Cyber Security in Merchant Shipping

The underlying idea of "Cyber Security in Merchant Shipping" (CySiMS) is to develop new maritime security solutions that provide integrated and cost-effective protection against cyber-attacks on critical safety and operational information, while contributing to and making use of emerging specifications and standards. The European maritime sector and infrastructure is critical to EU's economy. While maritime activities are more and more relying on Information and Communication Technology (ICT), the awareness on cyber security requirements and challenges in the maritime sector is currently low to non-existent. History shows that maritime terrorist attacks are real threats, e.g. Achille Lauro in 1985, Limburg in 2002 and Superferry 14 in 2004. All these were physical attacks on ship and passengers, but it is only a matter of time before cyber-attacks are also parts of the terrorists' weapons. Doing a risk analysis and implementing suitable preventive and corrective measures is a complex undertaking and will, unless supported with technology, know-how, standards and guidelines, be very costly for a single organisation. Furthermore, if the measures are not in line with future international standards, much of this cost can be wasted. CySiMS has so far developed a solution and is working actively to promote this to both national and international bodies.

The CySiMS project has contributed to increased awareness Cyber Security i the maritime society. The work has been acknowledged by international standardization bodies and the industri.

The European maritime sector and infrastructure is critical to EU's economy. While maritime activities are more and more relying on ICT, the awareness on cyber security requirements and challenges in the maritime sector is currently low to non-existent. The underlying idea of CySiMS is to develop new maritime security solutions that provide integrated and cost-effective protection against cyber-attacks on critical safety and operational information, while contributing to and making use of emerging specifications and standards. Results will be provided within: 1. New VHF Digital Radio System 2. New signature and encryption systems for digital data 3. A public key infrastructure for the maritime domain 4. Tools and methods for risk assessment and corrective measures Cyber security on land is using a host of well-known technology to avoid that data or systems are compromised by hostile attackers or ignorant users. This includes physical protection, encryption, electronic signatures, virus protection and many other tools. Many of these tools are also applicable to ships, but shipping faces special problems that limit the applicability of this technology. This means that the project must provide an innovative approach to maritime cyber-security that are based on state of the art in security technology, but which combines known mechanisms in a way that creates a holistic and cost-effective system for use in the maritime domain. Maritime cyber-security appears in diverse domains which are handled by different international organisations that do not always coordinate their work. The basis for the innovation in this project is to look at these problem areas holistically, contribute to new specifications that can be applied in all areas and then develop new products based on these specifications to create new and larger markets for the partners' products.