Maritime Cyber Resilience

Forsking har vist at maritime navigasjonssystem kan bli manipulerte gjennom cyberåtak. Marcy-prosjektet har som mål å utvikla maritim cyberresiliens, dvs. metodar for å sikra at digitale maritime system og maritime operasjonar kan motstå, oppdaga, overleva og gjennopprette normaltilstand etter cyberåtak. Maritim cyberresiliens tyder at ein har resiliente/motstandsdyktige system (t.d. navigasjonssystem), men også resiliente/motstandsdyktige operatørar (t.d. navigatørar). Metodane for å sikra maritim cyberresiliens kan difor vere tekniske tiltak og sikkerheitsmekanismar, men også anbefalingar, prosedyrar, utdanning og trening for å forbetre motstandsdyktigheita til maritime operasjonar. Marcy er eit Kompetanseprosjekt for næringslivet og legg stor vekt på praktisk nytte og brukbarheit av forskinga og på kunnskapsoverføring. Ein sentral del av prosjektet er difor bygging av scenario og utvikling av demonstratorar i samarbeid maritim industri. I Marcy har akademia, representert ved NTNU og Forsvarets høgskole (FHS), og maritim industri, representert ved Kongsberg Defence & Aerospace, Norwegian Hull Club og DNV GL samarbeida. NTNU har vore prosjektleiar, medan FHS har hatt ansvar for resultatspreiing og kunnskapsoverføring. Me har tilsett to PhD stipendiatar som no (hausten 2023) avsluttar sitt arbeid i prosjektet. Følgande aktivitetar er utført i prosjektet; I alt 31 kunnskapsskaplege artiklar, konferanse artiklar, intervju, populær kunnskapsskaplege artiklar og seminar er registrert i Cristin. PhD avhandlingar: Erlend Erstad sende inn avhandlinga si til vurdering den 20 oktober 2023, titel "Operational training for enhanced maritime cyber resilience" Aybars Oruc planlegg å senda avhandlinga si til vurdering innan utgången av 2023. Førebels titel på avhandlinga er "Cyber Security of the Integrated Navigation System (INS)" Fleire presentasjonar, intervju og seminar til industri og akademiske miljø i Noreg og Tyrkia International aktivitet Ein PhD student var på 3 månaders forskingsbesøk ved Maritme Cyber Security research group, Plymouth Univeristy i England. Ein PhD student har omfattande fagleg utveksling med relevant akademia og industri i Tyrkia.

The actual and potential outcomes of this project are: A survey of the current state (2023) of the operational and technical state of cyber security in the maritime sector is performed. Including the commercial and governmental dimensions. The "A maritime cyber risk decision making tool” academic paper a blueprint for ship owners to develop one, ship specific procedures for handling maritime cyber-attacks and incidents. Involves both onboard and on shore organization, as well as IT specialist/external resources. Developed and conducted operational maritime cyber security training for non-cyber security educated maritime employees (target audience: onboard crew, onshore ship management and authorities). The course is today held as part of the master’s degree in Maritime Operations at NTNU in Ålesund. The curriculum of the course is based on well-known maritime cyber risk management guidelines and regulations, as well as research from the PhD project. Examples here is simulator exercises and cyber risk emergency procedure tool. Specific maritime cyber resilience simulator scenarios are developed. This work describes how Human-Centered Design can be used to develop maritime cyber resiliense training. A technical cyber risk assessment method specifically for ships has been developed. This extends to a risk management methodology specifically tailored for ships. Tools for anomaly detection of sensors onboard are developed. Requirements for developing a cyber-physical range for the Integrated Navigation System are produced. A framework to address the cybersecurity training needs of the maritime industry is developed. Research concerning ethical considerations in maritime cyber security is performed.

Digitization is revolutionizing maritime operations. An example is the introduction of the Integrated Bridge System (IBS), with syb-systems such as the Integrated Navigation Systems (INS). Within the INS the Electronic Chart Display and Information System (ECDIS) applications provides continous positioning with the use of the Global Navigation Satellite Systems (GNSS). This paradigm shift changes the main task for the navigator from finding and fixing the position of the vessel, to monitoring systems where the vessel’s position is obtained by navigation sensors and presented by navigation software. With this development, maritime cyber security is an emerging concern. Maritime cyber security can be seen as the combination of maritime security and cyber security. Three elements of maritime cyber security should be taken into consideration to understand and mitigate cyber-attacks: Information, people and technology. This project will adopt the idea of cyber resilience as a framework for maritime cyber security. Resilient systems can be characterized as systems that are able to anticipate and circumvent accidents, survive disruptions through appropriate learning and adaptation, and recover from disruptions by restoring the pre-disruption state as closely as possible. Cyber resilient system can thus be seen as systems that are able to predict and circumvent cyber attacks, survive cyber attacks through learning and adaption, and recover from cyber attacks. The goal of the project is to investigate and develop means for increasing the cyber resilience of maritime digitized systems and operations. The project will address both human and technological means. Methodologically, the project will employ demonstrators and simulation, utilizing operational installations of maritime systems, as well as the operational vessels, bridge simulators and cyber ranges.