Journal is indexed in following databases:


2022 Journal Impact Factor - 0.6
2022 CiteScore - 1.7


HomePage
 
Main Area of TransNav Interests
Journal Vol. 18 No. 2 - June 2024
Journal Vol. 18 No. 1 - March 2024
Journal Vol. 17 No. 4 - December 2023
Journal Vol. 17 No. 3 - September 2023
Journal Vol. 17 No. 2 - June 2023
Journal Vol. 17 No. 1 - March 2023
Journal Vol. 16 No. 4 - December 2022
Journal Vol. 16 No. 3 - September 2022
Journal Vol. 16 No. 2 - June 2022
Journal Vol. 16 No. 1 - March 2022
Journal Vol. 15 No. 4 - December 2021
Journal Vol. 15 No. 3 - September 2021
Journal Vol. 15 No. 2 - June 2021
Journal Vol. 15 No. 1 - March 2021
Journal Vol. 14 No. 4 - December 2020
Journal Vol. 14 No. 3 - September 2020
Journal Vol. 14 No. 2 - June 2020
Journal Vol. 14 No. 1 - March 2020
Journal Vol. 13 No. 4 - December 2019
Journal Vol. 13 No. 3 - September 2019
Journal Vol. 13 No. 2 - June 2019
Journal Vol. 13 No. 1 - March 2019
Journal Vol. 12 No. 4 - December 2018
Journal Vol. 12 No. 3 - September 2018
Journal Vol. 12 No. 2 - June 2018
Journal Vol. 12 No. 1 - March 2018
Journal Vol. 11 No. 4 - December 2017
Journal Vol. 11 No. 3 - September 2017
Journal Vol. 11 No. 2 - June 2017
Journal Vol. 11 No. 1 - March 2017
Journal Vol. 10 No. 4 - December 2016
Journal Vol. 10 No. 3 - September 2016
Journal Vol. 10 No. 2 - June 2016
Journal Vol. 10 No. 1 - March 2016
Journal Vol. 9 No. 4 - December 2015
Journal Vol. 9 No. 3 - September 2015
Journal Vol. 9 No. 2 - June 2015
Journal Vol. 9 No. 1 - March 2015
Journal Vol. 8 No. 4 - December 2014
Journal Vol. 8 No. 3 - September 2014
Journal Vol. 8 No. 2 - June 2014
Journal Vol. 8 No. 1 - March 2014
Journal Vol. 7 No. 4 - December 2013
Journal Vol. 7 No. 3 - September 2013
Journal Vol. 7 No. 2 - June 2013
Journal Vol. 7 No. 1 - March 2013
Journal Vol. 6 No. 4 - December 2012
Journal Vol. 6 No. 3 - September 2012
Journal Vol. 6 No. 2 - June 2012
Journal Vol. 6 No. 1 - March 2012
Journal Vol. 5 No. 4 - December 2011
Journal Vol. 5 No. 3 - September 2011
Journal Vol. 5 No. 2 - June 2011
Journal Vol. 5 No. 1 - March 2011
Journal Vol. 4 No. 4 - December 2010
Journal Vol. 4 No. 3 - September 2010
Journal Vol. 4 No. 2 - June 2010
Journal Vol. 4 No. 1 - March 2010
Journal Vol. 3 No. 4 - December 2009
Journal Vol. 3 No. 3 - September 2009
Journal Vol. 3 No. 2 - June 2009
Journal Vol. 3 No. 1 - March 2009
Journal Vol. 2 No. 4 - December 2008
Journal Vol. 2 No. 3 - September 2008
Journal Vol. 2 No. 2 - June 2008
Journal Vol. 2 No. 1 - March 2008
Journal Vol. 1 No. 4 - December 2007
Journal Vol. 1 No. 3 - September 2007
Journal Vol. 1 No. 2 - June 2007
Journal Vol. 1 No. 1 - March 2007

Author Index
Keywords

Editorial Board

Information for Authors
Publication Ethics and Publication Malpractice Statement
Copyright Policy
Paper Submission
Review Process

Statistics
 
List of Reviewers in TransNav Journal

List of Reviewers in 2017
List of Reviewers in 2016
List of Reviewers in 2015
List of Reviewers in 2014
List of Reviewers in 2013
List of Reviewers in 2012
List of Reviewers in 2011
List of Reviewers in 2010
List of Reviewers in 2009
List of Reviewers in 2008
List of Reviewers in 2007
 
ISSN 2083-6473
ISSN 2083-6481 (electronic version)
 
 
 
