As the maritime sector embraces more technology to increase efficiency, lower carbon emissions, and adapt to meet modern challenges, cyber and cyberphysical safety become a more significant issue. However, unfortunately, much of past research view cyber-security issues in transportation as primarily information technology problems. This paper designs and uses a case study to illustrate how cyber-security and physical safety should be viewed together, cyber and physical (i.e. cyber-physical), when considering ship-to-ship and ship-to-shore interactions. While there is some scenario designing, this case study is built with real port data and ship systems to demonstrate a real-world cyber-attack on a ship. It shows plausible physical effects that affect the safety of those involved. This case study is also made realistic with a novel hybrid cyber range and hardware testbed environment, designed to examine the different effects a ship-based cyber-attack could potentially have on a port. This informs several solutions, technical and social, that could enhance cyberphysical safety in marine transportation.
In recent years there has been a relentless drive by all industries to digitalize many of the everyday operations. The maritime industry is no exception, with the increase in digital tools that assist the everyday operations of the seafarer. What is more, much of this technology is now networked together, or to the internet, which opens the seafarer up to a wave of new cyber risks. Maritime communication systems have often been demonstrated as insecure in the recent past. Thus, without appropriate training, seafarers are ill-prepared to protect themselves, and the systems they are responsible for, from the impacts of a cyber incident. This article will argue that there is a clear link between seafarer training and maritime safety. As such, there is a need to develop standardized digital competencies for all seafarers. The creation of these competencies needs to be considerate of the company-specific and operation-specific risk management practices. This article presents one possible solution for the development of maritime digital competencies utilizing the well-established NIST Cybersecurity Framework.
Ships and ports are increasingly connected to each other through cyberspace. This connectivity streamlines many aspects of maritime business, but also exposes maritime operators and administrations to new types of risk including hacking and outage. The maritime industry has been slow to realize the implications of this new environment within which it operates, and now lags behind other industries (like aviation) when it comes to cyber risk mitigation and regulation. We argue that the International Maritime Organisation (IMO), alongside its members, urgently needs to create robust and resilient cybersecurity regulations. We suggest that the IMO should consider creating a standalone Cyber Code, based on a framework created by previous IMO Codes such as the Polar Code. Since the IMO uses Codes as a legally binding instrument, this would help to ensure the continued safety and efficiency of the maritime industry in the face of threats from cyberspace.
Many maritime activities, such as loading, unloading and transporting cargoes, consist primarily of long periods of low-stress, with some moments of high stress during complex manoeuvres or unanticipated, dangerous, incidences. The increase in autonomy provided by machines and AI is beginning to take over certain tasks in the maritime sector, to reduce costs and mitigate human error. However, with the current levels of autonomous technology available, legislation, and public trust in the technology, such solutions are only able to remove majority of tasks associated with low-stress periods. In fact, many current remote control solutions still suggest relying on human operators to deal with the complex situations AI struggle with. Such a human-automation relationship could endanger the human element. The concern is that, if the human user is spending a disproportionate part of their time dealing with multiple, unconnected, high-stress tasks, without periods to de-stress, this could increasingly put workers at risk. This paper seeks to highlight potential technical, social, and mental, issues that may arise as the sector begins implementing semi-autonomous and fully autonomous maritime operations.
A rise in catastrophic loss-of-life events as a result of poor safety management (e.g., the capsizing of the Herald of Free Enterprise and the Costa Concordia) has driven the maritime sector to improve its safety management practices. This paper will explore the vital role of the human element within safety management, and why, as part of that safety management, organizations must foster a safety culture. This development must be achieved if organizations are to make a significant step forward in preventing similar catastrophes in the future. It is important to note that the development of safety cultures is not new to the maritime sector. However, the increase in connected systems within the sector (e.g., satellite communications) means these safety cultures must now consider the new, or altered, risks posed by digital systems. Therefore, the paper, through a high-level literature review, will consider what the core elements of a cyber safety culture are, and how an organization company can nurture its development, both internally and across the wider sector. The paper will discuss the various benefits of developing a robust cyber safety culture, including demonstrable compliance to the International Maritime Organization’s (IMO) cyber regulation, Resolution MSC.428(98). The paper will conclude by arguing the development of a cyber safety culture is not going to remove all risk completely, but rather will allow organizations to be better prepared for when incidents do occur. Highlights This paper argues that managing maritime cyber risks is not easy. However, through the inclusion of cyber risk into an organisations safety culture, operations can become more resilient to cyber incidents. Safety cultures have been a mandated part of maritime risk management for many years. Through the ratification of the International Maritime Organizations Resolution MSC.428(98) cyber risks are now included within this remit. This paper explores the benefits to an organisation by developing a cyber safety culture, including: demonstration of compliance, reduction in the human risk, lower financial implications and potentially better insurance premiums. The paper also discusses the practical implications of developing a cyber safety culture, and how through experiencing these cultures early on in their career can have positive improvements on the safety of operations.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.