Posted: July 1st, 2023
Autonomous Shipping and the Possible Challenges of Cyber Threats
# Autonomous Shipping and the Possible Challenges of Cyber Threats
Autonomous shipping is an emerging trend in the maritime industry that promises to revolutionize the way goods are transported across the oceans. Autonomous ships, also known as Maritime Autonomous Surface Ships (MASS), are vessels that can operate without human intervention or with minimal human supervision. They rely on advanced technologies such as sensors, artificial intelligence, communication systems and remote control centers to navigate safely and efficiently.
Autonomous shipping has many potential benefits, such as reducing operational costs, enhancing environmental performance, improving safety and security, and increasing productivity and competitiveness. However, autonomous shipping also poses many challenges and risks, especially in terms of cyber security. Cyber security is the protection of information systems and networks from unauthorized access, manipulation, disruption or destruction. Cyber security is crucial for ensuring the reliability, integrity and availability of the data and functions that enable autonomous shipping.
## Cyber Security Challenges for Autonomous Shipping
Autonomous ships are more vulnerable to cyber threats than conventional ships because they have higher cyber-physical interaction and complexity. Cyber-physical interaction refers to the interconnection between information systems and physical systems, such as sensors, actuators, engines and navigation systems. Complexity refers to the number and diversity of components, functions and interactions involved in autonomous shipping operations. These factors increase the attack surface and the potential impact of cyber incidents on autonomous ships.
Some of the cyber security challenges for autonomous shipping are:
– **Cyber attacks on navigational systems**: Navigational systems are essential for autonomous ships to determine their position, speed, course and destination. They include Global Navigation Satellite Systems (GNSS), Electronic Chart Display and Information Systems (ECDIS) and Automatic Identification Systems (AIS). Cyber attacks on these systems can cause spoofing, jamming, denial of service or manipulation of data, leading to inaccurate or misleading information that can affect the safety and efficiency of autonomous ships.
– **Cyber attacks on communication systems**: Communication systems are vital for autonomous ships to exchange data and commands with remote control centers, shore-based management offices, other ships and ports. They include satellite, radio, cellular and internet-based technologies. Cyber attacks on these systems can cause interception, interruption, alteration or deletion of data or commands, leading to loss of control, miscommunication or unauthorized access to autonomous ships.
– **Cyber attacks on shore control centers**: Shore control centers are responsible for monitoring, controlling and supervising autonomous ships from a remote location. They include human operators, computers, servers, networks and software. Cyber attacks on these centers can cause disruption, infiltration or sabotage of the functions and data that enable remote operation of autonomous ships.
– **Cyber attacks on ports and terminals**: Ports and terminals are the places where autonomous ships load and unload cargo, refuel and undergo maintenance. They include physical infrastructure, equipment, personnel and information systems. Cyber attacks on these places can cause damage, theft or tampering of cargo, fuel or equipment, as well as compromise of personal or confidential information.
## Cyber Security Risk Assessment for Autonomous Shipping
To address the cyber security challenges for autonomous shipping, it is important to conduct a cyber security risk assessment that identifies the potential threats, vulnerabilities and impacts associated with different types of equipment and systems involved in autonomous shipping operations. A cyber security risk assessment can help to prioritize the most critical assets and functions that need protection, as well as to implement appropriate measures to prevent, detect and respond to cyber incidents.
A recent study by Tusher et al. (2022) proposed a multi-criteria decision-making framework for assessing cyber security risk in the autonomous shipping context. The study surveyed subject matter experts, system designers and seafarers to rank different types of equipment and systems based on their perceived vulnerability to cyber threats. The study used the Bayesian best–worst method (BWM) to analyze the survey data and produce a ranking of cyber security risk for different equipment and systems at both system level and sub-system level.
