Content uploaded by Hugh Boyes
Author content
All content in this area was uploaded by Hugh Boyes on Apr 30, 2019
Content may be subject to copyright.
Content uploaded by Hugh Boyes
Author content
All content in this area was uploaded by Hugh Boyes on Feb 09, 2016
Content may be subject to copyright.
ISSN 2041-5923
Maritime Cyber Security – Securing the Digital
Seaways
H.A. Boyes
The Institution of Engineering and Technology, Stevenage, UK
E-mail: haboyes@theiet.org
Abstract: Maritime transport is critical to the global economy. In a competitive environment, the industry is
constantly seeking economies of scale and efficiencies. This has led to the introduction of larger vessels and
an increasing use of IT to achieve greater automation, both in ports and at sea. The technologies employed
are vulnerable to the same cyber-security threats as those in other sectors affecting commercial, production
and government systems. This paper reviews the threats in the maritime environment and examines the need
for increased awareness and protection of what are in effect maritime industrial control systems.
Keywords: maritime systems, port systems, cyber–physical systems, navigation systems, cyber-security
1 Introduction
Society is heavily dependent on reliable and secure seaborne
delivery of goods and raw materials. Maritime transport is
responsible for handling over 80% by volume of global
trade and accounts for over 70% of its value [1]. The
worldwide shipping fleet continues to expand, in the 4
years to January 2012, there was an increase of over 37% in
the deadweight tonnage [2]. Mirroring this growth in trade
and shipping capacity, world container port throughput
increased by an estimated 12.6% in 2010 and further
double digit growth was forecast for 2011 and 2012 [3].
There is also extensive use of maritime transport by both
ferry and cruise industries.
Alongside this expansion in trade, ship owners and
operators have taken advantage of technology advances to
derived benefit from operational economies of scale, for
example, through construction of increasingly large ships
[3]. These larger ships require efficiencies both in operation
at sea and management of port services. This has
encouraged greater use of automation and information
technology (IT), both on ship and ashore. A study by
ENISA found low levels of cyber-security awareness in the
maritime sector and that current maritime regulations and
policies primarily focus on the physical aspects of security
and safety [4].
This paper examines the IT systems currently used in
marine transportation, both shipboard and in ports and
cargo terminals. It examines some of the potential
consequences of cyber-security incidents which can include
loss of life, damage to or destruction of vessels and their
cargo, economic or environmental damage and severe
disruptions to society’s supply chains. The paper considers
the need for improvements in maritime cyber-security and
the steps that might be taken to reduce the cyber-security
risks.
2 How is IT used in Maritime
Transport?
From an IT perspective, maritime transport can be
considered to involve two connected but distinct domains.
The shore-based technologies associated with the operation
of ports and the seaborne elements related to the operation
of the ships.
2.1 Use of IT in ports
To both efficiently handle the increasing volume of
passengers and trade, and to provide appropriate border
security, ports make extensive use of IT. The systems used
in a port may include [5]:
56 Resilience, Security and Risk in Transport, 2013, pp. 56–63
&The Institution of Engineering and Technology 2013
†Security systems – For example, access control through
the use of security or identity card systems to control entry
to sensitive or restricted areas through doors or personnel
gates. Use of CCTV for monitoring perimeters and the
access to sensitive areas. Use of automatic number plate
recognition (ANPR) to manage access to the site by cars
and road haulage vehicles. The access control systems may
also be used by customs and border security personnel
where the port is handling passenger traffic, e.g. for cruise
liners.
†Communications systems – These can range from mobile
radio, email and websites to specialist cargo-related messages
to support cargo tracking and customs clearance. Some
communications may use fixed cable-based networks, but
increasingly wireless networking technology is used to allow
greater flexibility.
†Business systems, including – Terminal Operation
System (TOS), Container Terminal Management System
(CTMS) and traditional back office systems such as payroll
and human resource systems.
†Terminal automation systems, including scheduling
software covering vessels, yard equipment and maintenance.
These systems can be used to optimise the use of berths,
cranes and yards to ensure efficient and timely turnaround
of vessels.
†Ports also make extensive use of control systems for cranes,
yard equipment, remote monitoring of equipment, building
management and to control gates and access to buildings.
Some ports are now using driverless cranes and other
vehicles to enable automated handling of containers.
These port systems are increasingly used in an integrated
fashion. For example, to enable automated container
terminal entry, where an ANPR system reads the vehicle
number plate and optical character recognition (OCR) is
used to read the container number. The system checks the
vehicle and container identities against pre-booked delivery
schedules and allows access to the site to approved vehicles
and containers. Imaging systems may also be used to detect
container damage prior to its entry to the terminal. If any
damage is detected the system can alert terminal staff to
investigate prior to further handling of the container.