Editor-in-Chief
Prof. Adam Weintrit

Associate Editor
Prof. Tomasz Neumann
 
Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
www http://www.transnav.eu
e-mail transnav@umg.edu.pl
CERP: A Maritime Cyber Risk Decision Making Tool
E. Erstad 1 ORCID iD icon, R. Hopcraft 2 ORCID iD icon, J.D. Palbar 2 , K. Tam 2 ORCID iD icon
1 Norwegian University of Science and Technology, Ålesund, Norway
2 University of Plymouth, Plymouth, United Kingdom
ABSTRACT: An increase in the complexity of systems onboard ships in the last decade has seen a rise in the number of reported maritime cyber-attacks. To tackle this rising risk the International Maritime Organization published high-level requirements for cyber risk management in 2017. These requirements obligate organisations to establish procedures, like incident response plans, to manage cyber-incidents. However, there is currently no standardised framework for this implementation. This paper proposes a Cyber Emergency Response Procedure (CERP), that provides a framework for organisations to better facilitate their crew’s response to a cyber-incident that is considerate of their operational environment. Based on an operations flowchart, the CERP provides a step-by-step procedure that guides a crew’s decision-making process in the face of a cyber-incident. This high-level framework provides a blueprint for organisations to develop their own cyber-incident response procedures that are considerate of operational constraints, existing incident procedures and the complexity of modern maritime systems.
KEYWORDS: Emergency Response Procedures, Safety and Security, Risk Mitigation, Maritime Cyber Resilience, Cyber Risk Management, Maritime Cyber Security, Maritime Cyber Threats, Cyber Incident Response
REFERENCES
NORMA Cyber, "NORMA Cyber Annual Threat Assessment 2022," Norwegian Maritime Cyber Resilience Centre, normacyber.no, 2022. [Online]. Available: https://www.normacyber.no/news/norma-annual-threat-assessment-2022
K. Tam et al., "Case Study of a Cyber-Physical Attack Affecting Port and Ship Operational Safety," 2021, doi: - doi:10.4236/jtts.2022.121001
International Maritime Organization, MSC-FAL.1/Circ.3. Guidelines on maritime cyber risk management, 2017. [Online]. Available: http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Pages/Cyber-security.aspx.
International Maritime Organization, Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems, 2017. [Online]. Available: http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Pages/Cyber-security.aspx. Accessed on: 22.02.2023.
The Guidelines on Cyber Security onboard Ships Version 4.0, BIMCO, 2020. [Online]. Available: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships
IACS. "IACS adopts new requirements on cyber safety." IACS. https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/ (accessed 20 February, 2023).
E. Erstad, M. S. Lund, and R. Ostnes, "Navigating Through Cyber Threats, A Maritime Navigator’s Experience," 2022, doi: - doi:10.54941/ahfe1002205
International Maritime Organization. "Maritime Safety." IMO. https://www.imo.org/en/OurWork/Safety/Pages/default.aspx (accessed 20 February, 2023).
International Maritime Organization, International safety management code: with guidelines for its implementation, 2018 edition.; Fifth edition. ed. (ISM-Code). London: International Maritime Organization, 2018.
International Maritime Organization, SOLAS, Consolidated Edition, 2020 (SOLAS). London: International Maritime Organization, 2020.
International Maritime Organization. "The International Safety Management (ISM) Code." IMO. https://www.imo.org/en/ourwork/humanelement/pages/ISMCode.aspx (accessed 23 February, 2023).
International Chamber of Shipping, Bridge Procedures Guide. Marisec, 2022.
ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary, ISO, iso.org, 2020. [Online]. Available: https://www.iso.org/standard/73906.html
ISO/IEC 27001:2017 Information security, cybersecurity and privacy protection — Information security management systems — Requirements, ISO, iso.org, 2017. [Online]. Available: https://www.iso.org/standard/82875.html
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls, ISO, iso.org, 2022. [Online]. Available: https://www.iso.org/standard/75652.html
Directive (EU) 2016/1148 European Union Parliament, Official Journal of the European Union, 2016. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L1148&from=EN
DIRECTIVE (EU) 2022/2555, European Union Parliament, Official Journal of the European Union, 2022. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555&qid=1677163438395&from=en
Framework for improving critical infrastructure cybersecurity, N. I. o. S. a. T. NIST, 2018. [Online]. Available: https://www.nist.gov/cyberframework/framework
