Cybersecurity risk assessment of VDR

IF 1.9 4区工程技术 Q2 ENGINEERING, MARINE Journal of Navigation Pub Date : 2023-01-01 DOI:10.1017/S0373463322000595

Ömer Söner, Gizem Kayisoglu, P. Bolat, K. Tam

{"title":"Cybersecurity risk assessment of VDR","authors":"Ömer Söner, Gizem Kayisoglu, P. Bolat, K. Tam","doi":"10.1017/S0373463322000595","DOIUrl":null,"url":null,"abstract":"Abstract The voyage data recorder (VDR) is a data recording system that aims to provide all navigational, positional, communicational, sensor, control and command information for data-driven investigation of accidents onboard ships. Due to the increasing dependence on interconnected networks, cybersecurity threats are one of the most severe issues and critical problems when it comes to safeguarding sensitive information and assets. Cybersecurity issues are extremely important for the VDR, considering that modern VDRs may have internet connections for data transfer, network links to the ship's critical systems and the capacity to record potentially sensitive data. Thus, this research adopted failure modes and effects analysis (FMEA) to perform a cybersecurity risk assessment of a VDR in order to identify cyber vulnerabilities and specific cyberattacks that might be launched against the VDR. The findings of the study indicate certain cyberattacks (false information, command injection, viruses) as well as specific VDR components (data acquisition unit (DAU), remote access, playback software) that required special attention. Accordingly, preventative and control measures to improve VDR cybersecurity have been discussed in detail. This research makes a contribution significantly to the improvement of ship safety management systems, particularly in terms of cybersecurity.","PeriodicalId":50120,"journal":{"name":"Journal of Navigation","volume":"76 1","pages":"20 - 37"},"PeriodicalIF":1.9000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Navigation","FirstCategoryId":"5","ListUrlMain":"https://doi.org/10.1017/S0373463322000595","RegionNum":4,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"ENGINEERING, MARINE","Score":null,"Total":0}

引用次数: 4

Abstract

Abstract The voyage data recorder (VDR) is a data recording system that aims to provide all navigational, positional, communicational, sensor, control and command information for data-driven investigation of accidents onboard ships. Due to the increasing dependence on interconnected networks, cybersecurity threats are one of the most severe issues and critical problems when it comes to safeguarding sensitive information and assets. Cybersecurity issues are extremely important for the VDR, considering that modern VDRs may have internet connections for data transfer, network links to the ship's critical systems and the capacity to record potentially sensitive data. Thus, this research adopted failure modes and effects analysis (FMEA) to perform a cybersecurity risk assessment of a VDR in order to identify cyber vulnerabilities and specific cyberattacks that might be launched against the VDR. The findings of the study indicate certain cyberattacks (false information, command injection, viruses) as well as specific VDR components (data acquisition unit (DAU), remote access, playback software) that required special attention. Accordingly, preventative and control measures to improve VDR cybersecurity have been discussed in detail. This research makes a contribution significantly to the improvement of ship safety management systems, particularly in terms of cybersecurity.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

VDR的网络安全风险评估

摘要航行数据记录仪（VDR）是一种数据记录系统，旨在为船上事故的数据驱动调查提供所有导航、位置、通信、传感器、控制和指挥信息。由于人们越来越依赖互联网络，在保护敏感信息和资产方面，网络安全威胁是最严重的问题和关键问题之一。考虑到现代VDR可能具有用于数据传输的互联网连接、与船舶关键系统的网络连接以及记录潜在敏感数据的能力，网络安全问题对VDR来说极其重要。因此，本研究采用故障模式和影响分析（FMEA）对VDR进行网络安全风险评估，以识别网络漏洞和可能针对VDR发起的特定网络攻击。研究结果表明，某些网络攻击（虚假信息、命令注入、病毒）以及需要特别关注的特定VDR组件（数据采集单元（DAU）、远程访问、播放软件）。因此，详细讨论了提高VDR网络安全的预防和控制措施。这项研究对改进船舶安全管理系统，特别是在网络安全方面做出了重大贡献。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Journal of Navigation 工程技术-工程：海洋

CiteScore

6.10

自引率

4.20%

发文量

审稿时长

4.6 months

期刊介绍： The Journal of Navigation contains original papers on the science of navigation by man and animals over land and sea and through air and space, including a selection of papers presented at meetings of the Institute and other organisations associated with navigation. Papers cover every aspect of navigation, from the highly technical to the descriptive and historical. Subjects include electronics, astronomy, mathematics, cartography, command and control, psychology and zoology, operational research, risk analysis, theoretical physics, operation in hostile environments, instrumentation, ergonomics, financial planning and law. The journal also publishes selected papers and reports from the Institute’s special interest groups. Contributions come from all parts of the world.