Risk sensitivity analysis of AIS cyber security through maritime cyber regulatory frameworks
Date
2023-12-21Author
Subject
Metadata
Show full item recordAbstract
Given the increasing frequency and sophistication of methods and strategies employed in cyberattacks, cyber resilience has become a basic notion of cyber risk management. To be cyber-resilient against cyber risks, shipping companies must be proactive in establishing and implementing actions, constructing effective strategies, and adopting mitigation methods to strengthen their assets. However, shipping companies have only lately tended to fully recognize the necessity for a cybersecurity perspective to enable effective cyber risk management and mitigation of increasing cyberattacks. Aside from deficiencies in system design, integration, or maintenance, human factors are the prime weakness that potentially jeopardizes the ship's cybersecurity by simply making intentional or unintentional errors, revealing critical information, or generating entry points for attackers. Therefore, the current study aims to conduct a quantitative human risk assessment based on the SOHRA method, which is integrated with the NIST cybersecurity framework, to provide ships with the ability to be cyber resilient, and respond to and recover from cyber-attacks. The AIS has been considered for the research application not only because it is one of the most vulnerable systems on board a ship, but also because modifying and breaching the AIS data might have disastrous outcomes. The study results clearly indicate that the most likely error related to AIS cybersecurity risk occurs in the tasks defined under the "protect", "respond", "detect", "identify", and "recover" functions. Accordingly, suitable control and preventative measures have been developed to guarantee high-level cyber security for AIS and to provide cyber resilience and the structure for constructive decision-making by integrating various international standards, which include system security requirements and security levels for industrial communication networks, specifically with the IACS and NIST framework for the AIS cyber security.
Collections
Publisher
Journal
Volume
Pagination
Number
Recommended, similar items
The following license files are associated with this item:
Related items
Showing items related by title, author, creator and subject.
-
Determining Maritime Cyber Security Dynamics and Development of Maritime Cyber Risk Check List for Ships
Kayisoglu, Gizem; Bolat, Pelin; Tam, Kimberly (University of Plymouth, 2022-10-20)The digitalization in maritime industry rises integration of the information and operational technologies on the vessels. The high level of connectivity and the rising of digitalization in maritime sector increase the ... -
Cyber-SHIP: Developing Next Generation Maritime Cyber Research Capabilities
Tam, Kimberly; Jones, Kevin (University of Plymouth, 2019-10)As a growing global threat, cyber-attacks can cost millions of dollars or endanger national stability and human lives. While relatively well understood in most sectors, it is becoming clear that, although the maritime ... -
Cyber-SHIP: Developing Next Generation Maritime Cyber Research Capabilities
Tam, K; Forshaw, K; Jones, Kevin (IMarEST, 2019-11-05)<jats:p> As a growing global threat, cyber-attacks can cost millions of dollars or endanger national stability and human lives. While relatively well understood in most sectors, it is becoming clear that, although ...