Abstract
The integration of IT, OT, and human factor elements in maritime assets is critical for their efficient and safe operation and performance. This integration defines cyber physical systems and involves a number of IT and OT components, systems, and functions that involve multiple and diverse communication paths that are technologically and operationally evolving along with credible cyber security threats. These cyber security threats and risks as well as a number of known security breach scenarios are described in this paper to highlight the evolution of cyber physical systems in the maritime domain and their emerging cyber vulnerabilities. Current industry and governmental standards and directives related to cyber security in the maritime domain attempt to enforce the regulatory compliance and reinforce asset cyber security integrity for optimum and safe performance with limited focus, however, in the existing OT infrastructure and systems. The use of outside-of-the-maritime industry security risk assessment tools and processes, such the API STD 780 Security Risk Assessment (SRA) and the Bow Tie Analysis methodologies, can assist the asset owner to assess its IT and OT infrastructure for cyber and physical security vulnerabilities and allocate proper mitigation measures assuming their similarities to ICS infrastructure. The application of cyber security controls deriving from the adaptation of the NIST CSF and the MITRE ATT&CK Threat Model can further increase the cyber security integrity of maritime assets, assuming they are periodically evaluated for their effectiveness and applicability. Finally, the improvement in communication among stakeholders, the increase in operational and technical cyber and physical security resiliency, and the increase in operational cyber security awareness would be further increased for maritime assets by the convergence of the distinct physical and cyber security functions as well as onshore- and offshore-based cyber infrastructure of maritime companies and asset owners.
Highlights
This paper explores the cyber physical concepts of cyber security for maritime assets, both onshore and offshore
Considering the physical security element involved for cyber systems, asset owners and operators need to realize the need for the actual physical protection and security required for such systems, components, and processes including portable and personal devices used for business or operations on board vessels
Side of systems and operations and fail to tackle the interoperability and threats to OT systems and components in the maritime sector; The importance of the physical protection of IT and OT assets needs to be recognized by asset owners, operators, and integrators
Summary
This paper explores the cyber physical concepts of cyber security for maritime assets, both onshore and offshore. Cyber physical systems in the maritime sector constitute a complex field that involves the integration of IT (information technology) and OT (operational technology) systems and the interface with human element parameters. This integration, as depicted, defines the concept of cyber physical systems and represents the majority of systems onboard maritime assets. Maritime assets operated by humans contain an IT and OT interface that links together processes, systems, components, and the technical and operational performance. A vessel’s crew represents the operator of these components and processes and is responsible for the operational and performance integrity of the vessel as a whole.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