ENISA, "ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR," https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1, 2011. [Online]. Available: https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1
Cyber security resilience management for ships and mobile offshore units in operation, DNV, standards.dnv.com, 2016. [Online]. Available: https://standards.dnv.com/explorer/document/0ED73B3209DA42CDA6392BC3946585C9/4
Rec 166 - Recommendation on Cyber Resilience, IACS, 2020. [Online]. Available: http://www.iacs.org.uk/publications/recommendations/161-180/
The Guidelines on Cyber Security onboard Ships Version 1.0, BIMCO, 2016. [Online]. Available: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships
ISO 23806:2022 Ships and marine technology — Cyber safety, ISO, iso.org, 2022. [Online]. Available: https://www.iso.org/standard/77027.html
Vessel Cyber Risk Management Work Instruction, United States Coast Guard, https://www.dco.uscg.mil/, 2020. [Online]. Available: https://www.dco.uscg.mil/Our-Organization/Assistant-Commandant-for-Prevention-Policy-CG-5P/Inspections-Compliance-CG-5PC-/Commercial-Vessel-Compliance/CVCmms/
IACS UR E26 Cyber resilience of ships, IACS, https://iacs.org.uk/, 2022. [Online]. Available: https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/
IACS UR E27 Cyber resilience of ships equipment, IACS, https://iacs.org.uk/, 2022. [Online]. Available: https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/
T.-r. Qin, W.-j. Chen, and X.-k. Zeng, "Risk management modeling and its application in maritime safety," Journal of Marine Science and Application, vol. 7, no. 4, pp. 286-291, 2008. - doi:10.1007/s11804-008-7076-y
ISO 5807:1985 Information processing — Documentation symbols and conventions for data, program and system flowcharts, program network charts and system resources charts, ISO, iso.org, 1985. [Online]. Available: https://www.iso.org/standard/11955.html
M. Raimondi, G. Longo, A. Merlo, A. Armando, and E. Russo, "Training the maritime security operations centre teams," in 2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022: IEEE, pp. 388-393, doi: - doi:10.1109/CSR54599.2022.9850324
P. Greig, A. Maloney, and H. Higham, "Emergencies in general practice: could checklists support teams in stressful situations?," (in eng), Br J Gen Pract, vol. 70, no. 695, pp. 304-305, Jun 2020, doi: 10.3399/bjgp20X709373. - doi:10.3399/bjgp20X709373
D. L. Hepner et al., "Operating room crisis checklists and emergency manuals," Anesthesiology, vol. 127, no. 2, pp. 384-392, 2017. - doi:10.1097/ALN.0000000000001731
BIMCO, International Chamber of Shipping, and Witherby Publishing Group, Cyber Security Workbook for On Board Ship Use - 4th Edition, 2023. Livingston: Witherby Publishing Group, 2023.
F. S. Foundation. "FSF ALAR Briefing Note 1.5, Normal Checklists." SKYbrary Aviation Safety. https://skybrary.aero/bookshelf/fsf-alar-briefing-note-15-normal-checklists (accessed 21 February, 2023).
G. Di Stefano, F. Gino, G. Pisano, and B. R. Staats, "Learning by Thinking: How Reflection Can Spur Progress Along the Learning Curve," Management Science, Harvard Business School NOM Unit Working Paper No. 14-093, 2014, doi: https://dx.doi.org/10.2139/ssrn.2414478. - doi:10.2139/ssrn.2414478
A. Nganga, M. Lützhöft, J. Scanlan, and S. Mallam, "Timely Maritime Cyber Threat Resolution in a Multi-Stakeholder Environment," 2022.
G. Stoker, J. Greer, U. Clark, and C. Chiego, "Considering Maritime Cybersecurity at a Non-Maritime Education and Training Institution," in Proceedings of the EDSIG Conference ISSN, 2022, vol. 2473, p. 4901.
Erstad E., Ostnes R., Lund M.S.: An Operational Approach to Maritime Cyber Resilience. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 15, No. 1, doi:10.12716/1001.15.01.01, pp. 27-34, 2021
Citation note:
Erstad E., Hopcraft R., Palbar J.D., Tam K.: CERP: A Maritime Cyber Risk Decision Making Tool. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 17, No. 2, doi:10.12716/1001.17.02.02, pp. 269-279, 2023
Authors in other databases:
Juan Dorje Palbar: Scholar iconuTyE0d8AAAAJ

Other publications of authors:


File downloaded 357 times








Important: TransNav.eu cookie usage
The TransNav.eu website uses certain cookies. A cookie is a text-only string of information that the TransNav.EU website transfers to the cookie file of the browser on your computer. Cookies allow the TransNav.eu website to perform properly and remember your browsing history. Cookies also help a website to arrange content to match your preferred interests more quickly. Cookies alone cannot be used to identify you.
Akceptuję pliki cookies z tej strony