Journal is indexed in following databases:
- SCOPUS
- Web of Science Core Collection - Journal Citation Reports
- EBSCOhost
- Directory of Open Access Journals
- TRID Database - Transportation Research Board
- Index Copernicus Journals Master List
- BazTech
- Google Scholar
2023 Journal Impact Factor - 0.7
2023 CiteScore - 1.4
ISSN 2083-6473
ISSN 2083-6481 (electronic version)
Editor-in-Chief
Associate Editor
Prof. Tomasz Neumann
Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
e-mail transnav@umg.edu.pl
Ethical Considerations in Maritime Cybersecurity Research
1 Norwegian University of Science and Technology, Gjøvik, Norway
ABSTRACT: Maritime transportation, an essential component of world trade, is performed by contemporary vessels. Despite the improvements that rapid advances in technology have brought to vessels’ operational efficiency and capability for safe navigation, the cyber risks associated with modern systems have increased apace. Widespread publicity regarding cyber incidents onboard ships has sparked extensive research on the part of universities, industry, and governmental organisations seeking to understand cyber risks. Consequently, researchers have discovered and disclosed an increasing number of threats and vulnerabilities in this context, providing information that in itself may pose a threat when accessed by the wrong parties. Thus, this paper aims to raise researchers’ awareness of ethical concerns and provide guidance for sound decision-making in areas where the research process must be handled carefully to avoid harm. To this end, this paper presents a literature review that explores the ethical issues involved in maritime cybersecurity research and provides specific examples to promote further understanding. Six ethical principles and four categories of ethical dilemmas are discussed. Finally, the paper offers recommendations that can guide researchers in dealing with any ethical conflicts that may arise while studying maritime cybersecurity.
KEYWORDS: Cyber Security, Cyber Risk, Maritime Cyber Security, Maritime Cyber Security Research, Ethical Considerations, Ethical Dilemmas, Ethical Principles, Ethical Conflicts
REFERENCES
CISA. Transportation systems sector. Available online: https://www.cisa.gov/transportation-systems-sector (accessed on 29 March 2021).
Mattioli, R.; Levy-Bencheton, C. Methodologies for the identification of Critical Information Infrastructure assets and services; ENISA, 2015, ISBN 978-92-9204-106-9.
Nystuen, K.O.; Hagen, J.M. Critical Information Infrastructure protection in Norway. In Informatik, Frankfurt, Germany, 29 September 2003 - 02 October 2003, 2003.
Zhao, X.; Yang, Z.; Yang, Z.; Feng, Y. Study on the choice of transportation mode for regional logistics. In 6th Conference of the Eastern-Asia-Society-for-Transportation-Studies, Bangkok, Thailand, 2005; pp 16–31.
UNCTAD. Review of maritime transport 2021, New York, USA, 2021. Available online: https://unctad.org/webflyer/review-maritime-transport-2021 (accessed on 20 November 2021).
VesselFinder. Vessel database. Available online: https://www.vesselfinder.com/vessels (accessed on 29 April 2021).
Blake, T. Hackers took ‘full control’ of container ship’s navigation systems for 10 hours - IHS Fairplay | RNTF. Available online: https://rntfnd.org/2017/11/25/hackers-took-full-control-of-container-ships-navigation-systems-for-10-hours-ihs-fairplay/ (accessed on 25 March 2020).
C4ADS. Above us only stars: Exposing GPS spoofing in Russia and Syria. Available online: https://www.c4reports.org/aboveusonlystars (accessed on 14 April 2021).
Reynolds, G.W. Ethics in information technology, 5th ed.; Cengage Learning, 2015, ISBN 978-1-285-19715-9.
University of Stirling. Understanding ethics. Available online: https://www.stir.ac.uk/research/research-ethics-and-integrity/understanding-ethics/ (accessed on 28 December 2021).
Forskningsetikk. About us. Available online: https://www.forskningsetikk.no/en/about-us/ (accessed on 27 December 2021).
WMA. WMA Declaration of Helsinki - Ethical principles for medical research involving human subjects, 2013. Available online: https://www.wma.net/policies-post/wma-declaration-of-helsinki-ethical-principles-for-medical-research-involving-human-subjects/ (accessed on 4 January 2022).