2.2 Use of IT on ships
Information technology is extensively used on ships. For
example in the cruise industry, vessels in the Carnival
Cruise Line OASIS class are equipped with 900+wireless
access points, 30 000+IP ports and 1200 wireless phones
linked by 600 000 m of fibre cable and 44 network
switching locations [6].
More generally there is extensive use of IT-based seaborne
systems to support vessel automation, including [5]:
†Navigation systems, these can include electronic charts
(ECDIS), global positioning systems (GPS), positioning
systems [7], radar, and automatic identification system (AIS).
†Communications systems including radio (terrestrial and
satellite), and data communications (broadband, Internet
access, e-mail).
†An integrated bridge, with computer based consoles and
all systems interconnected [8].
†Control systems [9], to manage and operate a wide range
of electro-mechanical systems, for example, the main engine,
generators, ballast tanks, life support, fuel & oil pumps, water
tight doors, fire alarm & control, cargo hold fans and
environmental control.
As illustrated by this range of systems, many ships have
become complex computer-controlled platforms, where the
operators have limited physical control over critical systems.
The use of digital communications to link seaborne systems
to shore-based applications means that the vessels are also
part of a hyper-connected world which is dominated by the
Internet.
2.3 Technology convergence and
cyber– physical systems
The use of electronics for navigation, communications and
control is not new. Ship borne radar was developed
following the Second World War, and maritime radio was
in use prior to that. Electrical and electronic control
systems are both well-established technologies and the
systems were often designed or customised for specific
applications and vessels. However, there has been a move
to use commercially available technologies in
communications and control systems rather than
undertaking bespoke developments. This has the benefit of
reducing development times and cost, but the result is that
the systems are based on similar technologies and operating
systems to those found in our personal and office IT systems.
The maritime systems described in the preceding sections
are effectively cyber–physical systems. They are computer-
based (cyber) systems which embed a combination of
sensors, processors and actuators in the real world to
manage or control specific outcomes. Whilst there are
many similarities between conventional data processing and
cyber–physical systems, there are also some significant
differences. Two critical differences are:
†cyber–physical systems are control systems working in
real-time to influence physical outcomes in the real world; and
†there can be serious physical consequences arising from
failure or malfunction of a cyber – physical system,
potentially including loss of life, damage to property,
pollution and environmental harm.
Resilience, Security and Risk in Transport, 2013, pp. 56–63 57
&The Institution of Engineering and Technology 2013
Given the increasing prevalence of cyber–physical systems
and the potential consequence of their failure, it is important
that they are trustworthy [10], i.e. operate in a reliable, safe
and secure manner.
3 Why is cyber security an issue?
3.1 What do we mean by cyber security?
The impression given by some media coverage of cyber
security is that it primarily affects the Internet. It is
important to recognise that cyber security affects more than
the IP-based networks. An internationally agreed definition
[11] which recognises this broader scope of cyber security is
‘the collection of tools, policies, security concepts, security
safeguards, guidelines, risk management approaches, actions,
training, best practices, assurance and technologies that can be
used to protect the cyber environment and organisation and
user’s assets’.
This definition refers to the ‘cyber environment’ (also
known as cyberspace), which effectively comprises the
interconnected networks of electronic, computer-based and
wireless systems. The definition also refers to ‘organisation
and user’s assets’, which effectively includes all connected
computing devices, personnel, infrastructure, applications,
services, telecommunication systems, and the totality of
transmitted, processed and/or stored data and information
in the cyber environment.
It is important to recognise that cyber security
encompasses not only the technology, but people and
process aspects. The behaviour of individual system users,
implementation of poor processes, and failure to follow
standard operating procedures can all weaken a system and
create cyber-security vulnerabilities.
3.2 Does cyber-security matter in marine
transport?
A report by ENISA indicates that cyber-security awareness in
the maritime sector is currently low to non-existent [4].
Maritime operators have been fortunate that to date there
have been few if any attacks directed towards shipboard
systems [12]. The same is not true of port systems where
attacks are alleged to have occurred allowing theft of
valuable contents from shipping containers.
In modern vessels the critical systems are typically digital
systems using industrial control systems technology, often
with network connectivity allowing real-time sharing of
information with other shipboard and shore-based systems.
