Paperless ship navigation: cyber security weaknesses
- PDF / 2,623,049 Bytes
- 12 Pages / 439.37 x 666.142 pts Page_size
- 24 Downloads / 180 Views
Paperless ship navigation: cyber security weaknesses Boris Svilicic 1
& Miho
Kristić 2 & Srđan Žuškin 1 & David Brčić 1
Received: 11 February 2020 / Accepted: 21 September 2020/ # Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract Maritime transportation is backbone of globalized trade and the manufacturing supply chain as nowadays more than four fifths of world merchandise trade by volume is carried by ships. Safe navigation of ships of today depends heavily on cyber-physical systems, of which the central is the Electronic Chart Display and Information System (ECDIS). The paperless ship navigation is allowed when the type approved ECDIS with official electronic navigation charts acts as an independent backup for the primary system. In this paper, we present an analysis of cyber security weaknesses of the paperless ship navigation that relies on two internetworked ECDIS workstations in the backup arrangement. The method of analysis is based on cyber security testing of the ECDIS workstations with an industry vulnerability scanner tool. The detected vulnerabilities are analysed in the context of ECDIS backup arrangement and safeguards implemented on board the paperless ship. The obtained results suggest that the critical cyber threat vectors result from uncontrolled internetworking of unmaintained ECDIS workstations with identical hardware and software configurations. Keywords Navigation safety . Paperless ship . Cyber-physical system . ECDIS backup
arrangement . Maritime cyber security . Cyber security testing
Introduction Maritime transportation has been the backbone of globalized trade and the manufacturing supply chain for hundreds of years, whereas nowadays more than four fifths of world merchandise trade by volume is carried by ships (UNCTAD 2019). The Electronic Chart Display and Information System (ECDIS) has revolutionized the way ships are navigated. The combination of abilities to provide real-time navigational
* Boris Svilicic [email protected]
1
Faculty of Maritime Studies, University of Rijeka, Rijeka, Croatia
2
Maritime Department, University of Dubrovnik, Dubrovnik, Croatia
Svilicic B. et al.
information and to reduce workload compared to the traditional paper charts has allowed the ship’s navigational ranks to focus on the actual traffic situation, enhancing the navigation efficiencies and environmental protection (Brčić et al. 2019). Over more than three decades of development, and mandatory implementation in the maritime industry since the year 2018, ECDIS has been developed in complex cyber-physical system. The initial concerns from the new equipment and the over-reliance have changed to recognition of cyber risks threatening the safe ship navigation (Svilicic et al. 2019a, b, c; Kaleem Awan and Al Ghamdi 2019; Lee et al. 2019, Tam and Jones 2019; Hareide et al. 2018, Kessler et al. 2018; Lewis et al. 2018; Shapiro et al. 2018). International Maritime Organization (IMO) has set generic guidelines to manage maritime cyber risk (IMO 2017b) and imposed that cybe
Data Loading...
