Assessing ship cyber risks: a framework and case study of ECDIS security
Autor: | Jasmin Ćelić, Johan Bolmsten, Boris Sviličić, Junzo Kamahara |
---|---|
Rok vydání: | 2019 |
Předmět: |
Risk level
Computer science business.industry 05 social sciences Vulnerability scanning 020101 civil engineering Transportation Human Factors and Ergonomics 02 engineering and technology Management Monitoring Policy and Law Computer security computer.software_genre 0201 civil engineering Safe operation Information and Communications Technology Management system Electronic Chart Display and Information System 0501 psychology and cognitive sciences maritime cyber risk management ship security assessment ship cyber critical systems cyber risk assessment assessment framework cyber security testing business Safety Research computer 050107 human factors Risk management |
Zdroj: | WMU Journal of Maritime Affairs. 18:509-520 |
ISSN: | 1654-1642 1651-436X |
Popis: | The growing reliance of the shipping industry on information and communication technologies places a high premium on cyber risk management. The International Mar- itime Organization has imposed improvement of the approved safety management system of ships by incorporating the cyber risk management no later than the first annual verification of a shipping company’s document of compliance following 1 January 2021. In this paper, we present a framework for assessing cyber risks that affect safe operation of ships. The framework relies on an on-board survey to identify existing safeguards, cyber security testing to detect vulnerabilities and threats, and determination of the cyber risk level. The cyber security testing of the ship’s critical systems and assets, as the specific part of the framework, is introduced and studied. The cyber security testing method is based on computational vulnerability scanning and penetration testing tech- niques, which is aligned with the upcoming maritime standard IEC 63154. For a case study, the testing of a shipboard Electronic Chart Display and Information System cyber security was performed using an industry vulnerability scanning tool. |
Databáze: | OpenAIRE |
Externí odkaz: |