IDEAS home Printed from https://ideas.repec.org/a/eee/ijocip/v46y2024ics1874548224000362.html
   My bibliography  Save this article

Cyber risk assessment of cyber-enabled autonomous cargo vessel

Author

Listed:
  • Yousaf, Awais
  • Amro, Ahmed
  • Kwa, Philip Teow Huat
  • Li, Meixuan
  • Zhou, Jianying

Abstract

The increasing interest in autonomous ships within the maritime industry is driven by the pursuit of revenue optimization, operational efficiency, safety improvement and going greener. However, the industry’s increasing reliance on emerging technologies for the development of autonomous ships extends the attack surface, leaving the underlying ship systems vulnerable to potential exploitation by malicious actors. In response to these emerging challenges, this research extends an existing cyber risk assessment approach called FMECA-ATT&CK based on failure modes, effects and criticality analysis (FMECA), and the MITRE ATT&CK framework. As a part of our work, we have expanded the FMECA-ATT&CK approach to assessing cyber risks related to systems with artificial intelligence components in cyber-enabled autonomous ships (e.g. autonomous engine monitoring and control). This new capability was developed using the information and semantics encoded in the MITRE ATLAS framework. FMECA-ATT&CK has been adopted due to its comprehensive and adaptable nature and its promising venue for supporting continuous cyber risk assessment. It helps evaluate the cyber risks associated with the complex and state-of-the-art operational technologies on board autonomous ships. The cyber risk assessment approach assists cybersecurity experts in aligning mitigation strategies for the cyber defence of autonomous ships. It also contributes towards advancing overall cybersecurity in the maritime industry and ensures the safe and secure sailing of autonomous ships. Our key findings after applying the proposed approach against a model of an autonomous cargo ship is the identification of the Navigation Situation Awareness System (NSAS) of the ship as being at the highest risk followed by the Autonomous Engine Monitoring and Control (AEMC) system. Additionally, we identified 3 high, 48 medium, and 5776 low risks across 29 components.

Suggested Citation

  • Yousaf, Awais & Amro, Ahmed & Kwa, Philip Teow Huat & Li, Meixuan & Zhou, Jianying, 2024. "Cyber risk assessment of cyber-enabled autonomous cargo vessel," International Journal of Critical Infrastructure Protection, Elsevier, vol. 46(C).
    • Handle: RePEc:eee:ijocip:v:46:y:2024:i:c:s1874548224000362
    DOI: 10.1016/j.ijcip.2024.100695
    as

