Risk sensitivity analysis of AIS cyber security through maritime cyber regulatory frameworks

Omer Soner*, Gizem Kayisoglu, Pelin Bolat, Kimberly Tam

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)

Abstract

Given the increasing frequency and sophistication of methods and strategies employed in cyberattacks, cyber resilience has become a basic notion of cyber risk management. To be cyber-resilient against cyber risks, shipping companies must be proactive in establishing and implementing actions, constructing effective strategies, and adopting mitigation methods to strengthen their assets. However, shipping companies have only lately tended to fully recognize the necessity for a cybersecurity perspective to enable effective cyber risk management and mitigation of increasing cyberattacks. Aside from deficiencies in system design, integration, or maintenance, human factors are the prime weakness that potentially jeopardizes the ship's cybersecurity by simply making intentional or unintentional errors, revealing critical information, or generating entry points for attackers. Therefore, the current study aims to conduct a quantitative human risk assessment based on the SOHRA method, which is integrated with the NIST cybersecurity framework, to provide ships with the ability to be cyber resilient, and respond to and recover from cyber-attacks. The AIS has been considered for the research application not only because it is one of the most vulnerable systems on board a ship, but also because modifying and breaching the AIS data might have disastrous outcomes. The study results clearly indicate that the most likely error related to AIS cybersecurity risk occurs in the tasks defined under the "protect", "respond", "detect", "identify", and "recover" functions. Accordingly, suitable control and preventative measures have been developed to guarantee high-level cyber security for AIS and to provide cyber resilience and the structure for constructive decision-making by integrating various international standards, which include system security requirements and security levels for industrial communication networks, specifically with the IACS and NIST framework for the AIS cyber security.

Original languageEnglish
Article number103855
JournalApplied Ocean Research
Volume142
DOIs
Publication statusPublished - Jan 2024

Bibliographical note

Publisher Copyright:
© 2023 Elsevier Ltd

Keywords

  • AIS
  • Cyber resilience
  • Cyber risk management
  • HRA
  • Ship cyber security

Fingerprint

Dive into the research topics of 'Risk sensitivity analysis of AIS cyber security through maritime cyber regulatory frameworks'. Together they form a unique fingerprint.

Cite this