Hostname: page-component-cd9895bd7-7cvxr Total loading time: 0 Render date: 2024-12-26T03:48:29.523Z Has data issue: false hasContentIssue false

Enhancing Navigator Competence by Demonstrating Maritime Cyber Security

Published online by Cambridge University Press:  30 April 2018

Odd Sveinung Hareide*
Affiliation:
(Norwegian Defence University College, Royal Norwegian Naval Academy, Navigation Competence Center, Bergen, Norway) (Norwegian University of Science and Technology, Joint Research Program in Nautical Operations, Norway)
Øyvind Jøsok
Affiliation:
(Norwegian Defence University College, Cyber Academy, Lillehammer, Norway) (Child and Youth Participation and Competence Development Research Program, Inland Norway University of Applied Sciences, Lillehammer, Norway)
Mass Soldal Lund
Affiliation:
(Norwegian Defence University College, Cyber Academy, Lillehammer, Norway)
Runar Ostnes
Affiliation:
(Norwegian University of Science and Technology, Department of Ocean Operations and Civil Engineering, Aalesund, Norway)
Kirsi Helkala
Affiliation:
(Norwegian Defence University College, Cyber Academy, Lillehammer, Norway)

Abstract

As technology continues to develop, information and communication technology and operational technology on board ships are increasingly being networked, and more frequently connected to the Internet. The introduction of cyber systems changes the work environment with the aim of decreasing the workload for the navigator, but at the same time introduces more complexity and vulnerabilities that in turn may alter the competencies needed to perform safe and efficient navigation. Contemporary examples of how cyber-attacks can distort situational awareness and interfere with operations are needed to enhance the navigator's competence through increased system awareness. This paper demonstrates some of the possible attack vectors that a cyber-attack can present to a ship, as well as discussing the plausibility and consequences of such attacks. In this study we provide a practical example to better understand how one can demystify cyber threats in order to enhance the navigators' competence.

Type
Research Article
Copyright
Copyright © The Royal Institute of Navigation 2018 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

