• Title/Summary/Keyword: Maritime Cyber Security System

Search Result 33, Processing Time 0.021 seconds

Integrated Ship Cybersecurity Management as a Part of Maritime Safety and Security System

  • Melnyk, Oleksiy;Onyshchenko, Svitlana;Pavlova, Nataliia;Kravchenko, Oleksandra;Borovyk, Svitlana
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.3
    • /
    • pp.135-140
    • /
    • 2022
  • Scientific and technological progress is also fundamental to the evolving merchant shipping industry, both in terms of the size and speed of modern ships and in the level of their technical capabilities. While the freight performance of ships is growing, the number of crew on board is steadily decreasing, as more work processes are being automated through the implementation of information technologies, including ship management systems. Although there have been repeated appeals from international maritime organizations to focus on building effective maritime security defenses against cyber attacks, the problems have remained unresolved. Owners of shipping companies do not disclose information about cyberattack attempts or incidents against them due to fear of commercial losses or consequences, such as loss of image, customer and insurance claims, and investigations by independent international organizations and government agencies. Issues of cybersecurity of control systems in the world today have gained importance, due to the fact that existing threats concern not only the security of technical means and devices, but also issues of environmental safety and safety of life at sea. The article examines the implementation of cyber risk management in the shipping industry, providing recommendations for the safe ship operation and its systems in order to improve vulnerability to external threats related to cyberattacks, and to ensure the safety and security of such a technical object as a seagoing ship.

A Study on Cyber Security Requirements of Ship Using Threat Modeling (위협 모델링을 이용한 선박 사이버보안 요구사항 연구)

  • Jo, Yong-Hyun;Cha, Young-Kyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.29 no.3
    • /
    • pp.657-673
    • /
    • 2019
  • As various IT and OT systems such as Electronic Chart Display and Information System and Automatic Identification System are used for ships, security elements that take into account even the ship's construction and navigation environment are required. However, cyber security research on the ship and shipbuilding ICT equipment industries is still lacking, and there is a lack of systematic methodologies through threat modeling. In this paper, the Data Flow Diagram was established in consideration of stakeholders approaching the ship system. Based on the Attack Library, which collects the security vulnerabilities and cases of ship systems, STRIDE methodologies and threat modeling using the Attack Tree are designed to identify possible threats from ships and to present ship cyber security measures.

Cyber Threat and Vulnerability Analysis-based Risk Assessment for Smart Ship

  • Jeoungkyu Lim;Yunja Yoo
    • Journal of the Korean Society of Marine Environment & Safety
    • /
    • v.30 no.3
    • /
    • pp.263-274
    • /
    • 2024
  • The digitization of ship environments has increased the risk of cyberattacks on ships. The smartization and automation of ships are also likely to result in cyber threats. The International Maritime Organization (IMO) has discussed the establishment of regulations at the autonomous level and has revised existing agreements by dividing autonomous ships into four stages, where stages 1 and 2 are for sailors who are boarding ships while stages 3 and 4 are for those not boarding ships. In this study, the level of a smart ship was classified into LEVELs (LVs) 1 to 3 based on the autonomous levels specified by the IMO. Furthermore, a risk assessment for smart ships at various LVs in different risk scenarios was conducted The cyber threats and vulnerabilities of smart ships were analyzed by dividing them into administrative, physical, and technical security; and mitigation measures for each security area were derived. A total of 22 cyber threats were identified for the cyber asset (target system). We inferred that the higher the level of a smart ship, the greater the hyper connectivity and the remote access to operational technology systems; consequently, the greater the attack surface. Therefore, it is necessary to apply mitigation measures using technical security controls in environments with high-level smart ships.