Industrial control systems are clearly targets for cyber-
attacks as illustrated by two pieces of malware – Stuxnet
[13] and Duqu [14]. The combination of technology and
connectivity exposes maritime control systems to this type
of attack. If a large cargo vessel were to be disabled at sea
due to a malware attack disabling key ship systems, the
consequences could be economically damaging and may
even lead to loss of the vessel.
It is not just the control systems that are vulnerable,
reliance on GPS for navigation and position keeping is also
a vulnerability [15]. Relatively weak signals for GPS
satellites are susceptible to jamming and there are readily
available devices on sale which can interfere with the signal.
It is reported that the spoofing of GPS signals has also
been successfully demonstrated [16]. Spoofing is a
technique which involves creating false signals, in this case
false civil GPS signals. It allowed a third party to gain
control of a vessel’s GPS receivers and, in this case, to do
so without it being apparent to the ship’s navigator.
The use of commercially available WiFi technology on
ships can offer another means of gaining control or
disabling the controls systems. This is particularly an issue
where the WiFi is poorly protected and provides
connectivity to critical control networks and systems.
3.3 Cyber security & trustworthiness in
maritime systems
Information security, the forerunner to cyber security, is often
characterised by the CIA triad, which represents the three
core principles [17]:
†Confidentiality – this encompasses privacy, control and
authorisation of access to data or information, and any
ability to process, modify or delete data or information;
†Integrity – this includes the trustworthiness of the data or
information storage, the authenticity of data and results, and
the safe operation of electronic systems; and
†Availability – the availability of the systems and associated
business or operational functions when needed.
When considering the cyber security of maritime cyber–
physical systems, the three principles do not fully address
the critical characteristics of a maritime system. Building on
the work by NIST in the United States [18] and the
Trustworthy Software Initiative (TSI) [19] in the United
Kingdom, it may be more appropriate think in terms of
system trustworthiness as illustrated in Figure 1 [10].
Figure 1 Characteristics of a trustworthy system [10]
58 Resilience, Security and Risk in Transport, 2013, pp. 56–63
&The Institution of Engineering and Technology 2013
If a cyber–physical system is trustworthy it should be
predictable in response to faults, errors, and failures and
also be more secure from threats of attack. Assessing
trustworthiness of a system, will involve the design and
performance of both cyber and physical elements being
taken into account.
4 Risk Management and
Maritime IT Systems
In the maritime transport sector there is considerable
interaction between systems. On ships this manifests itself as
integrated bridges [20], on shore it is the complex terminal
management systems used to marshal the handling of goods
and where applicable passengers. These are complex
systems-of-systems and often involving integration of cyber–
physical systems with conventional IT systems.
4.1 Risk Management of complex
systems
Across a number of engineering sectors, a review of
systematic failures indicates they occur due to fragility in
complex systems [21]. The review suggests that complex
systems are fragile due to their scale, non-linearity,
interconnectedness and interactions with humans and the
environment. Cumulative effects of multiple abnormalities
may propagate in a variety of ways, resulting in systemic
failure. The failure to identify all serious potential hazards
is a common failing in disasters involving complex systems.
In conventional risk management methodologies it is often
difficult to identify all serious potential hazards. A novel
approach called Anticipatory Failure Determination (AFD)
Prediction has been proposed [21]. This approach employs
a method which identifies potential failures not by asking
what might go wrong, but can we make it go wrong and
how would we prevent that failure. The aim is to encourage
generation of scenarios from combinations of single failures
that might have greater impact than individual failures.
4.2 Human factors in complex systems
User behaviour may also severely affect even the best designed
systems. Whether through negligence, error, laziness or poor
training, systems operators can compromise systems by
failing to attend to alarms, failing to investigate unusual
behaviour or by simply taking unauthorised short cuts in
their day-to-day operations. For example in the 1997 MS
Herald of Free Enterprise accident [22], a combination of
design, process and user error (a member of the crew being
asleep rather than at his duty station) led to the sinking of
a ferry with loss of 193 lives. There a numerous other
examples of systems failures where human factors are a
contributory element [23].
There is also a tendency to heavily rely on automated
systems, ignoring minor irregularities and often not cross-
checking information to validate system operation. For
example, the grounding on 10 June 1995 of a Panamanian
passenger ship ‘Royal Majesty’ off Nantucket Island,
Massachusetts. The accident investigation [24] by the US
NTSB determined that the probable causes of the
grounding were the watch officers’ overreliance on the
automated features of the integrated bridge system, failure
to ensure that its officers were adequately trained in the
automated features of the integrated bridge system, and in
the implications of this automation for bridge resource
management. The NTSB also identified deficiencies in the
design and implementation of the integrated bridge system
and in the procedures for its operation. The root causes of
this accident were a fault with the GPS antenna cable
leading to loss of signal and an integration issue between
the GPS and the autopilot.
