THE ISSUES OF ENHANCEMENT OF MARITIME TRANSPORT CYBERSECURITY: FOREIGN EXPERIENCE
DOI:
https://doi.org/10.32782/msd/2023.1.10Keywords:
maritime transport, cyber security, cyber threats, cyber attacks, cyber risks, vulnerabilities, detection and protection measures.Abstract
An analysis of modern national publications shows that, although in Ukraine considerable attention is being payed to the general organization of maritime transport security, the due interest has not yet been shown to the new important area, such as the maritime transport cybersecurity. Therefore, the article touches upon the best practices in organizing the cybersecurity of marine ships. The assertion that the general danger of maritime transport has increased significantly in recent years is based on the facts of the introduction of information technology into the operational technologies of maritime transport. The bottom line is that information technology is closely linked to the Internet, and this is what, in the first place, makes the operational technologies of maritime transport open to deliberate external interference, which, according to experts, can provide external control of the vessel with the aim of capsizing, colliding or causing environment disaster. The general concern of the leading maritime states about the situation is confirmed by a number of documents, such as Resolution of the Maritime Security Committee MSC.428 (98), adopted on June 16, 2017 and requiring member states to take into account the management of cyber risks. The paper analyzes a typical approach to the development of an action plan for the organization of maritime cybersecurity on board a ship. The preliminary preparation steps are considered, ranging from updating passwords and software to training the team. It is indicated that today, all over the world, the direct development of such a plan is recommended to be carried out on the basis of the “The Guidelines on Cyber Security onboard Ships”, developed and supported by leading international organizations related to maritime transport operations. The plan created on the basis of this guide, in essence, is to manage cyber risks and boils down to the following: identifying internal and external threats, internal and external vulnerabilities; risk exposure assessment; development of measures to reduce these vulnerabilities; developing contingency plans; developing plans for recovery measures after cyber incidents. The general rise in the culture of personnel to a modern level is a necessary element of ensuring cybersecurity in maritime transport.
References
Судноплавна галузь виявилася беззахисною перед кіберзлочинцями. Logist.Fm. 23.03.2022. Сайт. URL: https://logist.fm/news/sudnoplavna-galuz-viyavilasya-bezzahisnoyu-pered-kiberzlochincyami (дата звернення: 26.03.2023).
Огляд подій в сфері кібербезпеки, Національний координаційних центр кібербезпеки. Cyber Digest. січень 2023. Підготовлено за підтримки Проєкту USAID «Кібербезпека критично важливої інфраструктури України». 2023. 42 с. URL: https://www.rnbo.gov.ua/files/2023/NKCK/Cyber%20digest_january_2023_fin.pdf (дата звернення: 26.03.2023).
Лісовська Ю.П. Кібербезпека: ризики та заходи: навч. посібник. Київ : Видавничий дім «Кондор», 2019. 272 с. Бурячок, В. Л. Інформаційна та кібербезпека: соціотехнічний аспект : підручник / за заг. ред. д-ра техн. наук, професора В.Б. Толубка. Київ : ДУТ, 2015. 288 с.
Бурячок В.Л. Інформаційна та кібербезпека: соціотехнічний аспект : підручник. Київ : ДУТ, 2015. 288 с.
Кібербезпека та інформаційні технології : монографія. Харків : ТОВ «ДІСА ПЛЮС», 2020. 380 с. URL: http://nauka.kntu.kr.ua/files/monograf_pz.pdf (дата звернення: 23.03.2023).
Лахно В.А. Підвищення кібербезпеки інформаційно-комунікаційних систем транспорту. Український науковий журнал з інформаційної безпеки. 2016, том. 22, випуск 1. С. 44–50. URL: file:///C:/Users/Admin/ Downloads/cyril,+9.pdf (дата звернення: 23.03.2023).
Akpan, F., Bendiab, G., Shiaeles, S. ,Karamperidis, S., Michaloliakos, M. Cybersecurity Challenges in the Maritime Sector. MDPI. 7 March 2022. Site. URL: https://www.mdpi.com/2673-8732/2/1/9 (дата звернення: 26.03.2023).
Allianz Risk Barometer. Top Business Risks for 2019. Allianz Global Corporate & Specialty. Site. URL: https:// www.assiteca.it/wp-content/uploads/2019/10/Allianz-Risk-Barometer-2019-1.pdf (дата звернення: 25.03.2023).
Coburn, A.W.; Daffron, J.; Smith, A.; Bordeau, J.; Leverett, É.; Sweeney, S.; Harvey, T.; 2018. Cyber Risk Outlook; Centre for Risk Studies, University of Cambridge, in collaboration with Risk Management Solutions, Inc. 2018. P. 33. URL: https:// www.jbs.cam.ac.uk/wp-content/uploads/2020/08/crs-cyber-risk-outlook-2018.pdf (дата звернення: 25.03.2023).
Neo, M. The Rising Threat of Maritime Cyber-attacks: Level of Maritime Cyber-security Preparedness along the Straits of Malacca and Singapore. Royal Australian Navy Sea Power. Issue 42, 2021. Р. 38. Site. URL: https:// www.navy.gov.au/sites/default/files/documents/Soundings_Papers_42_2021.pdf (дата звернення: 26.03.2023).
Harris, R. How Big a Problem is Maritime Cyber Security? Ocean Technology group. Сайт. URL: https:// oceantg.com/blog/the-problem-of-maritime-cyber-security/ (дата звернення: 25.23.2023).
Cybercrime. What does the most damage, losing data or trust? Ernst & Young. Site. URL: https://www.ey.com/ en_gl/financial-services/cybercrime-what-does-the-most-damage-losing-data-or-trust (дата звернення 23.03.2023).
The Government launches new Digitalisation Strategy. Ministry of Foreign Affairs of Denmark. InvestInDK 05.05.2022. Site. URL: https://investindk.com/insights/digitization-strategy (дата звернення: 23.03.2023).
The Principal Regulations Governing Maritime Safety. International Chamber of Shipping, Site, URL: https://www.ics-shipping.org/shipping-fact/safety-and-regulation-the-principal-regulations-governing-maritimesafety/. (дата звернення: 23.03.2023).
Maritime Cyber Risk Management in Safety Management Systems. Resolution MSC.428(98) Annex 10 (adopted on 16 June 2017). URL: https://wwwcdn.imo.org/localresources/en/OurWork/Security/Documents/Resolution% 20MSC.428(98).pdf. (дата звернення: 23.03.2023).
A Comprehensive Guide to Maritime Cybersecurity. MissionSecure.Com. Сайт. URL: https:// www.missionsecure.com/maritime-security-perspectives-for-a-comprehensive-approach (дата звернення: 25.23.2023).
The Guidelines on Cyber Security onboard Ships – Version 4. BIMCO. Site. URL: https:// www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships (дата звер- нення: 23.03.2023).
6 Common Ways Employees Compromise Enterprise Data Security ( And What You Can Do About It). VIRTRU. Site. URL: https://www.virtru.com/blog/enterprise-data-security (дата звернення: 23.03.2023).
Boyes, H., Isbell, R. Code of Practice. Cyber Security for Ships. London : Institution of Engineering and Technology, 2017. P. 73
Cybersecurity and Disaster Recovery Plan by Marine Digital. Marine Digital. Site. URL: https:// marine-digital.com/article_cybersecurity (дата звернення: 23.03.2023).
