Citation:
Steve Symes,Eddie Blanco-Davis,Tony Graham,et al.Cyberattacks on the Maritime Sector: A Literature Review[J].Journal of Marine Science and Application,2024,(4):689-706.[doi:10.1007/s11804-024-00443-0]
Click and Copy
Cyberattacks on the Maritime Sector: A Literature Review
Steve Symes,Eddie Blanco-Davis,Tony Graham,et al.Cyberattacks on the Maritime Sector: A Literature Review[J].Journal of Marine Science and Application,2024,(4):689-706.[doi:10.1007/s11804-024-00443-0]
Info
- Title:
- Cyberattacks on the Maritime Sector: A Literature Review
- Author(s):
- Steve Symes; Eddie Blanco-Davis; Tony Graham; Jin Wang; Edward Shaw
- Affilations:
- DOI:
- 10.1007/s11804-024-00443-0
- Abstract:
- This study is an investigation into cyberattacks on autonomous vessels, focusing on previous “real-world” cyberattacks and their consequences. The future of commercial and noncommercial shipping is moving toward autonomous vessels. Autonomous ships can provide significant financial and logistical benefits for shipping companies and their stakeholders. However, these vessels suffer from shortcomings concerning cybersecurity. Previous cyberattacks are investigated to understand how the command system of an autonomous ship is infiltrated, the consequences of an attack, and the shortfalls of the security of the vessel. This aim is achieved via a literature review concerning cyberattacks on autonomous vessels with a focus on sources indicating how the security systems of previous vessels were breached, the consequence of said cyberattacks, and their capability for recovery. Sources used include Web of Science, Scopus, Google Scholar, Mendeley, Zotero, SciFinder, broadsheet, and newspaper articles. The results of the literature review showed that autonomous vessels are significantly vulnerable to cyberattacks. Autonomous vessels were determined to have relatively easy-to-breach security systems. In most cases, the consequences of a cyberattack had a negative financial impact, a loss of cargo, and a potential breach of oceanic airspace, resulting in military action. The vessels analyzed were left “dead in the water” until they were recovered, and after a severe attack, the affected shipping company servers suffered potential weeklong incapacitation. This study also aims to fill the gaps in the transport industry and maritime market concerning the security of autonomous vessels and viable recovery procedures.
References:
Agari (2020) Damages from business email compromise (BEC) top the 2019 FBI IC3 list. Retrieved from https://www.agari.com/blog/business-email-compromise-2019-ic3#:~:text=Business%20Email%20Compromise%20(BEC)%20was,on%20cybercrime%20impact%20in%202019 [Accessed on Sep. 19, 2023]
Ahmed A, Gkioulos V (2022) Utilizing AIS for command and control in maritime cyber attacks. Computer security-ESORICS, 535-553. https://doi.org/10.1007/978-3-031-17143-7_26
Ahvenjarvi S, Czarnowski I, Szyman P (2019) Safe information exchange on board of the ship. Trans-nav International Journal on Maritime Navigation and Safety of Sea Transportation 13(1): 165-171. DOI: 10.12716/1001.13.01.17
Alop A (2019) The main challeges and barriers to the successful ‘smart shipping’. Transnav-International Journal on Marine Navigation and Safety of Sea Transportation 13(3): 521-528. DOI: 10.12716/1001.13.03.05
Amro A, Gkioulos V (2023a) Evaluation of a cyber risk assessment approach for cyber physical systems: maritime and energy use cases. Journal of Marine Science and Engineering 11(4). https://doi.org/10.3390/jmse11040744
Amro A, Gkioulos V (2023b) Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth. Int Journal of Information Security 22(1): 249-288. https://doi.org/10.1007/s10207-022-00638-y
Amro A, Gkioulos V, Katsikas S (2020) Connect and protect: Requirements for maritime autonomous surface ship in urban passenger transportation. Computer Security, ESORICS 11980: 69-85. https://doi.org/10.1007/978-3-030-42048-2_5
Amro A, Gkioulos V, Katsikas S (2023) Assessing cyber risk in cyber physical systems using the ATT&CK framework. ACM Transactions on Privacy and Security 2: 26. https://doi.org/10.1145/3571733