Hamburg, I.; Grosch, K.R. Ethical aspects in cyber security. Archives of Business Research 2017, 5, doi:10.14738/abr.510.3818. - doi:10.14738/abr.510.3818
Aguinis, H.; Henle, C.A. Ethics in research. In Handbook of research methods in industrial and organizational psychology; Rogelberg, S.G., Ed.; Blackwell, 2002.
The ethics of cybersecurity; Christen, M.; Gordijn, B.; Loi, M., Eds.; Springer International Publishing: Cham, 2020, ISBN 978-3-030-29052-8.
Yaghmaei, E.; van de Poel, I.; Christen, M.; Gordijn, B.; Kleine, N.; Loi, M.; Morgan, G.; Weber, K. Canvas White Paper 1 - Cybersecurity and ethics, 2017. - doi:10.2139/ssrn.3091909
Weinbaum, C.; Landree, E.; Blumenthal, M.S.; Piquado, T.; Gutierrez, C.I. Ethics in scientific research: An examination of ethical principles and emerging topics; RAND: Santa Monica CA, 2019, ISBN 9781977402691. - doi:10.7249/RR2912
Taddeo, M.; Glorioso, L. Ethics and policies for cyber operations; Springer International Publishing: Cham, 2017, ISBN 978-3-319-45299-9. - doi:10.1007/978-3-319-45300-2
Dipert, R.R. The ethics of cyberwarfare. Journal of Military Ethics 2010, 9, 384–410, doi:10.1080/15027570.2010.536404. - doi:10.1080/15027570.2010.536404
Macnish, K.; van der Ham, J. Ethics in cybersecurity research and practice. Technology in Society 2020, 63, doi:10.1016/j.techsoc.2020.101382. - doi:10.1016/j.techsoc.2020.101382
IMO. Resolution MSC.349(92) Code for recognized organizations (RO Code) Part 2 - Recognition and authorization requirements for organizations; IMO: London, UK, 2013.
IMO. Resolution A.1136(31) Ethical considerations and guidelines for conduct of IMO Council election campaigns; IMO: London, UK, 2019.
Moore, T.R. Ethics and the maritime profession: An argument for teaching in maritime training and strategies for making ethical decisions. In International Asscociation of Maritime Universities Proceedings of Inaugular General Assembly, Istanbul, Turkey, 26 June 2000 - 29 June 2000, 2000.
Citavi. Reference management and knowledge organization. Available online: https://citavi.com/en (accessed on 4 February 2022).
IMO. The IMO-Vega Database. Available online: https://www.imo.org/en/publications/Pages/IMO-Vega.aspx (accessed on 5 February 2022).
IMO. About IMODOCS. Available online: https://docs.imo.org/Default.aspx (accessed on 4 February 2022).
IMO. IMO Internship Programme. Available online: https://www.imo.org/en/About/Careers/Pages/Internship-default.aspx (accessed on 8 February 2022).
Choi, H.; Varian, H. Predicting the present with Google Trends. Economic Record 2012, 88, 2–9, doi:10.1111/j.1475-4932.2012.00809.x. - doi:10.1111/j.1475-4932.2012.00809.x
IMO. FAL 39/7 Ensuring security in and facilitating international trade. Measuring toward enhancing maritime cybersecurity.; IMO: London, UK, 2018.
IMO. MSC 94/4/1 Measures to enhance maritime security. Measures toward enhancing maritime cyber security; IMO: London, UK, 2014.
IMO. FAL 39/WP.8 Proposal for new output on the development of guidelines on the facilitation aspects of protecting the maritime transport network from cyber threats; IMO: London, UK, 2014.
IMO. Resolution MSC.428(98) Maritime cyber risk management in Safety Management Systems; IMO: London, UK, 2017.
IMO. HTW 8/15/1 Any other business. Necessity of developing relevant provisions concerning cybersecurity-related training for seafarers.; IMO: London, UK, 2021.
CRISTIN. Maritime Cyber Resilience. Available online: https://app.cristin.no/projects/show.jsf?id=2057306 (accessed on 29 April 2021).
CySiMS-SE. Cyber Security in Merchant Shipping Service Evolution (CySiMS-SE). Available online: http://cysims.no/ (accessed on 26 January 2022).
