Skip to main content Accessibility help
×
Home

Towards a Cyber Secure Shipboard Radar

  • Boris Svilicic (a1), Igor Rudan (a1), Vlado Frančić (a1) and Djani Mohović (a1)

Abstract

This paper presents a comparative cyber security resilience estimation of shipboard radars that are implemented on two oil/chemical tankers certified as SOLAS ships. The estimated radars were chosen from the same manufacturer, but belonged to different generations. The estimation was conducted by means of ships' crew interviews and computational testing of the radars using a widely deployed vulnerability scanning software tool. The identified cyber threats were analysed qualitatively in order to gain a holistic understanding of cyber risks threatening shipboard radar systems. The results obtained experimentally indicate that potential cyber threats mainly relate to maintenance of the radars' underlying operating system, suggesting the need for regulatory standardisation of periodic cyber security testing of radar systems.

Copyright

Corresponding author

References

Hide All
BIMCO. (2017). The guidelines on cyber security onboard ships. Version 2.0. BIMCO, CLIA, ICS, INTERCARGO, INTERTANKO, OCIMF and IUMI.
DNV-GL. (2016). Cyber security resilience management for ships and mobile offshore units in operation. DNVGL-RP-0496. DNV-GL.
Fernández-Hernández, I., Châtre, E., Chiara, A. D., Da Broi, G., Pozzobon, O., Fidalgo, J., Odriozola, M., Moreno, G., Sturaro, S., Caparra, G., Laurenti, N. and Rijmen, V. (2018). Impact analysis of SBAS authentication. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 65, 517532.
Hareide, O. S., Jøsok, Ø., Lund, M. S., Ostnes, R. and Helkala, K. (2018). Enhancing navigator competence by demonstrating maritime cyber security. Journal of Navigation, 71, 10251039.
International Electrotechnical Commission (IEC). (2018). Maritime navigation and radio communication equipment and systems - Digital interfaces - Part 460: Multiple talkers and multiple listeners – Ethernet interconnection - Safety and Security. IEC 61162-460:2018. RLV International Electrotechnical Commission.
International Maritime Organization (IMO). (2004). Adoption of the Revised Performance Standards for Radar Equipment. MSC.192(79). International Maritime Organization.
International Maritime Organization (IMO). (2017a). Guidelines on maritime cyber risk management. MSC-FAL.1/Circ.3. International Maritime Organization.
International Maritime Organization (IMO). (2017b). Maritime Cyber Risk Management in Safety Management Systems. MSC 98/23/Add.1. International Maritime Organization.
Lee, Y. C., Park, S. K., Lee, W. K. and Kang, J. (2017). Improving cyber security awareness in maritime transport: Aa way forward. Journal of the Korean Society of Marine Engineering, 41, 738745.
Lewis, S., Maynard, L., Chow, C. E. and Akos, D. (2018). Secure GPS data for critical infrastructure and key resources: cross-layered integrity processing and alerting service. NAVIGATION, Journal of The Institute of Navigation, 65, 389403.
Microsoft. (2017). Microsoft Security Bulletin MS17-010 - Critical. https://technet.microsoft.com/library/security/ MS17-010.
Microsoft. (2019). Microsoft: Search product lifecycle. https://support.microsoft.com/en-us/lifecycle.
National Institute of Standards and Technology (NIST). (2018). Framework for Improving Critical Infrastructure Cybersecurity. Version 1.1. National Institute of Standards and Technology.
Nessus. (2019). Tenable Products: Nessus Professional. https://www.tenable.com/products/nessus/nessus-professional.
Oil Companies International Marine Forum (OCIMF). (2019). Ship Inspection Report (SIRE) Programme - Vessel Inspection Questionnaires for Oil Tankers, Combination Carriers, Shuttle Tankers, Chemical Tankers and Gas Tankers, Seventh Edition (VIQ 7). https://www.ocimf.org/media/127546/SIRE-Vessel-Inspection-Questionnaire-VIQ-Ver-7007.pdf.
Polatid, N., Pavlidis, M. and Mouratidis, H. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards and Interfaces, 59, 7482.
Shapiro, L. R., Maras, M.-H., Velotti, L., Pickman, S., Wei, H.-L. and Till, R. (2018). Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Journal of Transportation Security, 8, 119.
Svilicic, B., Kamahara, J., Rooks, M. and Yano, Y. (2019). Maritime cyber risk management: an experimental ship assessment. Journal of Navigation, in press. doi:0.1017/S0373463318001157
Swiss Government Computer Emergency Response Team (CERT CH). (2017). Notes About The NotPetya Ransomware. https://www.govcert.admin.ch/blog/32/notes-about-the-notpetya-ransomware#.
Tam, K. and Jones, K. (2019). MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs, in press. doi:10.1007/s13437-019-00162-2
United States Computer Emergency Readiness Team. (CERT US). (2017). Alert (TA17-181A) Petya Ransomware. https://www.us-cert.gov/ncas/alerts/TA17-181A.

Keywords

Towards a Cyber Secure Shipboard Radar

  • Boris Svilicic (a1), Igor Rudan (a1), Vlado Frančić (a1) and Djani Mohović (a1)

Metrics

Altmetric attention score

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed