ISSN 2083-6473
ISSN 2083-6481 (electronic version)




Associate Editor
Prof. Tomasz Neumann

Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
www http://www.transnav.eu
e-mail transnav@umg.edu.pl
An Operational Approach to Maritime Cyber Resilience
ABSTRACT: As a result of the last decades development of technology and increased connectivity of maritime vessels, the need for maritime cyber security is undoubtedly present. In 2017, IMO officially recognized “… the urgent need to raise awareness on cyber threats and vulnerabilities to support safe and secure shipping, which is operationally resilient to cyber risks”. Thus, Maritime Cyber Resilience is seen as key by IMO in the improvement of the maritime cyber security. It is assumed that human error is the cause of more than half successful cyber-attacks. If technology somehow fails, in example because of a cyber threat, the human is expected to handle the problem and provide a solution. It is therefore necessary to focus on the human aspect when considering maritime cyber threats. This paper aims to provide a working definition of “Maritime Cyber Resilience”. Further, the paper argues why the human should be a focus of study, as the human is at the sharp edge in a potential maritime cyber emergency.
Anholt, R., Boersma, F.K.: From security to resilience: New vistas for international responses to protracted crises. In: Linkov, I., Florin, M.-V., and Trump, B.D. (eds.) Resilience (Volume 2, 2018). pp. 25–32 International Risk Governance Center (2018). - doi:10.5075/epfl-irgc-262527
Awan, M.S., Al Ghamdi, M.A.: Understanding the Vulnerabilities in Digital Components of an Integrated Bridge System (IBS). Journal of Marine Science and Engineering. 7, 10, (2019). - doi:10.3390/jmse7100350
Bainbridge, L.: Ironies of automation. Automatica. 19, 6, 775–779 (1983). - doi:10.1016/0005-1098(83)90046-8
Barrett, M.: Framework for Improving Critical Infrastructure Cybersecurity Version 1.1, - doi:10.6028/NIST.CSWP.04162018, (2018)
Bimco, Clia, ICS, Intercargo, Intermanager, Intertanko, IUMI, OCIMF and World Shipping Council: The Guidelines on Cyber Security onboard Ships. BIMCO (ed.) Version 4.0 (2020).
Bodeau, D.J., Graubart, R.D., Picciotto, J., McQuaid, R.: Cyber Resiliency Engineering Framework. The MITRE Corporation (2011).
Bowditch, N.: The American practical navigator : an epitome of navigation. National Imagery and Mapping Agency (2002).
Boyes, H., Isbell, R.: Code of Practice: Cyber Security for Ships. Institution of Engineering and Technology, London, United Kingdom (2017).
Cambridge Online Dictionary: Maritime. Cambridge Univeristy Press (2021).
Cambridge Online Dictionary: Operation. Cambridge Univeristy Press (2021).
da Conceição, V.P., Dahlman, J., Navarro, A.: What is maritime navigation? Unfolding the complexity of a Sociotechnical System. Proceedings of the Human Factors and Ergonomics Society Annual Meeting. 61, 1, 267–271 (2017). - doi:10.1177/1541931213601549
Cutler, T.J.: Dutton’s Nautical Navigation. Naval Institute Press; (2004).
Daum, O.: Cyber Security in the Maritime Sector. J. Mar. L. & Com. 50, 1–19 (2019).
DiRenzo, J., Goward, D.A., Roberts, F.S.: The little-known challenge of maritime cyber security. In: 2015 6th International Conference on Information, Intelligence, Systems and Applications (IISA). pp. 1–5 (2015). - doi:10.1109/IISA.2015.7388071
DNV: Cyber security resilience management for ships and mobile offshore units in operation, https://www.dnv.com/maritime/dnvgl-rp-0496-recommended-practice-cyber-security-download.html, last accessed 2021/04/15.
Fitton, O., Prince, D., Germond, B., Lacy, M.: The future of maritime cyber security. Lancaster University (2015).
