Hostname: page-component-78c5997874-94fs2 Total loading time: 0 Render date: 2024-11-09T08:27:44.618Z Has data issue: false hasContentIssue false
  • English
  • Français

Towards a Cyber Secure Shipboard Radar

Published online by Cambridge University Press:  07 November 2019

Boris Svilicic ,
Igor Rudan ,
Vlado Frančić  and
Djani Mohović
Boris Svilicic*
Affiliation:
(University of Rijeka, Faculty of Maritime Studies, Studentska ulica 2, 51000Rijeka, Croatia)
Igor Rudan
Affiliation:
(University of Rijeka, Faculty of Maritime Studies, Studentska ulica 2, 51000Rijeka, Croatia)
Vlado Frančić
Affiliation:
(University of Rijeka, Faculty of Maritime Studies, Studentska ulica 2, 51000Rijeka, Croatia)
Djani Mohović
Affiliation:
(University of Rijeka, Faculty of Maritime Studies, Studentska ulica 2, 51000Rijeka, Croatia)
*
(E-mail: [email protected])
Get access Rights & Permissions [Opens in a new window]

Abstract

This paper presents a comparative cyber security resilience estimation of shipboard radars that are implemented on two oil/chemical tankers certified as SOLAS ships. The estimated radars were chosen from the same manufacturer, but belonged to different generations. The estimation was conducted by means of ships' crew interviews and computational testing of the radars using a widely deployed vulnerability scanning software tool. The identified cyber threats were analysed qualitatively in order to gain a holistic understanding of cyber risks threatening shipboard radar systems. The results obtained experimentally indicate that potential cyber threats mainly relate to maintenance of the radars' underlying operating system, suggesting the need for regulatory standardisation of periodic cyber security testing of radar systems.

Keywords

Navigation SafetyRadarMaritime Cyber SecurityVulnerability Scanning
Type
Research Article
Information
The Journal of Navigation , Volume 73 , Issue 3 , May 2020 , pp. 547 - 558
Copyright
Copyright © The Royal Institute of Navigation 2019

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

REFERENCES

BIMCO. (2017). The guidelines on cyber security onboard ships. Version 2.0. BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.Google Scholar
DNV-GL. (2016). Cyber security resilience management for ships and mobile offshore units in operation. DNVGL-RP-0496. DNV-GL.Google Scholar
Fernández-Hernández, I., Châtre, E., Chiara, A. D., Da Broi, G., Pozzobon, O., Fidalgo, J., Odriozola, M., Moreno, G., Sturaro, S., Caparra, G., Laurenti, N. and Rijmen, V. (2018). Impact analysis of SBAS authentication. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 65, 517532.Google Scholar
Hareide, O. S., Jøsok, Ø., Lund, M. S., Ostnes, R. and Helkala, K. (2018). Enhancing navigator competence by demonstrating maritime cyber security. Journal of Navigation, 71, 10251039.CrossRefGoogle Scholar
International Electrotechnical Commission (IEC). (2018). Maritime navigation and radio communication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners – Ethernet interconnection - Safety and Security. IEC 61162-460:2018. RLV International Electrotechnical Commission.Google Scholar
International Maritime Organization (IMO). (2004). Adoption of the Revised Performance Standards for Radar Equipment. MSC.192(79). International Maritime Organization.Google Scholar
International Maritime Organization (IMO). (2017a). Guidelines on maritime cyber risk management. MSC-FAL.1/Circ.3. International Maritime Organization.Google Scholar
International Maritime Organization (IMO). (2017b). Maritime Cyber Risk Management in Safety Management Systems. MSC 98/23/Add.1. International Maritime Organization.Google Scholar
Lee, Y. C., Park, S. K., Lee, W. K. and Kang, J. (2017). Improving cyber security awareness in maritime transport: Aa way forward. Journal of the Korean Society of Marine Engineering, 41, 738745.Google Scholar
Lewis, S., Maynard, L., Chow, C. E. and Akos, D. (2018). Secure GPS data for critical infrastructure and key resources: cross-layered integrity processing and alerting service. NAVIGATION, Journal of The Institute of Navigation, 65, 389403.Google Scholar
Microsoft. (2017). Microsoft Security Bulletin MS17-010 - Critical. https://technet.microsoft.com/library/security/ MS17-010.Google Scholar
Microsoft. (2019). Microsoft: Search product lifecycle. https://support.microsoft.com/en-us/lifecycle.Google Scholar
National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1. National Institute of Standards and Technology.Google Scholar
Nessus. (2019). Tenable Products: Nessus Professional. https://www.tenable.com/products/nessus/nessus-professional.Google Scholar
Oil Companies International Marine Forum (OCIMF). (2019). Ship Inspection Report (SIRE) Programme - Vessel Inspection Questionnaires for Oil Tankers, Combination Carriers, Shuttle Tankers, Chemical Tankers and Gas Tankers, Seventh Edition (VIQ 7). https://www.ocimf.org/media/127546/SIRE-Vessel-Inspection-Questionnaire-VIQ-Ver-7007.pdf.Google Scholar
Polatid, N., Pavlidis, M. and Mouratidis, H. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards and Interfaces, 59, 7482.CrossRefGoogle Scholar
Shapiro, L. R., Maras, M.-H., Velotti, L., Pickman, S., Wei, H.-L. and Till, R. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Journal of Transportation Security, 8, 119.Google Scholar
Svilicic, B., Kamahara, J., Rooks, M. and Yano, Y. (2019). Maritime cyber risk management: an experimental ship assessment. Journal of Navigation, in press. doi:0.1017/S0373463318001157CrossRefGoogle Scholar
Swiss Government Computer Emergency Response Team (CERT CH). (2017). Notes About The NotPetya Ransomware. https://www.govcert.admin.ch/blog/32/notes-about-the-notpetya-ransomware#.Google Scholar
Tam, K. and Jones, K. (2019). MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs, in press. doi:10.1007/s13437-019-00162-2Google Scholar
United States Computer Emergency Readiness Team. (CERT US). (2017). Alert (TA17-181A) Petya Ransomware. https://www.us-cert.gov/ncas/alerts/TA17-181A.Google Scholar