REFERENCES

Adams, M.J., Tenney, Y.J. and Pew, R.W. (1995). Situation Awareness and the Cognitive Management of Complex Systems. Human Factors, 37, 85104.Google Scholar
Alcaraz, C. and Lopez, J. (2013). Wide-area situational awareness for critical infrastructure protection. Computer, 46, 3037.Google Scholar
Baraniuk, C. (2017). How hackers are targeting the shipping industry. Available: http://www.bbc.com/news/technology-40685821 [Accessed 22.08.2017].Google Scholar
Bhatti, J. and Humphreys, T.E. (2014). Covert control of surface vessels via counterfeit civil GPS signals. University of Texas, unpublished.Google Scholar
BIMCO, CLIA, ICS, Intercargo, Intertanko, OCIMF and IUMI. (2017). Guidelines on Cyber Security onboard Ships. In: BIMCO (ed.) Version 2.0 ed. Bagsvaerd.Google Scholar
Bueger, C. (2015). What is maritime security? Marine Policy, 53, 159164.Google Scholar
Demchak, C., Patton, K. and Tangredi, S.J. (2017). Why Are Our Ships Crashing? Competence, Overload, and Cyber Considerations. Available: http://cimsec.org/ships-crashing-competence-overload-cyber-considerations/33865 [Accessed 12.09.2017].Google Scholar
Deutscher, S., Bohmayr, W. and Asen, A. (2017). Building a Cyber resilient Organization. Available: https://www.bcgperspectives.com/content/articles/technology-digital-building-a-cyberresilient-organization/.Google Scholar
Dyryavyy, Y. (2014). Preparing for Cyber Battleships - Electronic Chart Display and Information System Security. NCC Group.Google Scholar
Endsley, M.R. (1995). Toward a theory of situation awareness in dynamic systems. Human factors, 37, 3264.Google Scholar
Endsley, M.R. and Garland, D.J. (2000). Situation awareness analysis and measurement. CRC Press.Google Scholar
Fitton, O., Prince, D., Germond, B. and Lacy, M. (2015). The future of maritime cyber security. Lancaster University.Google Scholar
Floridi, L. (2017). Digital's Cleaving Power and Its Consequences. Philosophy & Technology, Vol 30, 17.Google Scholar
Franke, U. and Brynielsson, J. (2014). Cyber situational awareness–a systematic review of the literature. Computers & Security, 46, 1831.Google Scholar
Gard. (2016). Cyber Security – managing the threat. Available: http://www.gard.no/Content/21112216/CyberSecurity [Accessed September 2016].Google Scholar
Glomsvoll, O. and Bonenberg, L.K. (2017). GNSS jamming resilience for close to shore navigation in the Northern Sea. The Journal of Navigation, 70, 3348.Google Scholar
Goward, D. (2017). Mass GPS Spoofing Attack in Black Sea? Available: http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea [Accessed 10.08.17].Google Scholar
Hagen, J.E. (2017). Implementing e-Navigation, Norwood, Artech House.Google Scholar
Hareide, O.S. (2013). Control of ECDIS (electronic charts and display information system) on high speed crafts in littoral waters. MSc, University of Nottingham.Google Scholar
Hareide, O.S. and Ostnes, R. (2017b). Maritime usability study by analysing Eye Tracking data. Journal of Navigation, 70(5), 927943.Google Scholar
Hareide, O.S. and Ostnes, R. (2017a). Scan Pattern for the Maritime Navigator. TransNav 2017, 10.Google Scholar
Hareide, O.S., Ostnes, R. and Mjelde, F.V. (2016). Understanding the Eye of the Navigator. In: NAVIGATION, N. I. O., ed. European Navigation Conference, 2016 Helsinki. Confedent International.Google Scholar
Humphreys, T.E., Ledvina, B.M., Psiaki, M.L., O'Hanlon, B.W. and Kintner, P.M. Jr (2008). Assessing the spoofing threat: Development of a portable GPS civilian spoofer. Proceedings of the ION GNSS international technical meeting of the satellite division, 56.Google Scholar
Hutchins, E.M., Cloppert, M.J. and Amin, R.M. (2011). Intelligence-driven computer network defence informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare & Security Research, 1, 80.Google Scholar
IMO. (2007). Resolution MSC.252(83): Adoption of the Revised Performance Standard for Integrated Navigation Systems. London. Available: http://www.imo.org/en/KnowledgeCentre/IndexofIMOResolutions/Maritime-Safety-Committee-(MSC)/Documents/MSC.252(83).pdfGoogle Scholar
IMO. (2015). Draft e-Navigation Strategy Implementation Plan (SIP). In: 1/28, N. (ed.). Available: http://www.imo.org/en/ourwork/safety/navigation/documents/enavigation/sip.pdfGoogle Scholar
Kim, J. and Park, Y.-Y. (2016). An Integrated Approach to Korea's e-Navigation Communication Infrastructure. International Information Institute (Tokyo). Information, 19, 643.Google Scholar
Lund, M.S., Hareide, O.S., Jøsok, Ø. & Skare, K.E. (2018). An attack on an integrated navigation system. USENIX Security Symposium, submitted, 2018.Google Scholar
Maersk. (2017). Press release Interim Report Q2 2017. Copenhagen. Available: http://investor.maersk.com/releasedetail.cfm?releaseid=1037421.Google Scholar
Marine Accident Investigation Branch (MAIB). (2014). Report on the investigation of the grounding of Ovit in the Dover Strait. Southampton. Available: https://assets.publishing.service.gov.uk/media/547c6f2640f0b60244000007/OvitReport.pdfGoogle Scholar
MoD, Finland. (2013). Finland's Cyber security Strategy. In: COMMITTEE, S. O. T. S. (ed.). Helsinki: MoD.Google Scholar
NATO. (2011). Alliance Maritime Strategy. Available: http://www.nato.int/cps/en/natohq/official_texts_75615.htmGoogle Scholar
Norris, A. 2010. Integrated Bridge Systems vol 2 ECDIS and Positioning, London, Nautical Institute.Google Scholar
Port of Bergen (POB). (2015). Annual Report. Available: https://bergenhavn.no/om-bergen-havn/arsrapporter/.Google Scholar
Sarter, N.B. and Woods, D.D. (1995). How in the World Did We Ever Get into That Mode? Mode Error and Awareness in Supervisory Control. Human Factors, 37, 519.Google Scholar
US-Cert. (2013). Risks of Default Passwords on the Internet. In: SECURITY, D. O. H. (ed.). Available: https://www.us-cert.gov/ncas/alerts/TA13-175A.Google Scholar
Von Solms, R. and Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97102.Google Scholar
Whitman, M.E. and Mattord, H.J. (2011). Principles of information security, Cengage Learning.Google Scholar
Wickens, C.D. (2002). Situation awareness and workload in aviation. Current Directions in Psychological Science, 11, 128133.Google Scholar