Giacomello, G., Pescaroli, G.: Managing Human Factors. In: Kott, A. and Linkov, I. (eds.) Cyber Resilience of Systems and Networks. pp. 247–263 Springer International Publishing, Cham (2019). - doi:10.1007/978-3-319-77492-3_11
Haimes, Y.Y.: On the Definition of Resilience in Systems. Risk Analysis. 29, 4, 498–501 (2009). - doi:10.1111/j.1539-6924.2009.01216.x
Hareide, O.S.: Podkast: Teknologi og mennesket som “sensor,” https://www.kystverket.no/Nyheter/2021/januar/ny-podkast-teknologi-og-mennesket-som-sensor/, last accessed 2021/04/16.
Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., Helkala, K.: Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. Journal of Navigation. 71, 5, 1025–1039 (2018). - doi:10.1017/S0373463318000164
Hollnagel, E.: Resilience engineering and the built environment. null. 42, 2, 221–228 (2014). - doi:10.1080/09613218.2014.862607
Hollnagel, E., Pariès, J., Woods, D., Wreathall, J.: Epilogue: RAG – The Resilience Analysis Grid. In: Resilience Engineering in Practice. pp. 275–296 CRC Press, London, United Kingdom (2011). - doi:10.1201/9781317065265-19
Hollnagel, E., Woods, D.D., Leveson, N.: Resilience Engineering: Concepts and Precepts. CRC Press (2006).
Hollnagel, Erik: How resilient is your organisation? In: An Introduction to the Resilience Analysis Grid (RAG). , Toronto, Canada (2010).
Hopcraft, R., Martin, K.M.: Effective maritime cybersecurity regulation – the case for a cyber code. null. 14, 3, 354–366 (2018). - doi:10.1080/19480881.2018.1519056
IACS: Rec 166 - Recommendation on Cyber Resilience, http://www.iacs.org.uk/publications/recommendations/161-180/, last accessed 2021/04/15.
Inmarsat: Best Practice Information and Communications Technology (ICT) Recommendations, https://www.inmarsat.com/en/insights/maritime/2019/best-practice-ict-guide.html, last accessed 2021/04/15.
International Maritime Organization: Maritime cyber risk, https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx, last accessed 2021/04/15.
International Maritime Organization: MSC-FAL.1/Circ.3. Guidelines on maritime cyber risk management, https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx, last accessed 2021/04/15.
International Maritime Organization: Resolution MSC.252(83): Adoption of the Revised Performance Standard for Integrated Navigation Systems (INS).
International Maritime Organization: Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems, https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx, last accessed 2021/04/15.
ISO: ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls, https://www.iso.org/standard/54533.html, last accessed 2021/04/15.
ITU: ITU-Tx. 1205. Interfaces. 10, 20–X, 49 (2008).
Jensen, L.: Challenges in Maritime Cyber-Resilience. Technology Innovation Management Review. 5, 4, 35–39 (2015). - doi:10.22215/timreview/889
Johnsen, S.: Resilience in Risk Analysis and Risk Assessment. In: Moore, T. and Shenoi, S. (eds.) Critical Infrastructure Protection IV. pp. 215–227 Springer Berlin Heidelberg, Berlin, Heidelberg (2010).
Karahalios, H.: Appraisal of a Ship’s Cybersecurity efficiency: the case of piracy. Journal of Transportation Security. 13, 3, 179–201 (2020). - doi:10.1007/s12198-020-00223-1
KVH Intelsat: Crew Connectivity 2018 Survey Report, http://www.crewconnectivity.com/?product=2018-crew-connectivity-survey-report, last accessed 2021/04/15.
Linkov, I., Kott, A.: Fundamental Concepts of Cyber Resilience: Introduction and Overview. In: Kott, A. and Linkov, I. (eds.) Cyber Resilience of Systems and Networks. pp. 1–25 Springer International Publishing, Cham (2019). - doi:10.1007/978-3-319-77492-3_1
Lund, M.S., Hareide, O.S., Jøsok, Ø.: An Attack on an Integrated Navigation System. Necesse. 3, 2, 149–163 (2018). - doi:10.21339/2464-353x.3.2.149
Madni, A.M., Jackson, S.: Towards a conceptual framework for resilience engineering. IEEE Engineering Management Review. 39, 4, 85–102 (2011). - doi:10.1109/EMR.2011.6093891