Amro A, Oruc A, Katsikas S (2022) Navigation data anomaly analysis and detection. Information 13(3): 104. https://doi.org/3390/info13030104
Anatoliy P, Kristina V, Aleksandr V (2018) Technologies of safety in the Bank Sphere from cyber attacks. ELConRUS. Moscow, 14-19. DOI: 10.1109/EIConRus.2018.8317040
Bakdi A, Glad IV (2021) Testbed scenario design exploiting traffic big data for autonomous ship trails under multiple conflicts with collision/grounding risks and spatio-temporal dependencies. IEEE Transactions on Intelligent Transportation Systems 22(12): 7914-7930. DOI: 10.1109/TITS.2021.3095547
Bakdi A, Vanem E (2022) Fullest COLREGs evaluation using fuzzy logic for collabarative decision making analysis of autnomous ships in complex situatuions. IEEE Transactions on Intelligent 23 (10): 18433-18445. DOI: 10.1109/TITS.2022.3151826
Baker J (2020) MSC confirms website shutdown caused by cyber attack. Retrieved from LLoyds List: https://lloydslist.com/LL1131957/MSC-confirms-website-shutdown-caused-by-cyberattack#:~:text=The%20website%20and%20headquarters%20network,due%20to%20a%20malware%20attack [Accessed on Apr. 16, 2020]
Bolbot V, Theotokatos G, Van Collie A (2023) A novel risk assessment process: Application to an autonomous inland waterways ship. IMEJRR Glasgow. DOI: 10.1177/1748006X211051829
Bolbot V, Theotokatos G, Vassalos D (2020) A novel cyber-risk assessment method for ship systems. Safety Science, 224871472. https://doi.org/10.1016/j.ssci.2020.104908
Boudehenn C, Cexus J, Boudraa A (2023) Holistic approach of integrated navigation equipment for cybersecurity at sea. ICCSASMCS, 75-86. https://doi.org/10.1007/978-981-19-6414-5_5
Chang C, Kontovas C, Yang Z (2021) Risk assessment of the operations of maritime autonomous surface ships. RESS 207: 107324. https://doi.org/10.1016/j.ress.2020.107324
Chiu S, Provan G, Vasco D (2001) Shipboard system diagnostics & reconfiguration using model-based autonomous cooperative agents. Control Applications in Maritime Systems 34(7): 323-329. https://doi.org/10.1016/S1474-6670(17)35103-0
Corfield G (2023) The Telegraph-Royal Navy contractor forced to pay off cyber criminals. Retrieved from https://www.telegraph.co.uk/business/2023/07/07/royal-navy-contractor-forced-to-pay-offcyber-criminals/ [Accessed on Nov. 7, 2023]
Dittman K, Hansen P, Blanke M (2021) Autonomy for ships: A sovereign agents architecture for reliability and safety by design. SYSTOL, Saint-Raphael, France, 50-57
EclecticIQ Thr’eat Research Team (2023) Multi-year spearphishing campaign targets he maritime industry likely for financial gain. Retrieved from https://securityboulevard.com/2023/03/multi-yearspearphishing-campaign-targets-the-maritime-industry-likely-forfinancial-gain/ [Accessed on Oct. 1, 2023]
Ehlers T, Portier M, Thoma D (2022) Automation of maritime shipping for more safety and environmental protection. AT Automatisierungstechnik 70(5): 406-410. https://doi.org/10.1515/auto-2022-0003
Epikhin A, Modina M (2021) Problems of introducing unmanned vessels on the basis of statistical studies of emergencies and ship losses. Marine Interllectual technologies 3: 77-82. DOI: 10.37220/MIT.2021.53.3.010
Fang Y, Pu J, Liu S (2022) A control strategy of normal motion and self-rescue for autonomous underwater vehicle based on deep reinforcement learning. AIP Advances 1: 12. https://doi.org/10.1063/5.0076857
Gkioulos V, Ahmed A (2021) AIS for ship survivability in maritime cyber attacks. Computer Security-ESORICS, 91-119. https://doi.org/10.3390/info13010022
Goud N (2018) Cyber attack on COSCO. Retrieved from https://www.cybersecurity-insiders.com/cyber-attack-on-cosco/ [Accessed on Nov. 3, 2023]
Greenberg A (2017) The untold story of NotPetya, the most devastating cyberattack in history. Retrieved from https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashedthe-world/ [Accessed on Oct. 22, 2023]
Greiman V (2019) Navigating the cyber sea: dangerous atolls ahead. 14th ICCWS, Reading, UK, 87-93