The following table shows the ranking of cyber security risk at system level:
| System | Rank | Score |
|——–|——|——-|
| Navigational Systems | 1 | 0.321 |
| Remote Control Center | 2 | 0.223 |
| Shore-based Management Offices | 3 | 0.179 |
| Communication Systems | 4 | 0.153 |
| Propulsion Systems | 5 | 0.124 |
The following table shows the ranking of cyber security risk at sub-system level:
| Sub-system | Rank | Score |
|————|——|——-|
| Global Navigation Satellite System (GNSS) | 1 | 0.106 |
| Electronic Chart Display and Information System (ECDIS) | 2 | 0.096 |
| Communication Devices on Shore Control Center (SCC) | 3 | 0.092 |
| Communication Devices on Ship | 4 | 0.088 |
| Shore-based Management Office Computers | 5 | 0.086 |
| Automatic Identification System (AIS) | 6 | 0.085 |
| Shore Control Center Computers | 7 | 0.084 |
| Radar Systems | 8 | 0.083 |
| Shore-based Management Office Networks | 9 | 0.082 |
| Shore Control Center Networks | 10 | 0.081 |
| Engine Controls | 11 | 0.080 |
| Shore Control Center Integration Platforms | 12 | 0.079 |
| Cargo Handling at Ports | 13 | 0.078 |
The results indicate that navigational systems are the most vulnerable to potential cyber threats, while propulsion systems are the least vulnerable element in the context of future autonomous shipping operations. On a sub-system level, the three most vulnerable parts are Global Navigation Satellite System (GNSS), Electronic Chart Display and Information System (ECDIS) and the communication devices on shore control centers (SCC), while the least vulnerable parts are engine controls, SCC integration platforms and cargo handling at ports.
## Cyber Security Recommendations for Autonomous Shipping
Based on the cyber security risk assessment, some of the recommendations for enhancing cyber security in autonomous shipping are:
– **Implementing cyber security standards and guidelines**: There is a need to develop and adopt cyber security standards and guidelines that are specific to autonomous shipping operations and that address the technical, operational and legal aspects of cyber security. Some of the existing standards and guidelines that can be used as references are the International Maritime Organization (IMO) Guidelines on Maritime Cyber Risk Management, the International Organization for Standardization (ISO) Standards on Information Security Management Systems and the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity.
– **Developing cyber security awareness and training**: There is a need to raise cyber security awareness and provide cyber security training to all the stakeholders involved in autonomous shipping operations, such as system designers, operators, seafarers, managers, regulators and customers. The cyber security awareness and training should cover the basic concepts, principles and practices of cyber security, as well as the specific threats, vulnerabilities and impacts associated with autonomous shipping operations.
– **Establishing cyber security governance and management**: There is a need to establish cyber security governance and management structures and processes that define the roles, responsibilities and accountabilities of different stakeholders in autonomous shipping operations, as well as the policies, procedures and controls for ensuring cyber security. The cyber security governance and management should also include mechanisms for monitoring, auditing and reporting on cyber security performance and incidents.
– **Applying cyber security technologies and solutions**: There is a need to apply cyber security technologies and solutions that can prevent, detect and respond to cyber incidents in autonomous shipping operations. Some of the possible technologies and solutions are encryption, authentication, firewalls, antivirus, intrusion detection and prevention systems, backup and recovery systems, incident response teams and cyber insurance.
## Conclusion
Autonomous shipping is a promising innovation that can bring many benefits to the maritime industry. However, it also faces many challenges and risks in terms of cyber security. Cyber security is essential for ensuring the reliability, integrity and availability of the data and functions that enable autonomous shipping operations. A cyber security risk assessment can help to identify the potential threats, vulnerabilities and impacts associated with different types of equipment and systems involved in autonomous shipping operations. Based on the risk assessment, some of the recommendations for enhancing cyber security in autonomous shipping are implementing standards and guidelines, developing awareness and training, establishing governance and management, and applying technologies and solutions.
## References
– Tusher H M, Munim Z H, Notteboom T E et al., ‘Cyber security risk assessment in autonomous shipping’, Maritime Economics & Logistics (2022) .
– Issa M, Ilinca A, Ibrahim H et al., ‘Maritime Autonomous Surface Ships: Problems and Challenges Facing the Regulatory Process’, Sustainability (2022) .
– Wróbel K et al., ‘Maritime Autonomous Surface Ships: Impact on Safety’, TransNav: International Journal on Marine Navigation & Safety of Sea Transportation (2017) .
– IMO Guidelines on Maritime Cyber Risk Management (2017) .
– ISO Standards on Information Security Management Systems .
– NIST Framework for Improving Critical Infrastructure Cybersecurity (2018)