    Download full text from publisher

    File URL: http://www.sciencedirect.com/science/article/pii/S1874548224000362
    Download Restriction: Full text for ScienceDirect subscribers only
    File URL: https://libkey.io/10.1016/j.ijcip.2024.100695?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Carlos Eduardo León Rincón & Jhonatan Pérez Villalobos, 2013. "Authority Centrality and Hub Centrality as metrics of systemic importance of financial market infrastructures," Borradores de Economia 754, Banco de la Republica de Colombia.
    2. Kariuki, S.G. & Löwe, K., 2007. "Integrating human factors into process hazard analysis," Reliability Engineering and System Safety, Elsevier, vol. 92(12), pages 1764-1773.
    3. Hasan Mahbub Tusher & Ziaul Haque Munim & Theo E. Notteboom & Tae-Eun Kim & Salman Nazir, 2022. "Cyber security risk assessment in autonomous shipping," Maritime Economics & Logistics, Palgrave Macmillan;International Association of Maritime Economists (IAME), vol. 24(2), pages 208-227, June.
    4. Karen L. Hulebak & Wayne Schlosser, 2002. "Hazard Analysis and Critical Control Point (HACCP) History and Conceptual Overview," Risk Analysis, John Wiley & Sons, vol. 22(3), pages 547-552, June.
    5. Tijan, Edvard & Jović, Marija & Aksentijević, Saša & Pucihar, Andreja, 2021. "Digital transformation in the maritime transport sector," Technological Forecasting and Social Change, Elsevier, vol. 170(C).
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Kadhim Hayawi & Junaid Sajid & Asad Waqar Malik & Zouheir Trabelsi & Ayaz Ur Rehman, 2024. "Leveraging on-board computing in autonomous ferries to identify malicious network connections," Journal of Transportation Security, Springer, vol. 17(1), pages 1-24, December.
    2. Ahmed Mohy Ibrahim & Mohamed Abdelfattah & Mohamed Mohasseb & Said Abdelkader, 2024. "Security Risk Assessment of Teleoperated Vessels and Associated Centers: Parameter Identification," Journal of Transportation Security, Springer, vol. 17(1), pages 1-26, December.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Zarei, Esmaeil & Khan, Faisal & Abbassi, Rouzbeh, 2021. "Importance of human reliability in process operation: A critical analysis," Reliability Engineering and System Safety, Elsevier, vol. 211(C).
    2. Mendez-Picazo, María-Teresa & Galindo-Martin, Miguel-Angel & Perez-Pujol, Rafael-Sergio, 2024. "Direct and indirect effects of digital transformation on sustainable development in pre- and post-pandemic periods," Technological Forecasting and Social Change, Elsevier, vol. 200(C).
    3. Marija Jović & Edvard Tijan & Doroteja Vidmar & Andreja Pucihar, 2022. "Factors of Digital Transformation in the Maritime Transport Sector," Sustainability, MDPI, vol. 14(15), pages 1-18, August.
    4. Jianying Xiao & Lixin Han & Hui Zhang, 2022. "Exploring Driving Factors of Digital Transformation among Local Governments: Foundations for Smart City Construction in China," Sustainability, MDPI, vol. 14(22), pages 1-16, November.
    5. Costa Climent, Ricardo & Haftor, Darek M., 2021. "Business model theory-based prediction of digital technology use: An empirical assessment," Technological Forecasting and Social Change, Elsevier, vol. 173(C).
    6. Fiedor, Paweł, 2014. "Sector strength and efficiency on developed and emerging financial markets," Physica A: Statistical Mechanics and its Applications, Elsevier, vol. 413(C), pages 180-188.
    7. Ziaul Haque Munim & Hercules Haralambides, 2022. "Advances in maritime autonomous surface ships (MASS) in merchant shipping," Maritime Economics & Logistics, Palgrave Macmillan;International Association of Maritime Economists (IAME), vol. 24(2), pages 181-188, June.
    8. Namgung, Hyewon & Fujiwara, Akimasa & Yamamoto, Jenny & Zhang, Junyi, 2023. "Small and medium-sized taxi firm operators' stated choices of future business models: A case study in Japan based on hybrid choice model with panel effects," Research in Transportation Economics, Elsevier, vol. 101(C).
    9. Benjamin Mosses Sakita & Berit Irene Helgheim & Svein Bråthen, 2024. "The Principal-Agent Theoretical Ramifications on Digital Transformation of Ports in Emerging Economies," Logistics, MDPI, vol. 8(2), pages 1-39, May.
    10. H. Christopher Frey, 2002. "Introduction to Special Section on Sensitivity Analysis and Summary of NCSU/USDA Workshop on Sensitivity Analysis," Risk Analysis, John Wiley & Sons, vol. 22(3), pages 539-545, June.
    11. Dina Guglielmi & Alessio Paolucci & Valerio Cozzani & Marco Giovanni Mariani & Luca Pietrantoni & Federico Fraboni, 2022. "Integrating Human Barriers in Human Reliability Analysis: A New Model for the Energy Sector," IJERPH, MDPI, vol. 19(5), pages 1-17, February.
    12. Göçmen Polat, Elifcan & Yücesan, Melih & Gül, Muhammet, 2023. "A comparative framework for criticality assessment of strategic raw materials in Turkey," Resources Policy, Elsevier, vol. 82(C).
    13. Grazyna Wieteska, 2012. "Quality management systems and their role in risk management emerging in the supply chain (System zarzadzania jakoscia i ich rola w zarzadzaniu ryzykiem pojawiajacym siê w lancuchu dostaw)," Problemy Zarzadzania, University of Warsaw, Faculty of Management, vol. 10(37), pages 139-159.
    14. Bolbot, Victor & Kulkarni, Ketki & Brunou, Päivi & Banda, Osiris Valdez & Musharraf, Mashrura, 2022. "Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis," International Journal of Critical Infrastructure Protection, Elsevier, vol. 39(C).
    15. Fernandez-Vidal, Jorge & Gonzalez, Reyes & Gasco, Jose & Llopis, Juan, 2022. "Digitalization and corporate transformation: The case of European oil & gas firms," Technological Forecasting and Social Change, Elsevier, vol. 174(C).
    16. Junqiao Zhang & Xuebo Chen & Qiubai Sun, 2019. "A Safety Performance Assessment Framework for the Petroleum Industry’s Sustainable Development Based on FAHP-FCE and Human Factors," Sustainability, MDPI, vol. 11(13), pages 1-20, June.
    17. Michele F. Panunzio & Antonietta Antoniciello & Alessandra Pisano & Giovanna Rosa, 2007. "Evaluation of HACCP Plans of Food Industries: Case Study Conducted by the Servizio di Igiene degli Alimenti e della Nutrizione (Food and Nutrition Health Service) of the Local Health Authority of Fogg," IJERPH, MDPI, vol. 4(3), pages 1-5, September.
    18. Merín-Rodrigáñez, Joan & Dasí, Àngels & Alegre, Joaquín, 2024. "Digital transformation and firm performance in innovative SMEs: The mediating role of business model innovation," Technovation, Elsevier, vol. 134(C).
    19. Surucu-Balci, Ebru & Iris, Çağatay & Balci, Gökcay, 2024. "Digital information in maritime supply chains with blockchain and cloud platforms: Supply chain capabilities, barriers, and research opportunities," Technological Forecasting and Social Change, Elsevier, vol. 198(C).
    20. Palmer, C. & Chung, P.W.H., 2009. "An automated system for batch hazard and operability studies," Reliability Engineering and System Safety, Elsevier, vol. 94(6), pages 1095-1106.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:eee:ijocip:v:46:y:2024:i:c:s1874548224000362. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Catherine Liu (email available below). General contact details of provider: https://www.journals.elsevier.com/international-journal-of-critical-infrastructure-protection .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.