Cybersecurity validation and verification for automated vessels : conforming to NIST, IEC 62443-3-3 and CIS
Huuskonen, Katja (2021)
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021120223407
https://urn.fi/URN:NBN:fi:amk-2021120223407
Tiivistelmä
Automation in shipping is seen as major leap towards ecological and safer shipping. It reduces the operating costs for shipowners, increases the earning capacity of the vessel and minimizes marine accident risks. The environmental impact decreases due to fuel savings while cost-efficiency and productivity increases. A high level of automation and the use of digital technologies together with networked components and external connectivity increase the overall cybersecurity risk pool.
The maritime community does not have a holistic approach for cybersecurity. There are no specific guidelines or procedures in place to complicate or prevent cyber-attacks. The purpose of this thesis is to create a comprehensive cybersecurity verification and validation framework that conforms with a set of standards, maritime guidelines and regulations for automated vessels. The validation and verification framework can be used to assess a vessel’s current cybersecurity posture, to test effectiveness and existence of selected and tailored security controls, and to identify gaps and plan for improvements.
This thesis is based on a literature review, maritime regulations, cybersecurity standards and guidelines used in the validation and verification framework as well as qualitative research methods. The qualitative research consists of a case study analysis, using secondary data and purposive sampling.
The maritime community does not have a holistic approach for cybersecurity. There are no specific guidelines or procedures in place to complicate or prevent cyber-attacks. The purpose of this thesis is to create a comprehensive cybersecurity verification and validation framework that conforms with a set of standards, maritime guidelines and regulations for automated vessels. The validation and verification framework can be used to assess a vessel’s current cybersecurity posture, to test effectiveness and existence of selected and tailored security controls, and to identify gaps and plan for improvements.
This thesis is based on a literature review, maritime regulations, cybersecurity standards and guidelines used in the validation and verification framework as well as qualitative research methods. The qualitative research consists of a case study analysis, using secondary data and purposive sampling.