (2018) Assessing ship risk model applicability to marine autonomous surface ships. Ocean Eng 165:140–154

Uğurlu Ö, Yıldız S, Loughney S, Wang J (2018) Modified human factor analysis and classification system for passenger vessel accidents (HFACS-PV). Ocean Eng 161:47–61

Venables A (2017) Maritime Cyberpower projection. Marit Interd OperJ 14:15–28

Wachter S, Mittelstadt B, Russell C (2017) Counterfactual explanations without opening the black box: automated decisions and the GDPR. Harv J Law Technol 31:841–848

Wang L, Yang Z (2018) Bayesian network modelling and analysis of accident severity in waterborne transportation: a case study in China. Reliab Eng Syst Saf 180:277–289

Whitehead D E , Owens K , Gammel D , Smith J. (2017) Ukraine cyber-induced power outage: analysis and practical mitigation strategies. In 70th Annu Conf Prot relay Eng (CPRE), April. IEEE 1-8

Wróbel K, Montewka J, Kujala P (2018) Towards the development of a system-theoretic model for safety assessment of autonomous merchant vessels. Reliab Eng Syst Saf 178:209–224

Xing B, Dai J, Liu S (2016) Enforcement of opacity security properties for ship information system. Int J Nav Archit Ocean Eng 8(5):423–433

Yager RR (2016) Generalized orthopair fuzzy sets. IEEE Trans Fuzzy Syst 25(5):1222–1230

Yan XP, Wu B, Zhang D, Zhang JF (2017) Emergency management of maritime accidents in the yangtze river: problems, practice and prospects. Int J Mar Navig Saf Sea Transp, TransNav, pp 11–17

Yi M (2018) Grey comprehensive evaluation of ship safety risk assessment. Int J Sci 5(1):25–28

Titel: Appraisal of a Ship’s Cybersecurity efficiency: the case of piracy
verfasst von: Hristos Karahalios
Publikationsdatum: 27.09.2020
Verlag: Springer US
Erschienen in: Journal of Transportation Security / Ausgabe 3-4/2020
Print ISSN: 1938-7741
Elektronische ISSN: 1938-775X
DOI: https://doi.org/10.1007/s12198-020-00223-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3-4/2020

Security of passenger transport in the Baltic Sea in the context of foreign terrorist fighters

Exploring Contemporary Sea Piracy in Nigeria, the Niger Delta and the Gulf of Guinea

The interconnectedness between efforts to reduce the risk related to accidents and attacks - naval examples

An overview of operational security considerations for husbanding service providers of the U.S. navy

Paperless ship navigation: cyber security weaknesses

Maritime trade and piracy in the Gulf of Aden and the Indian Ocean (1994–2017)

Premium Partner