scholarly journals A Study on Cyber Security Threats in a Shipboard Integrated Navigational System

2019 ◽  
Vol 7 (10) ◽  
pp. 364 ◽  
Author(s):  
Svilicic ◽  
Rudan ◽  
Jugović ◽  
Zec
Keyword(s):  
Cyber Security ◽  
Route Planning ◽  
Regulatory Compliance ◽  
Security Testing ◽  
Vulnerability Scanner ◽  
Radar Systems ◽  
Electronic Chart ◽  
Planning Status ◽  
Navigational System ◽  
Route Monitoring

The integrated navigational system (INS) enhances the effectiveness and safety of ship navigation by providing multifunctional display on the basis of integration of at least two navigational functions, the voyage route monitoring with Electronic Chart Display and Information System (ECDIS) and collision avoidance with radar. The INS is essentially a software platform for fusion of data from the major ECDIS and radar systems with sensors for the additional navigation functions of route planning, status and data display, and alert management. This paper presents a study on cyber security resilience examination of a shipboard INS installed on a RoPax ship engaged in international trade. The study was based on a mixed-method approach, combining an interview of the ship's navigational ranks and cyber security testing of the INS using an industry vulnerability scanner. The identified threats were analyzed qualitatively to study the source of cyber risks threatening the INS. The results obtained point out cyber threats related to weaknesses of the INS underlying operating system, suggesting a need for occasional preventive maintenance in addition to the regulatory compliance required.

scholarly journals Shipboard ECDIS Cyber Security

Pomorstvo ◽  
2019 ◽  
Vol 33 (2) ◽  
pp. 176-180 ◽  
Author(s):  
Boris Svilicic ◽  
Igor Rudan ◽  
Vlado Frančić ◽  
Mateo Doričić
Keyword(s):  
Operating System ◽  
Cyber Security ◽  
Software Package ◽  
Third Party ◽  
Security Testing ◽  
Protection Measures ◽  
Safe Navigation ◽  
The Third ◽  
Vulnerability Scanner ◽  
Electronic Chart

The Electronic Chart Display and Information System (ECDIS) plays a central role in safe navigation of ships. The ECDIS is basically a software package running on a general operating system that could be comprised of the third-party components. This paper presents an analysis of cyber security weaknesses of a shipboard ECDIS raising from the ECDIS software’s third-party components. The analysis is based on the cyber security testing of the shipboard ECDIS using an industry vulnerability scanner. Detected vulnerabilities are analysed regarding the protection measures implemented on the ship. The results suggest that even the type approved ECDIS system with maintained ECDIS software and the underlying operating system could be vulnerable due to weaknesses in the ECDIS software’s third-party components.

Towards a Cyber Secure Shipboard Radar

2019 ◽  
Vol 73 (3) ◽  
pp. 547-558 ◽  
Author(s):  
Boris Svilicic ◽  
Igor Rudan ◽  
Vlado Frančić ◽  
Djani Mohović
Keyword(s):  
Operating System ◽  
Cyber Security ◽  
Software Tool ◽  
Security Testing ◽  
Cyber Threats ◽  
Radar Systems ◽  
Holistic Understanding ◽  
Computational Testing

This paper presents a comparative cyber security resilience estimation of shipboard radars that are implemented on two oil/chemical tankers certified as SOLAS ships. The estimated radars were chosen from the same manufacturer, but belonged to different generations. The estimation was conducted by means of ships' crew interviews and computational testing of the radars using a widely deployed vulnerability scanning software tool. The identified cyber threats were analysed qualitatively in order to gain a holistic understanding of cyber risks threatening shipboard radar systems. The results obtained experimentally indicate that potential cyber threats mainly relate to maintenance of the radars' underlying operating system, suggesting the need for regulatory standardisation of periodic cyber security testing of radar systems.

scholarly journals The Marine Safety Simulation based Electronic Chart Display and Information System

