Abstract
The International Maritime Organization (IMO) published the Guidelines on Maritime Cyber Risk Management in 2017 to strengthen cybersecurity in consideration of digitalized ships. As part of these guidelines, the IMO recommends that each flag state should integrate and manage matters regarding cyber risk in the ship safety management system (SMS) according to the International Safety Management Code (ISM Code) before the first annual verification that takes place on or after 1 January 2021. The purpose of this paper is to identify cybersecurity risk components in the maritime sector that should be managed by the SMS in 2021 and to derive priorities for vulnerability improvement plans through itemized risk assessment. To this end, qualitative risk assessment (RA) was carried out for administrative, technical, and physical security risk components based on industry and international standards, which were additionally presented in the IMO guidelines. Based on the risk matrix from the RA analysis results, a survey on improving cybersecurity vulnerabilities in the maritime sector was conducted, and the analytic hierarchy process was used to analyze the results and derive improvement plan priority measures.
Highlights
IntroductionJ. As technology advances, more and more ship systems rely on digitalization, integration, and automation and require cyber risk management [1,2,3]
The purpose of this paper is to identify cyber risk factors based on the best practices proposed by International Maritime Organization (IMO) guidelines, such as the shipowners’ group guidelines (BIMCO et al guidelines), and the ISO/IEC 27001 international standards, and to derive improvement plan priorities for enhancing cybersecurity systems in the maritime sector
A cybersecurity risk assessment was conducted on an expert group
Summary
J. As technology advances, more and more ship systems rely on digitalization, integration, and automation and require cyber risk management [1,2,3]. Cyberattacks at sea can have adverse effects on the shipping lines supporting the safety operations of ships and vessels. In February of 2017, the hacking of an 8250 TEU container ship’s navigation system resulted in 10 h of the ship being controlled by cyber pirates, and other cases of offshore and shore cyberattacks have been reported [11,12,13,14,15,16,17,18]. In June 2017, the port terminal IT system of Maersk Line, the world’s largest shipping company, was attacked by the NotPetya ransomware, which led Maersk’s container ships and its 76 port terminals around the world to cease working, and the subsequent recovery process cost up to USD
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