4.3 Understanding impact of
dependencies
The maritime transport industry is part of a global supply
chain, and through use of information and communications
technologies its systems exist in a hyper-connected world
[25]. This connectivity delivers a diverse range of functions,
and addition of new interconnections provides additional
functionality. However, in these complex systems we may
also get functions interacting to create new functions. To
understand the consequences of failure or cyber-attack we
need to understand this network of functions and
relationships. This makes it easier to understand multi-
hazard risk and their impact on system resilience [26].
As the maritime systems are not working in isolation, the
interdependency of the systems on critical infrastructure
needs to be understood. A study [27] has led to the
Figure 2 Dimensions describing interdependencies [27]
Resilience, Security and Risk in Transport, 2013, pp. 56–63 59
&The Institution of Engineering and Technology 2013
identification of six dependency dimensions as shown in
Figure 2. It also proposed a hierarchy of elements: part,
unit, subsystem, system, infrastructure and interdependent
infrastructure. For example a vessel navigation system is
dependent on position data (e.g. from GPS), geographic
data (e.g. charts), the proposed course, and interfaces to
vessel propulsion and steering systems. In the case of ‘Royal
Majesty’ there was a failure of part (the antenna cable) and
a systems failure of systems interfaces (the GPS to autopilot
interface). The antenna cable had been unprotected and
was subject to mechanical damage, whilst the interface
issue related to an incompatibility between the systems in
the event of a loss of GPS signal. Both failures were critical
dependencies and were single points of failure.
When examining dependencies it is worth considering the
findings from a review of major mishaps and accidents [28].
This revealed that incidents have several characteristics in
common, including:
†Severe production pressures/tight schedule and
unchecked risk build-up;
†Pressing need for safety, but eroding safety margins,
obscured by pressure to produce;
†Over confidence, based on past success, replacing due
diligence;
†Failure to revisit and revise initial assessments or
reinterpret facts in light of new evidence;
†Breakdown of communications at organisational
boundaries.
In 2007, an accident involving the ANNABELLA sailing in
the Baltic Sea illustrates many of these common characteristics.
In bad weather, a stack of containers collapsed causing damage
to some containers of Butylene gas. The investigation report
[29] identifies issues with the intensity and speed of
operations, communications breakdowns regarding the
loading plan, and problems with the load planning software
regarding the stacking of 30-ft containers. In this incident
an explosion was avoided, but one could easily have
occurred, resulting in loss of life and/or the vessel.
5 Nature of the Cyber-Security
Threats
5.1 Threat agents
Cyber-security threats potentially emanate from one of four
groups:
†Malicious outsider: This is a person unconnected with the
vessel owner/operator or the port. There are a diverse range
of malicious outsiders including hackers, cyber criminals,
activists, terrorists and state-supported attackers.
†Malicious insider: These are connected to the vessel or the
port and may be employees of the owner, operator or port,
contractors, vessel crews, or third parties with authorised
access to the systems. A malicious insider will use their
authorised or privileged access for a purpose that it was not
intended.
†Non-malicious insider: Unlike the malicious insider, these
individuals cause an incident of security breach through error,
omission, ignorance or negligence.
†Nature: This can be any non-human factor which disrupts
or impairs the operation of the maritime IT systems, thus
affecting the correct operation of a vessel or port.
An assessment of the cyber-security risks to maritime
transport systems needs to consider the impact of threats
from the above four groups.
5.2 Threats to shore-based IT
The move to electronic documents such as waybills, letters of
credit, customs clearance, etc., coupled with the automation
of cargo terminals offer opportunities for disruption by:
†Hacking or use of malware to obtain commercially
sensitive information about cargo, vessels and their
destinations. This may allow the perpetrator to obtain
commercial advantage.
†Access to cargo information to allow for theft the port or
damage to material in transit.
†Unauthorised access to security information and systems
to enable criminal activities, including smuggling and fraud.
Malicious interference with control and automation
systems could severely disrupt efficient operation of a port,
cause reputational and/or physical damage. This could
include attacks on critical infrastructure such as electricity
substations or steam plants. If the embedded program logic
in heavy cranes was interfered with this may lead to loss of
cargo, hull damage, or in extreme cases, serious injury or
loss of life of port or ship personnel [12].