Hopcraft R, Harish A, Jones K (2023) Raising the standard of maritime voyage data recorder security. Journal of Marine Science and Engineering 11(2): 267. https://doi.org/10.3390/jmse11020267
Issa M, Ilinca A, Rizk P (2022) Maritime autonomous surface ships: Problems and challenges facing the regulatory process. Sustainability 14(23): 15630. https://doi.org/10.3390/su142315630
Jung B, Moon S, Shin Y (2022a) Development of autonomous recovery system for pipeline of naval ships by using a multistage control algorithm. Transactions on Mechatronics 27(2): 1150-1161. DOI: 10.1109/TMECH.2021.3082631
Jung J, Lee Y, Yeu T (2022b) Multi-Modal sonar mapping of offshore cable lines with an autonomous surface vehicle. Journal of Marine Science and Engineering 10(3). https://doi.org/10.3390/jmse10030361
Kardakova M, Shipunov I, Knysh T (2020) Cyber security on sea transport. RESS 982: 481-490. DOI: 10.1007/978-3-030-19756-8_46
Kavallieratos G, Diamantopoulou V, Katsikas S (2020a) Shipping 0; Security requirements for the cyber-enabled ship. IEEE Transactions on Industrial Informatics 16(10): 6617-6625. DOI: 10.1109/TII.2020.2976840
Kavallieratos G, Katsikas S, Gkioulos V (2019) Cyber-attacks against the autonomous ship. Computer Security 11387: 276-230. https://doi.org/10.1007/978-3-030-12786-2_2
Kavallieratos G, Katsikas S, Gkioulos V (2020b) Modelling shipping 0; A reference architecture for the cyber-enabled ship. ACIIDS Phuket, 202-217. DOI: 10.1109/TII.2020.2976840
Kavallieratos G, Spathoulas G, Katsikas S (2021) Cyber risk propagation and optimal selection of cybersecurity for complex cyberphysical systems. SENSORS 21(5): 1691. https://doi.org/3390/s21051691
Kayisoglu G, Bolat P, Tam K (2024) A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR. The Journal of Marine Engineering and Technology 23(2): 67-81. DOI: 10.1080/20464177.2023.2292782
Li J, Yu X (2020) Robust saturated tracking control of an autonomous surface vehicle. CCDC, Hefei, China, 3472-3477
Liberati A, Altman DG, Tetzlaff J, Mulrow C, G?tzsche PC, Ioannidis JPA, Clarke M, Devereaux PJ, Kleijnen J, Moher D (2009) The PRISMA statement for reporting systematic reviews and meta analyses of studies that evaluate health care interventions: explain and elaboration. The Journal of Clinical Epidemiology 62(10): 1-34. https://doi.org/10.1136/bmj.b2700
Liou J (2011) AUV hydrodynamics for survivability and controllability. MTS/IEEE OCEANS Conference, Paris, France, 1-9. DOI: 23919/OCEANS.2011.6107155
Livelli K, Smith R, Gross J (2020) Operation Shaheen. Cylance, Irvine, California, USA, 1-32
Loukas GK (2019) A taxonomy and survey of cyber physical intrusion detection approaches for vehicles. AD HOC Networks 84: 124-147. https://doi.org/10.1016/j.adhoc.2018.10.00
Manuel R (2023) The Defense Post. Retrieved from https://www.thedefensepost.com/2023/07/18/uk-drone-swarm-operation-seebyte/ [Accessed on Jul. 18, 2023]
Martelli M, Cassara P, Tonellotto N (2020) The internet of ships. ERCIM NEWS, 17-18. Available from https://hdl.handle.net/11568/1114393 [Accessed on Oct. 20, 2020]
Martelli M, Russo E, Merlo A, Zaccone R (2024) Adversarial waypoint injection attacks on Maritime Autonomous Surface Ships (MASS) collision avoidance systems. The Journal of Marine Engineering and Technology, 1-12. DOI: 10.1080/20464177.2023.2298521
Martelli M, Virdis A, Di Summa, M. (2021) An outlook on the future marine traffic management system for autonomous ships. IEEE Access 9: 157316-157328. DOI: 10.1109/ACCESS.2021.3130741
Mascellino A (2023) Fata morgana watering hole attack targets shipping, logistics firms. Retrieved from https://www.infosecuritymaga-zine.com/news/fata-morgana-watering-hole-attacks/ [Accessed on May 23, 2023]
McGillivary P (2018) Why maritime cybersecurity is an ocean policy priority and how it can be addressed. Marine Technology Society Journal 52(5): 44-57. DOI: 10.4031/MTSJ.52.5.11
Meland P, Bernsmed K, Nesheim D (2021) A retrospective analysis of maritime cyber security incidents. Trans-nav-international Journal on Maritime Navigation and Safety of Sea Transportation 15(3): 519-530. DOI: 10.12716/1001.15.03.04
Mission Secure (2023) Mission secure-maritime security. Retrieved from https://www.missionsecure.com/maritime-security-perspectivesfor-a-comprehensive-approach [Accessed on Nov. 25, 2023]
Nakhodchi S, Zolfaghari B, Yazdinejad A, Dehghantanha A (2021) SteelEye: An application-layer attack detection and attribution model in industrial control systems using Semi-deep learning. 2021 18th International Conference on Privacy, Security and Trust, 1-8. DOI: 10.1109/PST52912.2021.9647777
National Cyber Security Centre (2023) APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on cisco routers. Retrieved from https://www.ncsc.gov.uk/files/Advisory_APT28-exploits-known-vulnerability.pdf [Accessed on Apr. 13, 2023]
Nicaise V (2021) Cybermaretique: a short history of cyberattacks against ports. Stormshield. Retrieved from https://www.stormshield.com/news/overview-of-cyberattacks-on-connected-cities/ [Accessed on Jul. 2023]
Onishchenko O, Shumilova K, Volianskyi Y (2022) Ensuring cyber resilience of ship information systems. Transnav-international Journal on Marine Navigation and Safety of Sea Transportation 16(1): 43-50. DOI: 10.12716/1001.16.01.04
Park C, Kontovas C (2023) A BN driven FMEA approach to assess maritime cybersecurity risks. Ocean & Coastal Management 235: 106480. https://doi.org/10.1016/j.ocecoaman.2023.106480
Pitropakis N, Logothetis M, Lambrinoudakis C (2020) Towards the creation of a threat intelligence framework for maritime infrastructures. Computer Security Esorics, 53-68. https://doi.org/1007/978-3-030-42048-2_4
Polemi N, Van-Maele C (2023) Cybersecurity in maritime infrastructure. Retrieved from https://rusieurope.eu/wp-content/uploads/2023/06/cybersecurity-in-maritime-critical-infrastructurecrimson-report.pdf [Accessed on Apr. 20, 2023]
Port Technology Team (2022) Major European ports hit by cyber attack. Available from http://www.Porttechnology.com [Accessed on Jul. 3, 2023]
Qiao S, Zheng K, Wang G (2020) A path planning method for autonomous ships based on SVM. Ocean Engineering, 3068-3072. DOI: 10.1109/CCDC49329.2020.9164806
Qiu Y, Li Y, Lang J (2021) An optimal tracking control method for unmanned ship approach. CCDC (33rd): 546-551. DOI: 10.1109/CCDC52312.2021.9602845
Rabieinejad E, Yazdinejad A, Dehghantanha A, Srivastava G (2024) Two-level privacy-preserving framework: federated learning for attack detection in the consumer internet of things. IEEE Transactions on Consumer Electronics, 1. DOI: 10.1109/TCE.2024.3349490
Rabieinejad E, Yazdinejad A, Dehghantanha A, Parizi RM, Srivastava G (2021) Secure AI and blockchain-enabled framework in smart vehicular networks. IEEE Globecom Workshops GC wkshps. Madrid, Spain, 1-6. DOI: 10.1109/GCWkshps52748.2021.9682140
Sahay R, Estay DAS, Meng WZ, Jensen CD, Barfod MB (2023) A comparative risk analysis on CyberShip system with STPA-Sec, STRIDE and CORAS. Computers and Security 128: 117-129: https://doi.org/10.1016/j.cose.2023.103179
Sakhnini J, Karimipour H, Dehghantanha A, Yazdinejad A, Gadekallu T, Victor N (2023) A generalizable deep neural network method for detecting attacks in industrial Cyber-Physical systems. IEEE Systems Journal 17(4): 5152-5160. DOI: 10.1109/JSYST.2023.3286375
Sepehri A, Vandchali H, Montewka J (2022) The impact of shipping 0 on controlling shipping accidents: A systematic literature review. Ocean Engineering, 243. https://doi.org/10.1016/j.oceaneng.2021.110162
Serru T, Nguyen N, Rauzy A (2023) Modeling cyberattack propagation and impacts on cyber physical system safety: An experiment. Electronics (1): 12. https://doi.org/10.3390/electronics12010077
Shapo V, Levinskyi M (2021) Means of cyber security aspects studying in maritime specialists education. Infrastructures and Mobile Applications 1192: 389-400. DOI: 10.1007/978-3-030-49932-7_38
Shipunov I, Voevodskiy K, Gatchin Y (2019) About the problems of ensuring information security on unmanned ships. EICONRUS, 1-9. DOI: 10.1109/EIConRus.2019.8657219
Silva R, Hickert C, Sookoor T (2022) AlphaSOC: reinforcement learning-based cybersecurity automation for cyber-physical systems. ICCPS, 290-291. DOI: 10.1109/ICCPS54341.2022.00036
Silverajan B, Ocak M, Nagel B (2018) Cybersecurity attacks and defences for unmanned smart ships. IEEE ICC, 15-20. DOI: 1109/Cybermatics_2018.2018.00037
Solnor P, Volden O, Fossen T (2022) Hijacking of unmanned surface vehicles: A demonstration of attacks and countermeasures in the field. Journal of Field Robotics 39(5): 631-649. https://doi.org/1002/rob.22068
Symes SW, Fairclough S, Wang J, Yang Z, Blanco-Davis E (2022) Simulator based human performnace assessment in a ship engine room using functional near-infrared spectroscopy. Liverpool John Moores University, Liverpool, 29303124
Talos C (2018) DNS hijacking abuses trust in core internet service. Available from http://www.CiscoTalosIntelligence.com [Accessed on Jul. 5, 2023]
Tam K, Jones K (2018) Cyber-risk assessment for autonomous ships. International Conference on Cyber Security and Protection of Digital Services, Scotland, 1-8. https://doi.org/10.1109/CyberSecurity43720.2018
The International Maritime Organisation (IMO) (2019) Imo. org. Retrieved from https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx#:~:text=Maritime%20cyber%20risk20refers%20to,being%20corrupted%2C%20lost%20or%20compromised [Accessed on Oct. 10, 2023]
Tidy J (2023) BBC news-technology. Retrieved from https://www.bbc.co.uk/news/technology-66998064 [Accessed on Oct. 4, 2023]
Titov A, Barakat L, Kovalev O (2019) Risk assessment of operating unmanned ships. Marine Intellectual Technologies 4(4): 11-23. DOI: 10.17586/2226-1494-2021-21-1-73-84
Turner J (2018) Sea hunter: inside the US navy’s autonomous submarine tracking vessel. Retrieved from https://www.navaltechnology.com/features/sea-hunter-inside-us-navys-autonomoussubmarine-tracking-vessel/ [Accessed on Nov. 3, 2023]
Tusher H, Munim Z, Nazir S (2022) Cyber security risk assessment in autonomous shipping. Maritime Economics and Logistics 24(2): 208-227. https://doi.org/10.1057/s41278-022-00214-0
Vagale A (2022) Evaluation simulator platform for extended collision risk of autonomous surface vehicles. Journal of Marine Science and Engineering 10(5): 14-17. DOI: 10.3390/jmse10050705
Vagale A, Bye R, Fossen T (2021) Path planning for autonomous surface vehicles II: a comparative study of algorithms. Journal of Marine Science and Technology 26(4): 1307-1323. https://doi.org/10.1007/s00773-020-00790-x
Yazdinejad A, Dehghantanha A, Parizi R, Hammoudeh M, Karimipour H, Srivastava G (2022) Block hunter: federated learning for cyber threat hunting in blockchain-based IIoT networks. IEEE Transactions on Industrial Informatics 18(11): 8356-8366. DOI: 10.1109/TII.2022.3168011
Yazdinejad A, Dehghantanha A, Parizi R, Srivastava G, Karimipour H (2023) Secure intelligent fuzzy blockchain framework: Effective threat detection in IoT networks. Computers in Industry, 144. DOI: 1016/j.compind.2022.103801
Yazdinejad A, Parizi RM, Srivastava G, Dehghantanha A, Choo K KR (2019) Energy efficient decentralized authentication in internet of underwater things using blockchain. IEEE Globecom Workshops GC Wkshps, Waikoloa, USA, 1-6. DOI: 10.1109/GCWkshps45667.2019.9024475
Yoo J, Jo Y (2023) Formulating cybersecurity requirements for autonomous ships using SQUARE methodology. SENSORS 11(1): 23. DOI: 10.3390/s23115033
Yoo Y, Park H (2021) Qualitative risk assessment of cybersecurity and development of vulnerability enhancement plans in consideration of digitalized ships. Journal of Marine Science and Engineering, 9. https://doi.org/10.3390/jmse9060565
Zhou X, Liu Z, Ni S (2018) Collision risk identification of autonomous ships based on the synergy ship domain. CCDC, Beijing, China, 6746-7652
Zhou X, Liu Z, Wu Z (2021) A system-theoretic approach to safety and security co-analysis of autonomous ships. Ocean Engineering 222: 108569. https://doi.org/10.1016/j.oceaneng.2021.108569
Memo
- Memo:
-
Received date:2024-3-11;Accepted date:2024-7-30。
Corresponding author:Steve Symes,E-mail:s.w.symes@ljmu.ac.uk
