Conference paper Open Access

Tanker Industry is More Ready against Cyber Threats

Oruc, A

Cyber security in the maritime industry became crucial due to both academic researches and incidents. There are academic studies that show vulnerabilities in various navigation equipments such as GPS, ECDIS, AIS and ARPA-Radar. Additionally, there are different cyber incidents around the world. Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector put in action IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 1st January 2021. Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition. On the other hand, RightShip provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by RigthShip for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”. In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of RightShip that offers vetting service for dry cargo ships, were assessed to maritime cyber security. Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons. Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential. In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 1st January 2021, this process started earlier for tanker operators.

Files (1.7 MB)
Name Size
Paper 10 - Tanker Industry is More Ready against Cyber Threats.pdf
md5:dd8499309b41e20f7f27c5cea90e2d0f 		1.7 MB Download

  • Balduzzi M, Pasta A, Wilhoit K. 2014. A Security Evaluation of AIS Automated Identification System.

  • Bhatti J, Humphreys T. 2014. Covert control of surface vessels via counterfeit civil GPS signals

  • Blake T. 2017. Hackers took 'full control' of container ship's navigation systems for 10 hours . [accessed 2019 Aug 31]. https://rntfnd.org/2017/11/25/hackers-took-fullcontrol- of-container-ships-navigation-systemsfor- 10-hours-ihs-fairplay/

  • CDI. 2019. CDI Introduction . [accessed 2019 Aug 31]. https://www.cdi.org.uk/Introduction.aspx

  • Clarksons. 2018. Update on 2017 Data Breach . [accessed 2019 Aug 31]. https://www.clarksons.com/news/notice-of-cybersecurity- incident-ckn/

  • CyberKeel. 2014. Maritime Cyber Risks.

  • Goward D. 2017. Mass GPS Spoofing Attack in Black Sea? . [accessed 2019 Aug 31]. https://www.maritimeexecutive. com/editorials/mass-gps-spoofingattack- in-black-sea

  • Graham L. 2017. Shipping industry vulnerable to cyber attacks and GPS jamming . [accessed 2019 Aug 31]. https://www.cnbc.com/2017/02/01/shippingindustry- vulnerable-to-cyber-attacks-and-gpsjamming. html

  • Havold JI. 2010. Safety culture and safety management aboard tankers. 95:511–519.

  • Humphreys T. 2017. Ships fooled in GPS spoofing attack suggest Russian cyberweapon . [accessed 2019 Aug 31]. https://www.newscientist.com/article/2143499- ships-fooled-in-gps-spoofing-attack-suggestrussian- cyberweapon/

  • IMO Resolution MSC.428 (98).

  • ISM Code. 2014th ed.: IMO.

  • Karti EN. 2017. Vetting and TMSA: Role and Requirements in the Shipping Industry.

  • Lund MS, Hareide OS, Jøsok Ø. 2018. An Attack on an Integrated Navigation System. Necesse. 3:149–163.

  • Maersk. 2017. Maersk News Release . [accessed 2019 Aug 31]. http://investor.maersk.com/newsreleases/ news-release-details/cyber-attack-update

  • OCIMF. 2019. [accessed 2019 Aug 31]. https://www.ocimf.org/organisation/introduction.a spx

  • Shefi A. 2017. Tests Show Ease of Hacking ECDIS, Radar and Machinery . [accessed 2019 Aug 31]. https://www.maritimeexecutive. com/article/tests-show-ease-of-hackingecdis- radar-and-machinery

  • SIRE. 2019. [accessed 2019 Aug 31]. https://www.ocimf.org/sire/about-sire.aspx

  • Skou S. 2017. CEO: Cyber Attack to Cost Maersk Up to USD 300 Mn . [accessed 2019 Aug 31]. https://worldmaritimenews.com/archives/227337/ ceo-cyber-attack-to-cost-maersk-up-to-usd-300- mn/

  • The Local. 2014. State-sponsored hackers spied on Denmark . [accessed 2019 Aug 31]. https://www.thelocal.dk/20140922/denmark-washacked- by-state-sponsored-spies

  • WMN. 2018. COSCO Shipping Lines Falls Victim to Cyber Attack . [accessed 2019 Aug 31]. https://worldmaritimenews.com/archives/257665/ cosco-shipping-lines-falls-victim-to-cyber-attack/

1,051
323
views
downloads
Views 1,051
Downloads 323
Data volume 552.0 MB
Unique views 1,007
Unique downloads 310
More info on how stats are collected.
Indexed in
Publication date:
November 5, 2019
DOI:
10.24868/icmet.oman.2019.030
Keyword(s):
maritime cyber security tanker industry vetting programmes TMSA SIRE CDI RightShip
Meeting:
International Conference on Marine Engineering and Technology Oman 2019 (Abbreviation: ICMET Oman), Muscat, Oman, 5 – 7 November (Session Section 3 Safe Automation and Remote Manning, Part 6)
Communities:
License (for files):
Creative Commons Attribution 4.0 International

Share

Cite as

Export