Journal of the Institute of Convergence Signal Processing (융합신호처리학회논문지)

The Korea Institute of Convergence Signal Processing (한국융합신호처리학회)
권호 표지
DOI QR코드

DOI QR Code

Maritime Cyber Security Issues and Risk Management Trends

해양 사이버 보안사고 및 위험 관리 사항 동향

  • Dong-Woo Kang (KOREA RESEARCH INSTITUTE OF SHIPS & OCEAN ENGINEERING) ;
  • Ki-Hwan Kim (Department of Computer Engineering, International Collage, Dongseo University) ;
  • Young-Sil Lee (Department of Computer Engineering, International Collage, Dongseo University)
  • 강동우 (한국해양과학기술원 부설 선박해양플랜트연구소) ;
  • 김기환 (동서대학교 International Collage) ;
  • 이영실 (동서대학교 International Collage)
  • Received : 2022.12.01
  • Accepted : 2022.12.10
  • Published : 2022.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The International Maritime Organization, which is in charge of the international maritime environment and ship safety, has rapidly promoted cyber systems for international dimension agreement and efficiency improvement and improved nautical efficiency. Nevertheless, maritime cyber system attacks still occur every year, and in particular, the number of international maritime cyber security incidents in 2021 appeared to increase sharply compared to 2020. This paper discusses the areas that should be taken into account in order to reduce the increasing sophistication of maritime cyber security. To this end, we will look at typical cases of cyber attacks that have increased sharply in 2021 and analyze the causes of the continuous occurrence of maritime cyber security incidents. In addition, we present several cyber system proposals regarding the current state of maritime cyber systems and the solutions to the problems they face, as well as the matters to be addressed for future maritime cyber systems that will be advanced.

국제 해사 환경과 선박 안전을 담당하는 국제해사기구는 국제적 차원 합의와 효율성 향상을 위해 사이버 시스템을 빠르게 추진하여 항해 효율성을 향상시켰다. 그럼에도 불구하고 매년 해양 사이버 시스템 공격 여전히 발생하고 있으며, 특히 2021년 국제 해양 사이버 보안 사고가 2020년과 비교하여 급증하는 양상을 보였다. 본 논문에서는 고도화될 해양 사이버 보안을 강하시키기 위해 고려해야 할 부분을 살펴본다. 이를 위해 2021년 급증한 사이버 공격 사례 중 대표적인 사례를 살펴보고 지속적으로 해양 사이버 보안 사고가 발생하는 원인을 분석한다. 또한, 현존하는 해양 사이버 시스템의 상황과 직면한 문제들에 대하여 해결방안과 고도화될 미래 해양 사이버 시스템을 위해 조치해야 할 사항에 대하여 몇 가지 사이버 체계 방안을 제시한다.

Keywords

Acknowledgement

본 논문은 2022년 해양수산부 재원으로 해양수산과학기술진흥원의 지원을 받아 수행된 연구임 (해양 디지털 항로표지 정보협력시스템 개발(2/5) (20210650))

References

  1. United Nations Conference on Trade and Development, (2021), Review of Maritime Transport 2021, [Online]. Available: https://unctad.org/system/files/official- document/rmt2021_en_0.pdf
  2. United Nations Conference on Trade and Development, (2020), Review of Maritime Transport 2020, [Online]. Available: https:unctad.orgwebflyerreview-maritimetransport-2020.
  3. Allianz, (2020), Safety and Shipping Review, Munich, [Online]. Available: https://www.agcs.allianz.com/content/damonemarketingagcsagcsreportsAGCS-Safety-Shipping-Review-2020.pdf
  4. ENISA, (2011), Analysis of cyber security aspects in the maritime sector. [Online]. Available: https://www.enisa.europa.eu/publications/cyber-securityaspects-in-the-maritime-sector-1/at_download/fullReport
  5. Future nautics, (2015), Crew Connectivity Survey Report 2015, Future nautics Ltd. [Online]. Available: http://www.navarino.co.uk/wp-content/uploads/2018/04/Crew_Connectivity_2018_Survey_Report.pdf
  6. J. I. Alcaide, R. G. Llave, "Critical infrastructures cybersecurity and the maritime sector," Transportation Research Procedia, 2020, pp. 547-554. Available: https://www.sciencedirect.com/science/article/pii/S2352146520302209
  7. H. H. Kim, J. G. Song, Analysis of IoT Security in Wi-Fi 6, The Korea Institute of Convergence Signal Processing, 22(1), 2021, pp. 38-44. Available: https://www.kci.go.kr/kciportal/ci/sereArticleSearch/ciSereArtiView.kci?sereArticleSearchBean.artiId=ART002702545
  8. OFFSHORE ENERGY, (2021) South African port operator Transnet hit by cyber attack, [Online]. Available: https://www.offshore-energy.biz/south- african-port-operator-transnet-hit-by-cyber-attack/
  9. PORT of HOUSTON, (2021) Statement regarding Recent Cybersecurity Attack [Online]. Available: https://porthouston.com/wp-content/uploads/Port-Houston-Statement-_-Cybersecurity-Attack-Thwarted_-Sept-23-2021-_Final-.pdf
  10. SHIP TECHNOLOGY, (2021), CMA CGM reports another cyberattack targeting customer data. [Online]. Available: https://www.ship-technology.com/news/cma-cgm-reports-another-cyberattack/
  11. THE DAILY SWING, (2021) Maritime giant Swire Pacific Offshore suffers data breach following cyber-attack. [Online]. Available: https://portswigger.net/daily-swig/maritime-giant-swire-pacific-offshore-suffers-data-breach-following-cyber-attack
  12. THE MARITIME EXECUTIVE, (2021), Cyberattack Hits Multiple Greek Shipping Firms. [Online]. Available: https://www.maritime-executive.com/article/cyberattackhits-multiple-greek-shipping-firms
  13. CNBC, (2022) Hackers can bring ships and planes to a grinding halt. And it could become much more commo. [Online]. Available: https://www.cnbc.com//2022/06/27/hackers-can-now-bring-cargo-ships-and-planes-to-a-grinding-halt.html
  14. ARGON, (2021), 2021 Software Supply Chain Security Report [Online]. Available: https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Assets/Argon%20Security%20-%202021%20Software%20Supply%20Chain%20Security%20Report.pdf
  15. THE WHITE HOUSE, (2021), Executive Order on Improving the Nation's Cybersecurity. [Online]. Available: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executiveorder-on-improving-the-nations-cybersecurity/
  16. THE WHITE HOUSE, (2022), Readout of White House Meeting on Software Security. [Online]. Available: https://www.whitehouse.gov/briefing-room/statements-releases/2022/01/13/readout-of-white-house-meeting-on-software-security/
  17. K. H. Moussa, et al. Group Security Authentication and Key Agreement Protocol Built by Elliptic Curve Diffie Hellman Key Exchange for LTE Military Grade Communication, IEEE Access, 10, 2022, pp. 80352-80364. Available: https://ieeexplore.ieee.org/document/9845426 https://doi.org/10.1109/ACCESS.2022.3195304
  18. Micro, T. (2012). Spear-phishing email: Most favored APT attack bait. Trend Micro Incorporated Research Paper. [Online]. Available: https://media.kasperskycontenthub.com/wp-content/uploads/sites/62/2012/12/21145753/wp-spear-phishing-email-most-favored-apt-attack-bait-1.pdf