2011 ◽  
Vol 2011 ◽  
pp. 1-8
Author(s):  
Xin Yu Zhang ◽  
Yong Yin ◽  
Jin YiCheng ◽  
XiaoFeng Sun ◽  
Ren HongXiang
Keyword(s):  
Route Planning ◽  
Kriging Interpolation ◽  
Standard Format ◽  
Sea Bottom ◽  
Huge Impact ◽  
Electronic Chart ◽  
Coordinate Conversion ◽  
Marine Safety ◽  
Route Monitoring ◽  
Navigation Safety

Navigation safety has a huge impact on the world economy and our everyday lives. One navigation safety simulation model in ECDIS based on international standard format (S-57) is put forward, which is mainly involved in route plan and route monitoring. The universal kriging interpolation is used in the route planning and to compute the water depth of any place in the sea bottom. The man-machine conversation method is taken to amend planned route to obtain autodeciding of feasibility according to ECDIS information, and the route monitoring algorithm is improved by enhancing its precision caused by screen coordinate conversion. The DCQA (distance close quarters situation of approach) model and TCQA (time close quarters situation of approach) model are adopted to judge if the close quarters situation or the risk of collision between own ship and target ship is emerging. All these methods are proven to be reliable through the navigation simulator made by Dalian Maritime University which is certified by DNV to class A.

Digital Instrumentation and Control Systems Upgrades in Current Generation Nuclear Power Plants

2010 ◽  
Author(s):  
Steven A. Arndt
Keyword(s):  
United States ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Nuclear Power Plants ◽  
Plant Protection ◽  
The United States ◽  
Regulatory Compliance ◽  
Digital Systems

Over the past 20 years, the nuclear power industry in the United States (U.S.) has been slowly replacing old, obsolete, and difficult-to-maintain analog technology for its nuclear power plant protection, control, and instrumentation systems with digital systems. The advantages of digital technology, including more accurate and stable measurements and the ability to improve diagnostics capability and system reliability, have led to an ever increasing move to complete these upgrades. Because of the difficulties with establishing digital systems safety based on analysis or tests, the safety demonstration for these systems relies heavily on establishing the quality of the design and development of the hardware and software. In the United States, the U.S. Nuclear Regulatory Commission (NRC) has established detailed guidelines for establishing and documenting an appropriate safety demonstration for digital systems in NUREG-0800, “Standard Review Plan for the Review of Safety Analysis Reports for Nuclear Power Plants: LWR Edition,” Chapter 7, “Instrumentation and Controls,” Revision 5, issued March 2007 [1], and in a number of regulatory guides and interim staff guidance documents. However, despite the fact that the United States has a well-defined review process, a number of significant challenges associated with the design, licensing, and implementation of upgrades to digital systems for U.S. plants have emerged. Among these challenges have been problems with the quality of the systems and the supporting software verification and validation (V&V) processes, challenges with determining the optimum balance between the enhanced capabilities for the new systems and the desire to maintain system simplicity, challenges with cyber security, and challenges with developing the information needed to support the review of new systems for regulatory compliance.

Automated security testing for web applications on industrial automation and control systems

2019 ◽  
Vol 67 (5) ◽  
pp. 383-401
Author(s):  
Steffen Pfrang ◽  
Anne Borcherding ◽  
David Meier ◽  
Jürgen Beyerer
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Web Application ◽  
Web Applications ◽  
Security Testing ◽  
Industrial Automation ◽  
Local Networks ◽  
Automation And Control ◽  
And Control ◽  
The Web

