Human role in maritime cyber security onboard the vessel
Maunula, Konsta (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202204286304
https://urn.fi/URN:NBN:fi:amk-202204286304
Tiivistelmä
The purpose of this thesis is to do qualitative research on the maritime cyber security sector threats and find out how the cyber breaches are performed and how they impact vessel operations. I also research ways how to prevent attacks from occurring. To limit the topic, I took the perspective of the ship officer in this thesis. I focus on finding out how the ship crew can prevent possible cyber attacks and what are the best practices in daily ship operations.
The hypothesis for thesis is that in general, cyber security exploits need a human error to be possible. Nowadays, the risk of cyber security breaches are increasing due to technologicalization in vessels operations.
There are publications and research done about cyber security in shipping but, I felt that there is a need for compact summary and practical approach to the situation in maritime cyber sector. Therefore, my approach is firstly, to study all latest information about the topic and from the latest and relevant breaches. Secondly, I then explain common cyber security risks in the vessels working environment. Thirdly, I examine the common attacks with examples, how such attacks are performed and whether they can they be prevented by the crew. Furthermore, I go through the regulations and insurances covering maritime cyber security. Finally, in the last chapter I present my conclusions and findings and provide basis for future research.
The results are alarming due to high number of available exploits with limited equipment needed. Many attacks can be prevented by good cyber hygiene by crew but there were available exploits that could interfere with safe navigation of vessel. Officers’ education and experience are tested in case if attack reach operational technology systems specially during sea voyage. My research shows that the level of education of crew on cyber crime threats is surprisingly low. There is not enough obligatory training. This Merits attention and should be better addressed. Investments in education of crew about cyber attacks should be high priority for every shipping company, because it has been shown to have significant impact of reducing the amount of successful cyber exploits.
The hypothesis for thesis is that in general, cyber security exploits need a human error to be possible. Nowadays, the risk of cyber security breaches are increasing due to technologicalization in vessels operations.
There are publications and research done about cyber security in shipping but, I felt that there is a need for compact summary and practical approach to the situation in maritime cyber sector. Therefore, my approach is firstly, to study all latest information about the topic and from the latest and relevant breaches. Secondly, I then explain common cyber security risks in the vessels working environment. Thirdly, I examine the common attacks with examples, how such attacks are performed and whether they can they be prevented by the crew. Furthermore, I go through the regulations and insurances covering maritime cyber security. Finally, in the last chapter I present my conclusions and findings and provide basis for future research.
The results are alarming due to high number of available exploits with limited equipment needed. Many attacks can be prevented by good cyber hygiene by crew but there were available exploits that could interfere with safe navigation of vessel. Officers’ education and experience are tested in case if attack reach operational technology systems specially during sea voyage. My research shows that the level of education of crew on cyber crime threats is surprisingly low. There is not enough obligatory training. This Merits attention and should be better addressed. Investments in education of crew about cyber attacks should be high priority for every shipping company, because it has been shown to have significant impact of reducing the amount of successful cyber exploits.