Back to search

MAROFF-2-Maritim virksomhet og offsh-2

Cyber Security in Merchant Shipping - Service Evolution

Alternative title: Cybersikkerhet i Handelsflåten - Tjenesteutvikling

Awarded: NOK 5.1 mill.

The underlying idea of CySiMS SE has been to demonstrate and operationalize a Secure Communication solution for the maritime sector and integrating this with the onboard computer architecture. The solution will include a solution for authentication and cryptography (a Public Key Infrastructure - PKI) and necessary hardware and software for secure information exchange across systems on the bridge, off-bridge and on shore. This has resulted in a world's first open, integrated and cost-effective protection against cyber-attacks on critical safety and operational information, while contributing to preserving Norway's position as a leading seafarer nation leading the way in developing, adopting and selling technological innovations. During the early weeks of 2021, the project finalized the technical solutions needed to demonstrate the PKI-solution with the Norwegian Maritime Authority as the Certificate Authority. This enabled us to demonstrate three use cases from the maritime industry, each showing how the PKI-solution will work. By this we achieved 1) A Proof of Concept in terms of feasibility for the actors in the maritime industry, 2) Accurate estimates on time and costs related to an upscaling of the PKI-solution on an international level and 3) Identification of unidentified challenges related to the PKI-solution. We have completed three demonstrators: 1) PKI unit and PKI operation, demonstrating how the setup and operation of the PKI-solution will work in a real world setting, 2) Intended route, showing how an autonomous ship can communicate next waypoints both th VTS and conventional ships in the vicinity and 3) Automatick reporting, showing how the PKI-solution will work for ship reporting to Maritime Single Windows (SafeSeaNet Norway). The demonstrators were all completed in Q1 2021 and documentation of these, in addition to information- and promotional material is available at http://www.cysims.no

The CySiMS SE project has planned, executed and documented three live pilots: 1) PKI unit and PKI operation, demonstrating how the setup and operation of the PKI-solution works, 2) Intended route, showing how an autonomous ship can communicate next waypoints to VTS and conventional ships and 3) Automatic reporting, showing how the PKI-solution will work for ship reporting to Maritime Single Windows. Together these provide 1) A Proof of Concept in terms of feasibility for the actors in the maritime industry, 2) Accurate estimates on time and costs related to an upscaling of the PKI-solution on an international level and 3) Identification of unidentified challenges related to the PKI-solution. The documentation of the pilots, in addition to information- and promotional material, facilitates the continuous process related to gaining international acceptance of the CySiMS PKI-solution in collaboration with international regulatory and standards organisations such as IMO, IEC and ISO.

The underlying idea of CySiMS SE is to demonstrate and operationalize a Secure Communication solution for the maritime sector and integrating this with the onboard computer architecture. The solution will include a PKI scheme and necessary hardware and software for secure information exchange across systems on the bridge, off-bridge and on shore. This will provide a world's first open, integrated and cost-effective protection against cyber-attacks on critical safety and operational information, while contributing to preserving Norway's position as a leading seafarer nation leading the way in developing, adopting and selling technological innovations. The intention is to establish the test-PKI within the administration of one of the authorities, probably the Norwegian Maritime Administration. The PKI must include production facilities for private certificates on smart card and a database with the public certificates, including revocation lists and other necessary information. The assumption is that some form of gateway function must be installed between the bridge network and the administrative network. A smart card should probably both be used in the VDES radio unit and in at least one computer on the administrative network. Protocols for transfer of certificate caches between the two units must be developed The goal is to prove economical as well as security and safety benefits with the use of the PKI-system. This needs to be quantified and documented. Risk assessment can be based on statistical and global data, but it is not clear what methods to use to develop the existing risk tool from the existing project CySiMS into a more complete CBA-tool.

Publications from Cristin

Funding scheme:

MAROFF-2-Maritim virksomhet og offsh-2