Importance-Performance Analysis (IPA) of Cyber Security Management: Focused on ECDIS User Experience

  • Park, Sangwon;Chang, Yeeun;Park, Youngsoo
    • Journal of the Korean Society of Marine Environment & Safety
    • /
    • v.27 no.3
    • /
    • pp.429-438
    • /
    • 2021
  • The mandatory installation of the ECDIS (Electronic Chart Display and Information System) became an important navigational equipment for navigation officer. In addition, ECDIS is a key component of the ship's digitalization in conjunction with various navigational equipment. Meanwhile, cyber-attacks emerge as a new threat along with digitalization. Damage caused by cyber-attacks is also reported in the shipping sector, and IMO recommends that cybersecurity guidelines be developed and included in International Security Management (ISM). This study analyzed the cybersecurity hazards of ECDIS, where various navigational equipment are connected. To this end, Importance-Performance Analysis (IPA) was conducted on navigation officer using ECDIS. As a result, the development of technologies for cyber-attack detection and prevention should be priority. In addition, policies related to 'Hardware and Software upgrade', 'network access control', and 'data backup and recovery' were analyzed as contents to be maintained. This paper is significant in deriving risk factors from the perspective of ECDIS users and analyzing their priorities, and it is necessary to analyze various cyber-attacks that may occur on ships in the future.

"An Analysis Study of Factors for Strengthening Cybersecurity at the Busan Port Container Terminal (부산항 컨테이너 터미널 사이버 보안 강화를 위한 요인 분석연구)

  • Do-Yeon Ha;Yul-Seong Kim
    • Proceedings of the Korean Institute of Navigation and Port Research Conference
    • /
    • 2023.11a
    • /
    • pp.64-65
    • /
    • 2023
  • The purpose of this study was to assess the current status of cyber security at the Busan Port container terminal and derive strengthening factors through exploratory research. In recent years, the maritime industry has actively adopted Fourth Industrial Revolution technologies, resulting in changes in the form of ports, such as automated and smart terminals. While these changes have brought positive improvements in port efficiency, they have also increased the potential for cyber security incidents and threats, including information leakage through cargo handling equipment and ransomware attacks leading to terminal operations disruption. Especially in the case of ports, cyber security threats can have not only local effects within the port but also physical damage and implications for national security. However, despite the growing cyber security threats within ports, research related to domestic port cyber security remains limited. Therefore, this study aimed to identify factors for enhancing cyber security in ports and derive future enhancement strategies. The study conducted an analysis focusing on the Busan Port container terminal, which is one of the leading ports in South Korea actively adopting Fourth Industrial Revolution technologies, and conducted a survey of stakeholders in the Busan Port container terminal. Subsequently, exploratory factor analysis was used to derive strengthening factors. This study holds significance in providing directions for enhancing cyber security in domestic container ports in the future.

  • PDF

Exploratory Study on Enhancing Cyber Security for Busan Port Container Terminals (부산항 컨테이너 터미널 사이버 보안 강화를 위한 탐색적 연구)

  • Do-Yeon Ha;Yul-Seong Kim
    • Journal of Navigation and Port Research
    • /
    • v.47 no.6
    • /
    • pp.437-447
    • /
    • 2023
  • By actively adopting technologies from the Fourth Industrial Revolution, the port industry is trending toward new types of ports, such as automated and smart ports. However, behind the development of these ports, there is an increasing risk of cyber security incidents and threats within ports and container terminals, including information leakage through cargo handling equipment and ransomware attacks leading to disruptions in terminal operations. Despite the necessity of research to enhance cyber security within ports, there is a lack of such studies in the domestic context. This study focuses on Busan Port, a representative port in South Korea that actively incorporates technology from the Fourth Industrial Revolution, in order to discover variables for improving cyber security in container terminals. The research results categorized factors for enhancing cyber security in Busan Port's container terminals into network construction and policy support, standardization of education and personnel training, and legal and regulatory factors. Subsequently, multiple regression analysis was conducted based on these factors, leading to the identification of detailed factors for securing and enhancing safety, reliability, performance, and satisfaction in Busan Port's container terminals. The significance of this study lies in providing direction for enhancing cyber security in Busan Port's container terminals and addressing the increasing incidents of cyber security attacks within ports and container terminals.