Markit, I.: Safety at Sea and BIMCO cyber security white paper, https://ihsmarkit.com/Info/0819/cyber-security-survey.html, last accessed 2021/04/15.
Martin-Breen, P., Anderies, J.M.: Resilience: A literature review, https://opendocs.ids.ac.uk/opendocs/handle/20.500.12413/3692, last accessed 2021/04/15.
McGillivary, P.: Why Maritime Cybersecurity Is an Ocean Policy Priority and How It Can Be Addressed. Marine Technology Society Journal. 52, 5, 44–57 (2018). - doi:doi:10.4031/MTSJ.52.5.11
Mileski, J., Clott, C., Galvao, C.B.: Cyberattacks on ships: a wicked problem approach. Maritime Business Review. 3, 4, 414–430 (2018). - doi:10.1108/MABR-08-2018-0026
Ng, D.: Safety first: maritime cyber security, IMO guidelines and the maritime supply chian. Riviera Maritime Media (2021).
NTNU: Literature review of “Maritime Cyber Resilience,” https://bibsys-almaprimo.hosted.exlibrisgroup.com/primo-explore/search?query=any,contains,%22maritime%20cyber%20resilience%22&tab=default_tab&search_scope=default_scope&vid=NTNU_UB&offset=0, last accessed 2021/04/15.
Refsdal, A., Solhaug, B., Stolen, K.: Cyber-Risk Management. Springer International Publishing (2015). - doi:10.1007/978-3-319-23570-7
Relling, T., Lützhöft, M., Ostnes, R., Hildre, H.P.: A Human Perspective on Maritime Autonomy. In: Schmorrow, D.D. and Fidopiastis, C.M. (eds.) Augmented Cognition: Users and Contexts. pp. 350–362 Springer International Publishing, Cham (2018).
SAGE Journals: Literature review of “Martime Cyber Resilience,” https://journals.sagepub.com/action/doSearch?filterOption=allJournal&AllField=%22maritime+cyber+resilience%22, last accessed 2021/04/15.
von Solms, R., van Niekerk, J.: From information security to cyber security. Computers & Security. 38, 97–102 (2013). - doi:10.1016/j.cose.2013.04.004
Springer: Literature review of "Maritime Cyber Resilience, https://link.springer.com/search?query=%22maritime+cyber+resilience%22, last accessed 2021/04/15.
Svilicic, B., Kamahara, J., Rooks, M., Yano, Y.: Maritime Cyber Risk Management: An Experimental Ship Assessment. Journal of Navigation. 72, 5, 1108–1120 (2019). - doi:10.1017/S0373463318001157
Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A Study on Cyber Security Threats in a Shipboard Integrated Navigational System. Journal of Marine Science and Engineering. 7, 10, (2019). - doi:10.3390/jmse7100364
TransNav.eu: Literature review of “Maritime Cyber Resilience,” https://www.transnav.eu/Search_maritime%20cyber%20resilience.html, last accessed 2021/04/15.
Westrum, R.: A Typology of Resilience Situations. In: Hollnagel, E., Woods, D.D., and Leveson, N. (eds.) Resilience Engineering: Concepts and Precepts. pp. 55–65 CRC Press, London, United Kingdom (2006). - doi:10.1201/9781315605685-8
Whitman, M.E., Mattord, H.J.: Principles of Information Security. Cengage Learning (2017).
Woltjer, R.: Deliverable D1.1 Consolidation of resilience concepts and practices for crisis management, https://h2020darwin.eu/project-deliverables/, last accessed 2021/04/15.
Citation note:
Erstad E., Ostnes R., Lund M.S.: An Operational Approach to Maritime Cyber Resilience. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 15, No. 1, doi:10.12716/1001.15.01.01, pp. 27-34, 2021

Other publications of authors:

File downloaded 102 times

Important: TransNav.eu cookie usage
The TransNav.eu website uses certain cookies. A cookie is a text-only string of information that the TransNav.EU website transfers to the cookie file of the browser on your computer. Cookies allow the TransNav.eu website to perform properly and remember your browsing history. Cookies also help a website to arrange content to match your preferred interests more quickly. Cookies alone cannot be used to identify you.
Akceptuję pliki cookies z tej strony