Conference paper Open Access
Cyber security in the maritime industry became crucial due to both academic researches and incidents. There are academic studies that show vulnerabilities in various navigation equipments such as GPS, ECDIS, AIS and ARPA-Radar. Additionally, there are different cyber incidents around the world. Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector put in action IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 1st January 2021. Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition. On the other hand, RightShip provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by RigthShip for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”. In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of RightShip that offers vetting service for dry cargo ships, were assessed to maritime cyber security. Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons. Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential. In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 1st January 2021, this process started earlier for tanker operators.
Paper 10 - Tanker Industry is More Ready against Cyber Threats.pdf
Balduzzi M, Pasta A, Wilhoit K. 2014. A Security Evaluation of AIS Automated Identification System.
Bhatti J, Humphreys T. 2014. Covert control of surface vessels via counterfeit civil GPS signals
Blake T. 2017. Hackers took 'full control' of container ship's navigation systems for 10 hours . [accessed 2019 Aug 31]. https://rntfnd.org/2017/11/25/hackers-took-fullcontrol- of-container-ships-navigation-systemsfor- 10-hours-ihs-fairplay/
CDI. 2019. CDI Introduction . [accessed 2019 Aug 31]. https://www.cdi.org.uk/Introduction.aspx
Clarksons. 2018. Update on 2017 Data Breach . [accessed 2019 Aug 31]. https://www.clarksons.com/news/notice-of-cybersecurity- incident-ckn/
CyberKeel. 2014. Maritime Cyber Risks.
Goward D. 2017. Mass GPS Spoofing Attack in Black Sea? . [accessed 2019 Aug 31]. https://www.maritimeexecutive. com/editorials/mass-gps-spoofingattack- in-black-sea
Graham L. 2017. Shipping industry vulnerable to cyber attacks and GPS jamming . [accessed 2019 Aug 31]. https://www.cnbc.com/2017/02/01/shippingindustry- vulnerable-to-cyber-attacks-and-gpsjamming. html
Havold JI. 2010. Safety culture and safety management aboard tankers. 95:511–519.
Humphreys T. 2017. Ships fooled in GPS spoofing attack suggest Russian cyberweapon . [accessed 2019 Aug 31]. https://www.newscientist.com/article/2143499- ships-fooled-in-gps-spoofing-attack-suggestrussian- cyberweapon/
IMO Resolution MSC.428 (98).
ISM Code. 2014th ed.: IMO.
Karti EN. 2017. Vetting and TMSA: Role and Requirements in the Shipping Industry.
Lund MS, Hareide OS, Jøsok Ø. 2018. An Attack on an Integrated Navigation System. Necesse. 3:149–163.
Maersk. 2017. Maersk News Release . [accessed 2019 Aug 31]. http://investor.maersk.com/newsreleases/ news-release-details/cyber-attack-update
OCIMF. 2019. [accessed 2019 Aug 31]. https://www.ocimf.org/organisation/introduction.a spx
Shefi A. 2017. Tests Show Ease of Hacking ECDIS, Radar and Machinery . [accessed 2019 Aug 31]. https://www.maritimeexecutive. com/article/tests-show-ease-of-hackingecdis- radar-and-machinery
SIRE. 2019. [accessed 2019 Aug 31]. https://www.ocimf.org/sire/about-sire.aspx
Skou S. 2017. CEO: Cyber Attack to Cost Maersk Up to USD 300 Mn . [accessed 2019 Aug 31]. https://worldmaritimenews.com/archives/227337/ ceo-cyber-attack-to-cost-maersk-up-to-usd-300- mn/
The Local. 2014. State-sponsored hackers spied on Denmark . [accessed 2019 Aug 31]. https://www.thelocal.dk/20140922/denmark-washacked- by-state-sponsored-spies
WMN. 2018. COSCO Shipping Lines Falls Victim to Cyber Attack . [accessed 2019 Aug 31]. https://worldmaritimenews.com/archives/257665/ cosco-shipping-lines-falls-victim-to-cyber-attack/