The voyage data recorder (VDR) is a data recording system that aims to provide all navigational, positional, communicational, sensor, control and command information for data-driven investigation of accidents onboard ships. Due to the increasing dependence on interconnected networks, cybersecurity threats are one of the most severe issues and critical problems when it comes to safeguarding sensitive information and assets. Cybersecurity issues are extremely important for the VDR, considering that modern VDRs may have internet connections for data transfer, network links to the ship's critical systems and the capacity to record potentially sensitive data. Thus, this research adopted failure modes and effects analysis (FMEA) to perform a cybersecurity risk assessment of a VDR in order to identify cyber vulnerabilities and specific cyberattacks that might be launched against the VDR. The findings of the study indicate certain cyberattacks (false information, command injection, viruses) as well as specific VDR components (data acquisition unit (DAU), remote access, playback software) that required special attention. Accordingly, preventative and control measures to improve VDR cybersecurity have been discussed in detail. This research makes a contribution significantly to the improvement of ship safety management systems, particularly in terms of cybersecurity.
There is an undeniable recognition that maritime cybersecurity risk management should involve process, technology, and people. However, thus far, most studies have focused on the technical and process aspects of maritime cybersecurity, more than on the human element. On a vessel, the Electronic Chart Display and Information System (ECDIS) is, amongst all the electronic devices on the bridge, a complex and indispensable maritime sociotechnical system that must consider both technical and human aspects. In the context of maritime cyber resilience, it is important to note that when developing strategies for maritime cybersecurity, one cannot only consider technical security measures and ignore human error, as this does not adhere to good cybersecurity practice. To address this, this study aims to identify the navigating officers’ responsibilities for ECDIS cybersecurity and find the human error probabilities during these tasks via the SLIM-based human reliability analysis method. The outputs of this study provide an insight for industrial policies and best practices, in ECDIS cybersecurity risk management in terms of the behavioural and cultural aspects of shipping.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.