Verification of VIIRS Data using AIS data and automatic extraction of nigth lights (AIS 자료를 이용한 VIIRS 데이터의 야간 불빛 자동 추출 및 검증)

  • Suk Yoon;Hyeong-Tak Lee;Hey-Min Choi;;Jeong-Seok Lee;Hee-Jeong Han;Hyun Yang
    • Proceedings of the Korean Institute of Navigation and Port Research Conference
    • /
    • 2023.05a
    • /
    • pp.104-105
    • /
    • 2023
  • 해양 관측과 위성 원격탐사를 이용하여 시공간적으로 다양하게 변하는 생태 어장 환경 및 선박 관련 자료를 획득할 수 있다. 이번 연구의 주요 목적은 야간 불빛 위성 자료를 이용하여 광범위한 해역에 대한 어선의 위치 분포를 파악하는 딥러닝 기반 모델을 제안하는 것이다. 제안한 모델의 정확성을 평가하기 위해 야간 조업 어선의 위치를 포함하고 있는 AIS(Automatic Identification System) 정보와 상호 비교 평가 하였다. 이를 위해, 먼저 AIS 자료를 획득 및 분석하는 방법을 소개한다. 해양안전종합시스템(General Information Center on Maritime Safety & Security, GICOMS)으로부터 제공받은 AIS 자료는 동적정보와 정적정보로 나뉜다. 동적 정보는 일별 자료로 구분되어있으며, 이 정보에는 해상이동업무식별번호(Maritime Mobile Service Identity, MMSI), 선박의 시간, 위도, 경도, 속력(Speed over Ground, SOG), 실침로(Course over Ground, COG), 선수방향(Heading) 등이 포함되어 있다. 정적정보는 1개의 파일로 구성되어 있으며, 선박명, 선종 코드, IMO Number, 호출부호, 제원(DimA, DimB, DimC, Dim D), 홀수, 추정 톤수 등이 포함되어 있다. 이번 연구에서는 선박의 정보에서 어선의 정보를 추출하여 비교 자료로 사용하였으며, 위성 자료는 구름의 영향이 없는 깨끗한 날짜의 영상 자료를 선별하여 사용하였다. 야간 불빛 위성 자료, 구름 정보 등을 이용하여 야간 조업 어선의 불빛을 감지하는 심층신경망(Deep Neural Network; DNN) 기반 모델을 제안하였다. 본 연구의결과는 야간 어선의 분포를 감시하고 한반도 인근 어장을 보호하는데 기여할 것으로 기대된다.

  • PDF

Artificial Intelligence for Autonomous Ship: Potential Cyber Threats and Security (자율 운항 선박의 인공지능: 잠재적 사이버 위협과 보안)

  • Yoo, Ji-Woon;Jo, Yong-Hyun;Cha, Young-Kyun
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.32 no.2
    • /
    • pp.447-463
    • /
    • 2022
  • Artificial Intelligence (AI) technology is a major technology that develops smart ships into autonomous ships in the marine industry. Autonomous ships recognize a situation with the information collected without human judgment which allow them to operate on their own. Existing ship systems, like control systems on land, are not designed for security against cyberattacks. As a result, there are infringements on numerous data collected inside and outside the ship and potential cyber threats to AI technology to be applied to the ship. For the safety of autonomous ships, it is necessary to focus not only on the cybersecurity of the ship system, but also on the cybersecurity of AI technology. In this paper, we analyzed potential cyber threats that could arise in AI technologies to be applied to existing ship systems and autonomous ships, and derived categories that require security risks and the security of autonomous ships. Based on the derived results, it presents future directions for cybersecurity research on autonomous ships and contributes to improving cybersecurity.

