Back to search

MAROFF-2-Maritim virksomhet og offsh-2

Maritime Cyber Resilience

Alternative title: Robust Maritim Cyber Sikkerhet

Awarded: NOK 6.4 mill.

Cyber security is emerging as a real concern in the maritime sector. Modern maritime operations depend on digital systems such as electronic charts used for navigation. Traditionally, the security of on-board systems was based on the systems being isolated from the rest of the world. However, with the emergence of Internet connections available over satellite and 4G/5G along the shores, they are increasingly being connected. They are therefore exposed to the same cyber threats as other digital systems, but often without the necessary safeguards and security culture in place. The dependence on these systems means that also maritime operations are vulnerable. Earlier research has demonstrated that maritime navigation systems can be manipulated though cyber-attacks. The Marcy project aims at developing maritime cyber resilience, i.e., developing means to ensure that digital maritime systems and maritime operations can resist, detect, survive and recover from cyber-attacks. Maritime cyber resilience entails resilient systems (e.g., navigation systems), but also resilient operators (e.g., navigators). The means for ensuring maritime cyber resilience can therefore be technical countermeasures, but also recommendations, procedures, education and training to improve the resilience of maritime operations. Marcy in a Knowledge-building project for industry and therefore puts much emphasis on practical applicability of the research and on knowledge-transfer. An important part of the projects is therefore the definition of scenarios and development of demonstrators in collaboration with maritime industry. Marcy brought together academia, represented by NTNU and the Norwegian Defense University College (NDUC), and maritime industry, represented by Kongsberg Defense & Aerospace, Norwegian Hull Club and DNV GL. NTNU has managed the project, while NDUC leads the dissemination and knowledge-transfer efforts. Two very capable PhD students have been employed in the project, they have both progressed according to our expectations and are in the process of terminating their work in the project (fall 2023) according to our expectations. The following activities are performed in the project. 31 scientific articles, conference articles, interviews, popular science articles and seminars are registered in Cristin. PhD thesis: Erlend Erstad submitted his thesis the 20th of October 2023, the title of the thesis is "Operational training for enhanced maritime cyber resilience." Aybars Oruc is planning to submit his thesis by the end of 2023. The working title of his thesis is "Cyber Security of the Integrated Navigation System (INS)" Several presentations, interviews and seminars to industry and academia in Norway and Turkey. International activity One PhD student undertook a three-month research stay in England at Plymouth University's maritime cyber security research group. One PhD student had extensive academic exchange with relevant academia and industry in Turkey.

The actual and potential outcomes of this project are: A survey of the current state (2023) of the operational and technical state of cyber security in the maritime sector is performed. Including the commercial and governmental dimensions. The "A maritime cyber risk decision making tool” academic paper a blueprint for ship owners to develop one, ship specific procedures for handling maritime cyber-attacks and incidents. Involves both onboard and on shore organization, as well as IT specialist/external resources. Developed and conducted operational maritime cyber security training for non-cyber security educated maritime employees (target audience: onboard crew, onshore ship management and authorities). The course is today held as part of the master’s degree in Maritime Operations at NTNU in Ålesund. The curriculum of the course is based on well-known maritime cyber risk management guidelines and regulations, as well as research from the PhD project. Examples here is simulator exercises and cyber risk emergency procedure tool. Specific maritime cyber resilience simulator scenarios are developed. This work describes how Human-Centered Design can be used to develop maritime cyber resiliense training. A technical cyber risk assessment method specifically for ships has been developed. This extends to a risk management methodology specifically tailored for ships. Tools for anomaly detection of sensors onboard are developed. Requirements for developing a cyber-physical range for the Integrated Navigation System are produced. A framework to address the cybersecurity training needs of the maritime industry is developed. Research concerning ethical considerations in maritime cyber security is performed.

Digitization is revolutionizing maritime operations. An example is the introduction of the Integrated Bridge System (IBS), with syb-systems such as the Integrated Navigation Systems (INS). Within the INS the Electronic Chart Display and Information System (ECDIS) applications provides continous positioning with the use of the Global Navigation Satellite Systems (GNSS). This paradigm shift changes the main task for the navigator from finding and fixing the position of the vessel, to monitoring systems where the vessel’s position is obtained by navigation sensors and presented by navigation software. With this development, maritime cyber security is an emerging concern. Maritime cyber security can be seen as the combination of maritime security and cyber security. Three elements of maritime cyber security should be taken into consideration to understand and mitigate cyber-attacks: Information, people and technology. This project will adopt the idea of cyber resilience as a framework for maritime cyber security. Resilient systems can be characterized as systems that are able to anticipate and circumvent accidents, survive disruptions through appropriate learning and adaptation, and recover from disruptions by restoring the pre-disruption state as closely as possible. Cyber resilient system can thus be seen as systems that are able to predict and circumvent cyber attacks, survive cyber attacks through learning and adaption, and recover from cyber attacks. The goal of the project is to investigate and develop means for increasing the cyber resilience of maritime digitized systems and operations. The project will address both human and technological means. Methodologically, the project will employ demonstrators and simulation, utilizing operational installations of maritime systems, as well as the operational vessels, bridge simulators and cyber ranges.

Publications from Cristin

No publications found

Funding scheme:

MAROFF-2-Maritim virksomhet og offsh-2