Abstract Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industrie 4.0”. A lot of IACS are equipped with web servers that provide web applications for configuration and management purposes. If an attacker gains access to such a web application operated on an IACS, he can exploit vulnerabilities and possibly interrupt the critical automation process. Cyber security research for web applications is well-known in the office IT. There exist a lot of best practices and tools for testing web applications for different kinds of vulnerabilities. Security testing targets at discovering those vulnerabilities before they can get exploited. In order to enable IACS manufacturers and integrators to perform security tests for their devices, ISuTest was developed, a modular security testing framework for IACS. This paper provides a classification of known types of web application vulnerabilities. Therefore, it makes use of the worst direct impact of a vulnerability. Based on this analysis, a subset of open-source vulnerability scanners to detect such vulnerabilities is selected to be integrated into ISuTest. Subsequently, the integration is evaluated. This evaluation is twofold: At first, willful vulnerable web applications are used. In a second step, seven real IACS, like a programmable logic controller, industrial switches and cloud gateways, are used. Both evaluation steps start with the manual examination of the web applications for vulnerabilities. They conclude with an automated test of the web applications using the vulnerability scanners automated by ISuTest. The results show that the vulnerability scanners detected 53 % of the existing vulnerabilities. In a former study using commercial vulnerability scanners, 54 % of the security flaws could be found. While performing the analysis, 45 new vulnerabilities were detected. Some of them did not only break the web server but crashed the whole IACS, stopping the critical automation process. This shows that security testing is crucial in the industrial domain and needs to cover all services provided by the devices.

Cybersecurity as a global concern in need of global solutions: an overview of financial regulatory developments in 2015

2016 ◽  
Vol 17 (1) ◽  
pp. 101-111 ◽  
Author(s):  
V. Gerard Comizio ◽  
Behnam Dayanim ◽  
Laura Bain
Keyword(s):  
Financial Institutions ◽  
Cyber Security ◽  
Assessment Tool ◽  
The United States ◽  
Regulatory Compliance ◽  
The European Union ◽  
Content Type ◽  
Cyber Threats ◽  
Cyber Risk ◽  
Financial Regulatory

Purpose To provide financial institutions an overview of the developments in cybersecurity regulation of financial institutions during 2015 by the United States, the United Kingdom, and the European Union, as well as guidance for developing effective cyber-risk management programs in light of evolving cyber-threats and cyber-regulatory expectations. Design/methodology/approach Reviews US, UK and EU regulatory developments in the cybersecurity area and provides several best practice tips financial institutions should consider and implement to improve their cybersecurity compliance programs. Findings While cyber-threats and financial regulators’ expectations for cyber-security are constantly evolving, recent guidance and enforcement efforts by the US, UK and EU illustrate the need for financial institutions to develop effective cybersecurity programs that address current regulatory compliance requirements and prepare for emergency cyber responses. Practical implications Financial institutions should utilize the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool to assess their cyber-risk profile and cyber-preparedness. Originality/value Practical guidance from experienced financial regulatory and privacy lawyers that provides a survey of the current regulatory environment and recommendations for cyber-security compliance.

scholarly journals Design of Hack-Resistant Diabetes Devices and Disclosure of Their Cyber Safety

2016 ◽  
Vol 11 (2) ◽  
pp. 198-202 ◽  
Author(s):  
Jonathan Sackner-Bernstein
Keyword(s):  
Risk Assessment ◽  
Operating Systems ◽  
Medical Devices ◽  
Cyber Security ◽  
State Of The Art ◽  
Security Testing ◽  
Cyber Safety ◽  
Regulatory Bodies ◽  
Recognition And Response ◽  
Inform Decision Making

Background: The focus of the medical device industry and regulatory bodies on cyber security parallels that in other industries, primarily on risk assessment and user education as well as the recognition and response to infiltration. However, transparency of the safety of marketed devices is lacking and developers are not embracing optimal design practices with new devices. Achieving cyber safe diabetes devices: To improve understanding of cyber safety by clinicians and patients, and inform decision making on use practices of medical devices requires disclosure by device manufacturers of the results of their cyber security testing. Furthermore, developers should immediately shift their design processes to deliver better cyber safety, exemplified by use of state of the art encryption, secure operating systems, and memory protections from malware.

Sign in / Sign up

Export Citation Format

Share Document