Journal is indexed in following databases:
- SCOPUS
- Web of Science Core Collection - Journal Citation Reports
- EBSCOhost
- Directory of Open Access Journals
- TRID Database - Transportation Research Board
- Index Copernicus Journals Master List
- BazTech
- Google Scholar
2023 Journal Impact Factor - 0.7
2023 CiteScore - 1.4
ISSN 2083-6473
ISSN 2083-6481 (electronic version)
Editor-in-Chief
Associate Editor
Prof. Tomasz Neumann
Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
e-mail transnav@umg.edu.pl
Raising Awareness on Cyber Security of ECDIS
1 University of Rijeka, Rijeka, Croatia
Times cited (SCOPUS): 22
ABSTRACT: In the maritime transport, the Electronic Chart Display and Information System (ECDIS) has been developed into a complex computer-based ship critical operational technology system, playing central roles in the safe ship navigation and transport. While ECDIS software maintenance is regulated by the International Maritime Organization (IMO) ECDIS performance standards and related circulars, underlying software and hardware arrangements are implemented by ship-owners and supported by ECDIS equipment manufacturers. In this paper, we estimate ECDIS cyber security in order to study the origin of ECDIS cyber security risks. A set of ECDIS systems is examined using an industry-leading vulnerability scanning software tool, and cyber threats regarding the ECDIS backup arrangement, underlying operating system and third party applications are studied.
KEYWORDS: Risk Analysis, 1-2-3 Rule, ECDIS Software, Cyber Security, ECDIS Cyber Security, Critical Operational Technology, ECDIS Backup, ECDIS Cyber Threats
REFERENCES
Balduzzi, M., Pasta, A., Wilhoit, K. 2014. A security evaluation of AIS automated identification system. Proceedings of the 30th Annual Computer Security Applications Conference, pp 436-445, New Orleans, USA. - doi:10.1145/2664243.2664257
Burton, J. 2016. Cyber attacks and maritime situational awareness: Evidence from Japan and Taiwan. Proceedings of the 2016 International Conference on Cyber Situational Awareness, Data Analytics and Assessment, London, UK. - doi:10.1109/CyberSA.2016.7503295
Federal Cyber Emergency Team (CERT.be). 2018. Petya/NotPetya Malware - Report on worldwide infection. Available at: https://www.cert.be/files/CERTbe_Petya_NotPetya_Malware_E.pdf (10.12.2018).
Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., Helkala, K. 2018. Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. Journal of Navigation 71: 1025- 1039. - doi:10.1017/S0373463318000164
Hassani, V., Crasta, N., Pascoal, A.M. 2017. Cyber security issues in navigation systems of marine vessels from a control perspective. Proceedings of the International Conference on Ocean, Offshore Mechanics and Arctic Engineering, Trondheim, Norway. - doi:10.1115/OMAE2017-61771
International Hydrographic Organization (IHO) (2017). Information on IHO Standards related to ENC and ECDIS. Version 1.1. Monaco: IHO.
International Hydrographic Organization (IHO) (2018). Current IHO ECDIS and ENC Standards. Monaco: IHO.
International Maritime Organization (2006). MSC.232(82): Adoption of the revised performance standards for Electronic Chart Display and Information Systems (ECDIS). London: IMO.
International Maritime Organization (2009). MSC.282(86): Adoption of amendments to the International Convention for the Safety Of Life At Sea, 1974. Annex 1. London: IMO.
International Maritime Organization. (2010). SN.1/Circ.266/Rev.1: Maintenance of Electronic Chart Display and Information System (ECDIS) software. London: IMO.
International Maritime Organization (2014). International Convention for the Safety of Life at Sea (SOLAS), 1974 as amended. London: IMO.
International Maritime Organization. 2017. Resolution MSC.1/Circ.1503/Rev.1, ECDIS – GUIDANCE FOR GOOD PRACTICE. London: IMO.
International Maritime Organization. 2017. Resolution MSC.428(98), Maritime Cyber Risk Management in Safety Management Systems. London: IMO.
International Maritime Organization. 2017. Resolution MSC-FAL.1/Circ.3, Guidelines On Maritime Cyber Risk Management. London: IMO.
Lee, Y.C., Park, S.K., Lee, W.K., Kang, J. 2017. Improving cyber security awareness in maritime transport: A way forward. Journal of the Korean Society of Marine Engineering, 41: 738-745. - doi:10.5916/jkosme.2017.41.8.738
Microsoft. 2018. Microsoft Security Bulletin MS17-010 - Critical. Available at: https://technet.microsoft.com/library/security/MS17-010 (10.12.2018).
Nessus. 2018. Tenable Products: Nessus Professional version 8. Available at: https://www.tenable.com/products/nessus/nessus-professional (10.12.2018).
Polatid, N., Pavlidis, M., Mouratidis, H. 2018. Cyber-attack path discovery in a dynamic supply chain maritime risk management system. Computer Standards Interfaces 59, 74– 82. - doi:10.1016/j.csi.2017.09.006
Shapiro, L.R., Maras, M.H., Velotti, L., Pickman, S., Wei, H.L., Till, R. 2018. Trojan horse risks in the maritime transportation systems sector. Journal of Transportation Security 8, 1–19.
Svilicic, B., Kamahara, J., Rooks, M., Yano, Y. 2019. Maritime Cyber Risk Management: An Experimental Ship Assessment. Journal of Navigation: in press. Available at: - doi:10.1017/S0373463318001157
Svilicic, B., Celic, J., Kamahara, J., Bolmsten, J. 2018. A Framework for Cyber Security Risk Assessment of Ships. Proceedings of 19th International Association of Maritime Universities Conference, pp 21-28, Barcelona, Spain.
Svilicic, B., Kras, A. 2005. Computer Systems Privacy Protection. Pomorstvo - Scientific Journal of Maritime Research 19 (1), 275–284.
Tam, K., Jones, K. 2019. MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs: in press. Available at: - doi:10.1007/s13437-019-00162-2
Transas. 2018. Navi-Sailor 4000 ECDIS. Available at: http://www.transas.com/products/navigation/ecdis/ECDIS(10.12.2018).
United States Computer Emergency Readiness Team (US-CERT). 2018. Alert (TA17-181A) Petya Ransomware. Available at: https://www.us-cert.gov/ncas/alerts/TA17-181A (10.12.2018).
Citation note:
Svilicic B., Brčić D., Žuškin S., Kalebić D.: Raising Awareness on Cyber Security of ECDIS. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 13, No. 1, doi:10.12716/1001.13.01.24, pp. 231-236, 2019
Authors in other databases:
Boris Svilicic:
David Kalebić: