Navigation systems and control of ships are increasingly dependent on information systems and mission-critical industrial control systems.

Spain ‘s government approved the strategy of national maritime cybersecurity in 2013 . This strategy states the following in his line of action 5 on improving cyber security in the maritime field :

The essential characteristic of ICT in the maritime field requires specific actions established in the framework of cyber security so as to contribute to the improvement of national maritime safety standards .

It is necessary to promote a comprehensive approach to cybersecurity based on risk assessment and specific cyber threats for the maritime sector as well as in the identification of all critical assets in the sector . ”

The current industry trend towards maritime automation means increasingly more ships depend on data networks and information systems for the following functions:

  • Navigation: ECDIS, AIS, Radar.
  • Command and Control.
  • Engineering: propulsion, anti-fire, lights, pumps, alarms.
  • Cargo: placement and ship stability.
  • Communications:satelite, radio VHF/SW/MW.
  • Administration: ERP, crew, bunkering, accounting.
  • Maintenance and inventory systems.
  • Social and entertainment.

In particular, the navigation and control data networks are very important.

In the navigation network there are mission critical IT systems like the ECDIS that are normally implemented on commercial operating systems like Windows and Linux.

Below, a figure is shown depicting the navigation systems usually found on modern ships and their interconnection via the navigation network.

DNV Navigation equipment

Image source: http://nornav.custompublish.com/e-navigation-workshopconference.5165191.html

 

In addition, in the control data network there are industrial control systems like PLC and Scada that monitor and manage critical systems such as propulsion, electrical and alarms.

The impact of a cyberincident in which an attacker compromises the systems in the navigation or control networks could be very high. For example, a deviation in the course of the vessel could involve a collision, grounding or even the sinking of the ship with heavy financial losses and impacts on human lives and the environment.

In this blog, I present cybersecurity best practices  and articles with recommendations to define and deploy policies and procedures for maritime cybersecurity.

With the aim of providing information to prevent and reduce the material, human and environmental impacts due to potential maritime cybersecurity incidents.