Cyber-MAR. About. Available online: https://cyber-mar.eu/about/ (accessed on 29 April 2021).
DTU. Project CyberShip. Available online: https://www.cybership.man.dtu.dk/english/overview. (accessed on 4 May 2021).
University of Rijeka. Cyber security of maritime ICT-based systems 2019.
NTNU. Work package 2: Digital infrastructure. Available online: https://www.ntnu.edu/sfi-autoship/digital-infrastructure (accessed on 29 April 2021).
DTU. Postdoc in cyber resilience for the shipping industry. Available online: https://computeroxy.com/postdoc-in-cyber-resilience-for-the-shipping-industry,i4678.html (accessed on 30 April 2021).
EURAXESS. ERA chair holder, professor of cybersecurity in maritime domain. Available online: https://euraxess.ec.europa.eu/jobs/582237 (accessed on 1 May 2021).
iTrust. Cyber risk management study in shipboard OT systems. Available online: https://itrust.sutd.edu.sg/maritime/ (accessed on 4 May 2021).
Jobbnorge. PhD position in maritime cyber security. Available online: https://www.jobbnorge.no/en/available-jobs/job/167349/phd-position-in-maritime-cyber-security (accessed on 4 May 2021).
THE. PhD candidate in maritime cyber resilient operations. Available online: https://www.timeshighereducation.com/unijobs/listing/182718/phd-candidate-in-maritime-cyber-resilient-operations/ (accessed on 4 May 2021).
TalTech. Maritime cyber security, 2018.
Danish Maritime Cybersecurity Unit. Cyber and information strategy for the maritime sector 2019 - 2022. Available online: https://dma.dk/Media/637709330853499994/Cyber%20and%20Information%20Security%20Strategy%20for%20the%20Maritime%20Sector.pdf (accessed on 1 May 2021).
MPA. New 24/7 Maritime Cybersecurity Operations Centre to boost cyber defence readiness. Available online: https://www.mpa.gov.sg/web/portal/home/media-centre/news-releases/detail/8a5114cf-8214-4b46-8999-2c6c42433b1e (accessed on 4 May 2021).
NORMA Cyber. About NORMA. Available online: https://www.normacyber.no/en/about (accessed on 25 December 2021).
King, N. Research ethics in qualitative research. In Doing qualitative research in psychology: A practical guide, 2nd ed.; Sullivan, C., Forrester, M.A., Eds.; SAGE, 2019; pp 35–59.
Fanelli, D. How many scientists fabricate and falsify research? A systematic review and meta-analysis of survey data. PLoS One 2009, 4, e5738, doi:10.1371/journal.pone.0005738. - doi:10.1371/journal.pone.0005738
Kennedy, M.S.; Barnsteiner, J.; Daly, J. Honorary and ghost authorship in nursing publications. J. Nurs. Scholarsh. 2014, 46, 416–422, doi:10.1111/jnu.12093. - doi:10.1111/jnu.12093
Grant, A.; Williams, P.; Ward, N.; Basker, S. GPS jamming and the impact on maritime navigation. J. Navigation 2009, 62, 173–187, doi:10.1017/S0373463308005213. - doi:10.1017/S0373463308005213
The Signal Jammer. GPS jammer. Available online: https://www.thesignaljammer.com/products/GPS-Jammer.html (accessed on 2 May 2021).
National Coordination Office for Space-Based Positioning, Navigation, and Timing. Information about GPS jamming. Available online: https://www.gps.gov/spectrum/jamming/ (accessed on 2 May 2021).
Blackshaw, I.S. Confidentiality and Non-Disclosure Agreements. In Sports Marketing Agreements: Legal, Fiscal and Practical Aspects; Blackshaw, I.S., Ed.; T. M. C. Asser Press: The Hague, The Netherlands, 2012; pp 67–72, ISBN 978-90-6704-792-0. - doi:10.1007/978-90-6704-793-7_5
Svilicic, B.; Rudan, I.; Jugović, A.; Zec, D. A study on cyber security threats in a shipboard Integrated Navigational System. Journal of Marine Science and Engineering 2019, 7, 364, doi:10.3390/jmse7100364. - doi:10.3390/jmse7100364
Svilicic, B.; Kristić, M.; Žuškin, S.; Brčić, D. Paperless ship navigation: cyber security weaknesses. Journal of Transportation Security 2020, 13, 203–214, doi:10.1007/s12198-020-00222-2. - doi:10.1007/s12198-020-00222-2
Balduzzi, M.; Pasta, A.; Wilhoit, K. A security evaluation of AIS automated identification system. In Proceedings of the 30th Annual Computer Security Applications Conference on - ACSAC '14, New Orleans, Louisiana, 08–12 Dec. 2014; Payne, C.N., Butler, K., Sherr, M., Hahn, A., Eds.; ACM Press: New York, USA, 2014; pp 436–445. - doi:10.1145/2664243.2664257
Jaquet-Chiffelle, D.-O.; Loi, M. Ethical and unethical hacking. In The ethics of cybersecurity; Christen, M., Gordijn, B., Loi, M., Eds.; Springer International Publishing: Cham, 2020; pp 179–204, ISBN 978-3-030-29052-8. - doi:10.1007/978-3-030-29053-5_9
Cavelty, M.D. Breaking the cyber-security dilemma: aligning security needs and removing vulnerabilities. Sci. Eng. Ethics 2014, 20, 701–715, doi:10.1007/s11948-014-9551-y. - doi:10.1007/s11948-014-9551-y
Cyber Keel. Maritime cyber-risks. Available online: https://sfmx.org/wp-content/uploads/2017/03/Maritime-Cyber-Crime-10-2014.pdf (accessed on 25 July 2022).
The Local. State-sponsored hackers spied on Denmark. Available online: https://thelocal.dk/20140922/denmark-was-hacked-by-state-sponsored-spies (accessed on 15 April 2021).
Herrmann, D.; Pridöhl, H. Basic concepts and models of cybersecurity. In The ethics of cybersecurity; Christen, M., Gordijn, B., Loi, M., Eds.; Springer International Publishing: Cham, 2020; pp 11–44, ISBN 978-3-030-29052-8. - doi:10.1007/978-3-030-29053-5_2
Marlink. What is maritime VSAT? Available online: https://marlink.com/what-is-maritime-vsat/ (accessed on 11 May 2021).
Chambers, S. Ship’s satellite communication system hacked with ease. Available online: https://splash247.com/ships-satellite-communication-system-hacked-ease/ (accessed on 11 May 2021).
GitHub. Toolkit for research purposes in AIS. Available online: https://github.com/trendmicro/ais (accessed on 6 January 2022).
Luiijf, E.; Klaver, M. On the sharing of cyber security information. In Critical Infrastructure Protection IX; Rice, M., Shenoi, S., Eds.; Springer International Publishing: Cham, 2015, ISBN 978-3-319-26566-7.
Albakri, A.; Boiten, E.; Lemos, R. de. Risks of sharing cyber incident information. In ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg Germany, 27–30 Aug. 2018; ACM: New York, USA, 2018; pp 1–10, ISBN 9781450364485. - doi:10.1145/3230833.3233284
Kirichenko, A.; Christen, M.; Grunow, F.; Herrmann, D. Best practices and recommendations for cybersecurity service providers. In The ethics of cybersecurity; Christen, M., Gordijn, B., Loi, M., Eds.; Springer International Publishing: Cham, 2020; pp 299–316, ISBN 978-3-030-29052-8. - doi:10.1007/978-3-030-29053-5_15
van de Poel, I. Core values and value conflicts in cybersecurity: Beyond privacy versus security. In The ethics of cybersecurity; Christen, M., Gordijn, B., Loi, M., Eds.; Springer International Publishing: Cham, 2020; pp 45–71, ISBN 978-3-030-29052-8. - doi:10.1007/978-3-030-29053-5_3
Christen, M.; Gordijn, B.; Loi, M. Introduction. In The ethics of cybersecurity; Christen, M., Gordijn, B., Loi, M., Eds.; Springer International Publishing: Cham, 2020; pp 1–8, ISBN 978-3-030-29052-8. - doi:10.1007/978-3-030-29053-5_1
Citation note:
Oruc A.: Ethical Considerations in Maritime Cybersecurity Research. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 16, No. 2, doi:10.12716/1001.16.02.14, pp. 309-318, 2022
Authors in other databases: