Journal is indexed in following databases:



2023 Journal Impact Factor - 0.7
2023 CiteScore - 1.4



HomePage
 




 


 

ISSN 2083-6473
ISSN 2083-6481 (electronic version)
 

 

 

Editor-in-Chief

Associate Editor
Prof. Tomasz Neumann
 

Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
www http://www.transnav.eu
e-mail transnav@umg.edu.pl
CERP: A Maritime Cyber Risk Decision Making Tool
1 Norwegian University of Science and Technology, Ålesund, Norway
2 University of Plymouth, Plymouth, United Kingdom
ABSTRACT: An increase in the complexity of systems onboard ships in the last decade has seen a rise in the number of reported maritime cyber-attacks. To tackle this rising risk the International Maritime Organization published high-level requirements for cyber risk management in 2017. These requirements obligate organisations to establish procedures, like incident response plans, to manage cyber-incidents. However, there is currently no standardised framework for this implementation. This paper proposes a Cyber Emergency Response Procedure (CERP), that provides a framework for organisations to better facilitate their crew’s response to a cyber-incident that is considerate of their operational environment. Based on an operations flowchart, the CERP provides a step-by-step procedure that guides a crew’s decision-making process in the face of a cyber-incident. This high-level framework provides a blueprint for organisations to develop their own cyber-incident response procedures that are considerate of operational constraints, existing incident procedures and the complexity of modern maritime systems.
REFERENCES
NORMA Cyber, "NORMA Cyber Annual Threat Assessment 2022," Norwegian Maritime Cyber Resilience Centre, normacyber.no, 2022. [Online]. Available: https://www.normacyber.no/news/norma-annual-threat-assessment-2022
K. Tam et al., "Case Study of a Cyber-Physical Attack Affecting Port and Ship Operational Safety," 2021, doi: - doi:10.4236/jtts.2022.121001
International Maritime Organization, MSC-FAL.1/Circ.3. Guidelines on maritime cyber risk management, 2017. [Online]. Available: http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Pages/Cyber-security.aspx.
International Maritime Organization, Resolution MSC.428(98) - Maritime Cyber Risk Management in Safety Management Systems, 2017. [Online]. Available: http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Pages/Cyber-security.aspx. Accessed on: 22.02.2023.
The Guidelines on Cyber Security onboard Ships Version 4.0, BIMCO, 2020. [Online]. Available: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships
IACS. "IACS adopts new requirements on cyber safety." IACS. https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/ (accessed 20 February, 2023).
E. Erstad, M. S. Lund, and R. Ostnes, "Navigating Through Cyber Threats, A Maritime Navigator’s Experience," 2022, doi: - doi:10.54941/ahfe1002205
International Maritime Organization. "Maritime Safety." IMO. https://www.imo.org/en/OurWork/Safety/Pages/default.aspx (accessed 20 February, 2023).
International Maritime Organization, International safety management code: with guidelines for its implementation, 2018 edition.; Fifth edition. ed. (ISM-Code). London: International Maritime Organization, 2018.
International Maritime Organization, SOLAS, Consolidated Edition, 2020 (SOLAS). London: International Maritime Organization, 2020.
International Maritime Organization. "The International Safety Management (ISM) Code." IMO. https://www.imo.org/en/ourwork/humanelement/pages/ISMCode.aspx (accessed 23 February, 2023).
International Chamber of Shipping, Bridge Procedures Guide. Marisec, 2022.
ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary, ISO, iso.org, 2020. [Online]. Available: https://www.iso.org/standard/73906.html
ISO/IEC 27001:2017 Information security, cybersecurity and privacy protection — Information security management systems — Requirements, ISO, iso.org, 2017. [Online]. Available: https://www.iso.org/standard/82875.html
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls, ISO, iso.org, 2022. [Online]. Available: https://www.iso.org/standard/75652.html
Directive (EU) 2016/1148 European Union Parliament, Official Journal of the European Union, 2016. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L1148&from=EN
DIRECTIVE (EU) 2022/2555, European Union Parliament, Official Journal of the European Union, 2022. [Online]. Available: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555&qid=1677163438395&from=en
Framework for improving critical infrastructure cybersecurity, N. I. o. S. a. T. NIST, 2018. [Online]. Available: https://www.nist.gov/cyberframework/framework
ENISA, "ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR," https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1, 2011. [Online]. Available: https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1
Cyber security resilience management for ships and mobile offshore units in operation, DNV, standards.dnv.com, 2016. [Online]. Available: https://standards.dnv.com/explorer/document/0ED73B3209DA42CDA6392BC3946585C9/4
Rec 166 - Recommendation on Cyber Resilience, IACS, 2020. [Online]. Available: http://www.iacs.org.uk/publications/recommendations/161-180/
The Guidelines on Cyber Security onboard Ships Version 1.0, BIMCO, 2016. [Online]. Available: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships
ISO 23806:2022 Ships and marine technology — Cyber safety, ISO, iso.org, 2022. [Online]. Available: https://www.iso.org/standard/77027.html
Vessel Cyber Risk Management Work Instruction, United States Coast Guard, https://www.dco.uscg.mil/, 2020. [Online]. Available: https://www.dco.uscg.mil/Our-Organization/Assistant-Commandant-for-Prevention-Policy-CG-5P/Inspections-Compliance-CG-5PC-/Commercial-Vessel-Compliance/CVCmms/
IACS UR E26 Cyber resilience of ships, IACS, https://iacs.org.uk/, 2022. [Online]. Available: https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/
IACS UR E27 Cyber resilience of ships equipment, IACS, https://iacs.org.uk/, 2022. [Online]. Available: https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/
T.-r. Qin, W.-j. Chen, and X.-k. Zeng, "Risk management modeling and its application in maritime safety," Journal of Marine Science and Application, vol. 7, no. 4, pp. 286-291, 2008. - doi:10.1007/s11804-008-7076-y
ISO 5807:1985 Information processing — Documentation symbols and conventions for data, program and system flowcharts, program network charts and system resources charts, ISO, iso.org, 1985. [Online]. Available: https://www.iso.org/standard/11955.html
M. Raimondi, G. Longo, A. Merlo, A. Armando, and E. Russo, "Training the maritime security operations centre teams," in 2022 IEEE International Conference on Cyber Security and Resilience (CSR), 2022: IEEE, pp. 388-393, doi: - doi:10.1109/CSR54599.2022.9850324
P. Greig, A. Maloney, and H. Higham, "Emergencies in general practice: could checklists support teams in stressful situations?," (in eng), Br J Gen Pract, vol. 70, no. 695, pp. 304-305, Jun 2020, doi: 10.3399/bjgp20X709373. - doi:10.3399/bjgp20X709373
D. L. Hepner et al., "Operating room crisis checklists and emergency manuals," Anesthesiology, vol. 127, no. 2, pp. 384-392, 2017. - doi:10.1097/ALN.0000000000001731
BIMCO, International Chamber of Shipping, and Witherby Publishing Group, Cyber Security Workbook for On Board Ship Use - 4th Edition, 2023. Livingston: Witherby Publishing Group, 2023.
F. S. Foundation. "FSF ALAR Briefing Note 1.5, Normal Checklists." SKYbrary Aviation Safety. https://skybrary.aero/bookshelf/fsf-alar-briefing-note-15-normal-checklists (accessed 21 February, 2023).
G. Di Stefano, F. Gino, G. Pisano, and B. R. Staats, "Learning by Thinking: How Reflection Can Spur Progress Along the Learning Curve," Management Science, Harvard Business School NOM Unit Working Paper No. 14-093, 2014, doi: https://dx.doi.org/10.2139/ssrn.2414478. - doi:10.2139/ssrn.2414478
A. Nganga, M. Lützhöft, J. Scanlan, and S. Mallam, "Timely Maritime Cyber Threat Resolution in a Multi-Stakeholder Environment," 2022.
G. Stoker, J. Greer, U. Clark, and C. Chiego, "Considering Maritime Cybersecurity at a Non-Maritime Education and Training Institution," in Proceedings of the EDSIG Conference ISSN, 2022, vol. 2473, p. 4901.
Citation note:
Erstad E., Hopcraft R., Palbar J.D., Tam K.: CERP: A Maritime Cyber Risk Decision Making Tool. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 17, No. 2, doi:10.12716/1001.17.02.02, pp. 269-279, 2023
Authors in other databases:
Juan Dorje Palbar: Scholar iconuTyE0d8AAAAJ

Other publications of authors:


File downloaded 441 times








Important: TransNav.eu cookie usage
The TransNav.eu website uses certain cookies. A cookie is a text-only string of information that the TransNav.EU website transfers to the cookie file of the browser on your computer. Cookies allow the TransNav.eu website to perform properly and remember your browsing history. Cookies also help a website to arrange content to match your preferred interests more quickly. Cookies alone cannot be used to identify you.
Akceptuję pliki cookies z tej strony