Professional Documents
Culture Documents
MaritimeCyberSecuritySecuringtheDigitalSeaways
MaritimeCyberSecuritySecuringtheDigitalSeaways
net/publication/273292020
CITATIONS READS
15 8,354
1 author:
Hugh Boyes
The University of Warwick
18 PUBLICATIONS 1,631 CITATIONS
SEE PROFILE
All content following this page was uploaded by Hugh Boyes on 30 April 2019.
Abstract: Maritime transport is critical to the global economy. In a competitive environment, the industry is
constantly seeking economies of scale and efficiencies. This has led to the introduction of larger vessels and
an increasing use of IT to achieve greater automation, both in ports and at sea. The technologies employed
are vulnerable to the same cyber-security threats as those in other sectors affecting commercial, production
and government systems. This paper reviews the threats in the maritime environment and examines the need
for increased awareness and protection of what are in effect maritime industrial control systems.
Keywords: maritime systems, port systems, cyber–physical systems, navigation systems, cyber-security
† Communications systems – These can range from mobile † Control systems [9], to manage and operate a wide range
radio, email and websites to specialist cargo-related messages of electro-mechanical systems, for example, the main engine,
to support cargo tracking and customs clearance. Some generators, ballast tanks, life support, fuel & oil pumps, water
communications may use fixed cable-based networks, but tight doors, fire alarm & control, cargo hold fans and
increasingly wireless networking technology is used to allow environmental control.
greater flexibility.
As illustrated by this range of systems, many ships have
† Business systems, including – Terminal Operation become complex computer-controlled platforms, where the
System (TOS), Container Terminal Management System operators have limited physical control over critical systems.
(CTMS) and traditional back office systems such as payroll The use of digital communications to link seaborne systems
and human resource systems. to shore-based applications means that the vessels are also
part of a hyper-connected world which is dominated by the
† Terminal automation systems, including scheduling Internet.
software covering vessels, yard equipment and maintenance.
These systems can be used to optimise the use of berths,
cranes and yards to ensure efficient and timely turnaround
2.3 Technology convergence and
of vessels. cyber–physical systems
The use of electronics for navigation, communications and
† Ports also make extensive use of control systems for cranes, control is not new. Ship borne radar was developed
yard equipment, remote monitoring of equipment, building following the Second World War, and maritime radio was
management and to control gates and access to buildings. in use prior to that. Electrical and electronic control
Some ports are now using driverless cranes and other systems are both well-established technologies and the
vehicles to enable automated handling of containers. systems were often designed or customised for specific
applications and vessels. However, there has been a move
These port systems are increasingly used in an integrated to use commercially available technologies in
fashion. For example, to enable automated container communications and control systems rather than
terminal entry, where an ANPR system reads the vehicle undertaking bespoke developments. This has the benefit of
number plate and optical character recognition (OCR) is reducing development times and cost, but the result is that
used to read the container number. The system checks the the systems are based on similar technologies and operating
vehicle and container identities against pre-booked delivery systems to those found in our personal and office IT systems.
schedules and allows access to the site to approved vehicles
and containers. Imaging systems may also be used to detect The maritime systems described in the preceding sections
container damage prior to its entry to the terminal. If any are effectively cyber – physical systems. They are computer-
damage is detected the system can alert terminal staff to based (cyber) systems which embed a combination of
investigate prior to further handling of the container. sensors, processors and actuators in the real world to
manage or control specific outcomes. Whilst there are
many similarities between conventional data processing and
2.2 Use of IT on ships cyber – physical systems, there are also some significant
Information technology is extensively used on ships. For differences. Two critical differences are:
example in the cruise industry, vessels in the Carnival
Cruise Line OASIS class are equipped with 900+ wireless † cyber – physical systems are control systems working in
access points, 30 000+ IP ports and 1200 wireless phones real-time to influence physical outcomes in the real world; and
linked by 600 000 m of fibre cable and 44 network
switching locations [6]. † there can be serious physical consequences arising from
failure or malfunction of a cyber – physical system,
More generally there is extensive use of IT-based seaborne potentially including loss of life, damage to property,
systems to support vessel automation, including [5]: pollution and environmental harm.
When examining dependencies it is worth considering the An assessment of the cyber-security risks to maritime
findings from a review of major mishaps and accidents [28]. transport systems needs to consider the impact of threats
This revealed that incidents have several characteristics in from the above four groups.
common, including:
[5] MCCARTHY C .: ‘Department of Homeland Security [16] ZARAGOZA S. : ‘Humphreys Research Group successfully
Control Systems Security Program – Transportation spoofs an $80 million Yacht at sea’. University of Texas,
Sector’. Available online at: http://www.cruising.org/sites/ Cockrell School of Engineering. Available online at: http://
default/files/leadershipforum2012/Trends%20p2% www.ae.utexas.edu/news/archive/2013-news-archive/
20Ben%20Shore%20CLIA%2014%20Nov.pdf. Last accessed: humphreys-research-group-successfully-spoofs-an-80-
16 September 2013, (2012) million-yacht-at-sea, Last accessed: 16 September 2013,
(2013)
[6] IET Sector Insights: ‘Global challenges in maritime
security’. Institution of Engineering and Technology. [17] GREENE S.S.: ‘Security policies and procedures’ (Pearson
Available online at: http://www.theiet.org/sectors/ Education, 2006)
transport/maritime-security.cfm. Last accessed: 16
September 2013, (2013) [18] NIST: ‘Trustworthy Information Systems’. Available:
http://www.nist.gov/itl/tis/. Last accessed: 16 September
[7] Rolls Royce: ‘Positioning systems’. Available online at: 2013, (2009)
http://www.rolls-royce.com/marine/products/automation_
control/positioning_systems/index.jsp. Last accessed: 16 [19] Trustworthy Software Initiative: ‘The name’. Available:
September 2013, (2013) http://www.uk-tsi.org/. Last accessed: 16 September 2013,
(2013)
[8] Rolls Royce: ‘Integrated bridge systems’. Available
online at: http://www.rolls-royce.com/marine/products/ [20] MITROPOULOS E.E.: ‘Nor-Shipping Conference – What’s
automation_control/integrated_bridge_systems/index.jsp. next, IMO?’ In Nor-Shipping Conference, Oslo, 24 May
Last accessed: 16 September 2013, (2013) 2011, Oslo. Available online at: http://www.imo.org/
MediaCentre/SecretaryGeneral/SpeechesByTheSecretary
[9] Rolls Royce: ‘Automation systems’. Available online at: General/Pages/Nor.aspx. Last accessed: 16 September
http://www.rolls-royce.com/marine/products/ 2013, (2011)