Cybersecurity and Maritime Industry
Nowadays, information security is considered as one of the most fundamental and critical factors that evaluates the reliability and availability of a computer system or an ICT environment. Information and communications technology (ICT) has induced a severe revolution in the digital era and the connected network (Internet) has become an integral part of our daily lives. All organizations and industries employ the Internet, computer networks and ICT infrastructure, including industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems in order to compete in the markets, increase productivity and operate effectively. They collect, process, store and share vast amounts of information rendering the protection of this information more vital to our national security and economic stability than ever before.
Cybersecurity is in the foreground and constitutes the ongoing effort to protect ICT and network systems and all of the data from unauthorized access, use or harm. Considering the vast number of vulnerabilities and attacks in ICT environments as well as the ramifications of successful exploitations, the demand for cybersavvy security engineers and experts has dramatically increased in order to assist in the mitigation of this situation by devising preventative methods and designing security policies and contingency plans. At the corporate level, especially in large and complex ICT environments, it is imperative and everyone’s responsibility to protect the valuable assets and sensitive data from potential theft or damage.
Maritime domain is not an exception to the rule since it has adopted a plethora of technology trends and ICT components, including automated machinery, industrial control and SCADA systems in order to remain competitive, optimize operations, increase productivity, reduce costs and improve the management of cargo. Therefore, it mainly relies on digital communications and computer-based infrastructure and a possible disruption or unavailability of these systems and services might cause negative or even disastrous consequences. Likewise with other industries, maritime industry is not immune to these risks since cyber security awareness is currently low to nonexistent. Marine sector experiences cyber-attacks and threats every day rendering the protection of its critical infrastructure of paramount importance.
Given that the bulk of the world trade is carried by the maritime transportation system (MTS), the fact that cyber security awareness and accountability is low to non-existent in marine environments and the increasing levels of cyber attacks against shipping industry, evidence that there are indeed real risks and significant impacts that could afflict the efficient functioning of global economy. The number of incidents that have been exposed publicly is just a small sample of the actual attacks happening every day. Therefore, a really big challenge arises that behooves the maritime community to rapidly address the emergency of these threats by taking countermeasures in order to improve its cyber security consciousness and resilience and ensure the ICT robustness against cyber attacks.
The aims of this thesis are to examine and form a theory related to cybersecurity of IT infrastructure employed by maritime, in particular ships. Moreover, the thesis aims to investigate and expose vulnerabilities of systems and tries to estimate the consequences of potential cyber-attacks against ships. Finally, a potential solution to these issues is provided as a proposed system, which can address more effectively the cybersecurity weaknesses in vessels.
This thesis follows two approaches to attain the aims and objectives. At first, an extensive problem solving process, which is thoroughly explained and reflected in the literature review and evaluation of similar systems chapters where the lowdown of the topic is presented. Gradually, more complex issues regarding ships’ ICT infrastructure and cyber-physical systems are described. Furthermore, a plethora of recommendations and guidelines is provided aiming at strengthening cyber resilience on vessels, covering the current gaps and weaknesses and mitigating the overall risk as well.
The second approach is a more practical one providing a software engineering aspect and finally a product. The objective is to devise and design a solution consisting of a combination of different parts and integrated components, which will be able to enhance vessels’ cybersecurity. Hence, a solution that will perform scheduled vulnerability scans and ICT infrastructure assessment will be designed and presented.
Theodoros Efstathiou, Marine ICT Engineer