Optimal Route Planning for Maritime Autonomous Surface Ships Using a Nonlinear Model Predictive Control

  • Daejeong Kim;Zhang Ming;Jeongbin Yim
    • Journal of Navigation and Port Research
    • /
    • v.47 no.2
    • /
    • pp.66-74
    • /
    • 2023
  • With the increase of interest in developing Maritime Autonomous Surface Ships (MASS), an optimal ship route planning is gradually gaining popularity as one of the important subsystems for autonomy of modern marine vessels. In the present paper, an optimal ship route planning model for MASS is proposed using a nonlinear MPC approach together with a nonlinear MMG model. Results drawn from this study demonstrated that the optimization problem for the ship route was successfully solved with satisfaction of the nonlinear dynamics of the ship and all constraints for the state and manipulated variables using the nonlinear MPC approach. Given that a route generation system capable of accounting for nonlinear dynamics of the ship and equality/inequality constraints is essential for achieving fully autonomous navigation at sea, it is expected that this paper will contribute to the field of autonomous vehicles by demonstrating the performance of the proposed optimal ship route planning model.

A Study about the Direction and Responsibility of the National Intelligence Agency to the Cyber Security Issues (사이버 안보에 대한 국가정보기구의 책무와 방향성에 대한 고찰)

  • Han, Hee-Won
    • Korean Security Journal
    • /
    • no.39
    • /
    • pp.319-353
    • /
    • 2014
  • Cyber-based technologies are now ubiquitous around the glob and are emerging as an "instrument of power" in societies, and are becoming more available to a country's opponents, who may use it to attack, degrade, and disrupt communications and the flow of information. The globe-spanning range of cyberspace and no national borders will challenge legal systems and complicate a nation's ability to deter threats and respond to contingencies. Through cyberspace, competitive powers will target industry, academia, government, as well as the military in the air, land, maritime, and space domains of our nations. Enemies in cyberspace will include both states and non-states and will range from the unsophisticated amateur to highly trained professional hackers. In much the same way that airpower transformed the battlefield of World War II, cyberspace has fractured the physical barriers that shield a nation from attacks on its commerce and communication. Cyberthreats to the infrastructure and other assets are a growing concern to policymakers. In 2013 Cyberwarfare was, for the first time, considered a larger threat than Al Qaeda or terrorism, by many U.S. intelligence officials. The new United States military strategy makes explicit that a cyberattack is casus belli just as a traditional act of war. The Economist describes cyberspace as "the fifth domain of warfare and writes that China, Russia, Israel and North Korea. Iran are boasting of having the world's second-largest cyber-army. Entities posing a significant threat to the cybersecurity of critical infrastructure assets include cyberterrorists, cyberspies, cyberthieves, cyberwarriors, and cyberhacktivists. These malefactors may access cyber-based technologies in order to deny service, steal or manipulate data, or use a device to launch an attack against itself or another piece of equipment. However because the Internet offers near-total anonymity, it is difficult to discern the identity, the motives, and the location of an intruder. The scope and enormity of the threats are not just focused to private industry but also to the country's heavily networked critical infrastructure. There are many ongoing efforts in government and industry that focus on making computers, the Internet, and related technologies more secure. As the national intelligence institution's effort, cyber counter-intelligence is measures to identify, penetrate, or neutralize foreign operations that use cyber means as the primary tradecraft methodology, as well as foreign intelligence service collection efforts that use traditional methods to gauge cyber capabilities and intentions. However one of the hardest issues in cyber counterintelligence is the problem of "Attribution". Unlike conventional warfare, figuring out who is behind an attack can be very difficult, even though the Defense Secretary Leon Panetta has claimed that the United States has the capability to trace attacks back to their sources and hold the attackers "accountable". Considering all these cyber security problems, this paper examines closely cyber security issues through the lessons from that of U.S experience. For that purpose I review the arising cyber security issues considering changing global security environments in the 21st century and their implications to the reshaping the government system. For that purpose this study mainly deals with and emphasis the cyber security issues as one of the growing national security threats. This article also reviews what our intelligence and security Agencies should do among the transforming cyber space. At any rate, despite of all hot debates about the various legality and human rights issues derived from the cyber space and intelligence service activity, the national security should be secured. Therefore, this paper suggests that one of the most important and immediate step is to understanding the legal ideology of national security and national intelligence.

  • PDF