5.3 Threats to shipboard IT
The greatest risk to shipboard systems is that malicious
instructions or software could be used to disable or damage
critical ship systems, for example, navigation, propulsion,
emergency communications, life support and ballast
systems. This could lead to a vessel being unable to proceed
under its own power and jeopardise its safety. At present
piracy typically involves an armed takeover of vessels;
however in future, with suitable expertise, vessels could be
disabled through unplanned systems shutdown, or
interference with the navigation systems so the ship
rendezvous with the pirates.
60 Resilience, Security and Risk in Transport, 2013, pp. 56–63
&The Institution of Engineering and Technology 2013
For liners there are also cyber-security risks associated with
the extensive use of IT by the passengers. These ‘floating
towns’ could be targets for typical consumer-oriented
malware aimed at stealing banking and personal information.
6 Discussion
The three incidents highlighted in this paper are accidents
that have been investigated by the relevant maritime
authority. The incidents involving the ‘Royal Majesty’ and
the ANNABELLA, were caused by the failure of electronic
processing systems – the GPS and the load planning
software respectively. They could therefore be regarded as
cyber-security incidents and in neither case were the
systems trustworthy.
With increasing connectivity of systems and operators’
reliance on information displayed on their consoles there is
a need to improve the trustworthiness of systems. This will
have benefits from both safety and security perspectives. In
making improvements it is essential that system integration
aspects are properly addressed.
The failure of the GPS system on the ‘Royal Majesty’ could
have been spotted if an incompatibility in the interface
between the GPS and autopilot system had been
understood. When the GPS unit lost the satellite signal a
bit (error flag) was set to indicate loss of signal. The
autopilot system assumed that in the event of signal loss
the GPS receiver would stop sending data and also ignored
the presence of the error flag set in the GPS unit output.
It is important to recognise that cyber security is not just
about the prevention of malicious actions. A recent survey
on data breaches [30] found that 37% were attributable to
malicious or criminal acts. The remainder were split
between system glitches (29%) and human factors (35%).
Human factors were defined as errors or negligence by the
user/operator and system glitches included both IT and
business process failures.
Onshore there are rapid technological innovations
affecting commercial IT environments. These include
innovations such as bring-your-own-device (BYOD),
transfer of business applications into the ‘cloud’ and
delivered using software-as-a-service (SAAS) models, and
increasing use of mobile IT and wireless technologies.
Deployment of these technologies in the maritime domain
will potentially increase the cyber-security risks and further
complicate the task of protection maritime transport assets.
To address the vulnerabilities in the industrial control
systems that control many of the critical maritime
functions, there will need to be close collaboration between
the systems engineers, security and safety professionals. For
example with many control systems there may be little of
no patching of the operating systems. Whilst this may be
desirable from the system engineering and safety
perspectives, it is undesirable from a security perspective.
Leaving known vulnerabilities unpatched can significantly
increase the risk of cyber-attacks.
The global nature of the maritime transport industry can
introduce complexities into the maintenance and operation
of maritime systems. For example, in the data breach survey
[30] there were some significant differences in the
distribution of root causes by country. Breaches due to
system glitches were significantly higher in India (46%) than
in the UK (29%), the US (26%) and Germany (16%). In
comparison, malicious attacks were significantly higher in the
US (41%), UK (34%) and Germany (48%), than in India
(25%). While these survey results were not for industrial
control systems, they suggest that cyber-security threats will
vary from country to country. This has implications for the
management of system security given the mobility of vessels.
A common theme across virtually all engineering and
technology businesses is the skills gap. The recent
roundtable held in London [31] suggests that the maritime
sector is suffering in the same way as organisations involved
in the cyber security.
7 Conclusions and
Recommendations
Increasing sophistication and integration of maritime IT
systems and their connectivity to the global
communications systems means that the maritime domain
is now part of cyberspace. This exposes the systems to
significant levels of cyber-security threat. The ENISA
report indicates a lack of awareness of these threats and a
need for improvements in the cyber security of maritime
systems.
To address the lack of awareness, the professional
engineering organisations should develop an awareness
programme in collaboration with the maritime industry.
The aim should be to provide material suitable for use at
owner, officer and crew levels. Cyber-security awareness
should also be built into training programmes for all
mariners and shore-based personnel to reduce the risks
arising from ignorance or a lack of education.
The issues related to systems engineering should be
addressed by ensuring cyber security, best practice from
other engineering sectors is tailored to make it applicable in
maritime situations. Steps should be taken to transfer
knowledge and skills to the maritime transport industry
from sectors that already have a greater experience of cyber-
security attacks and the need for protection of industrial
control systems.
To achieve these improvements will require collaboration
between professional engineering organisations, maritime
operators, systems engineers, safety and security
Resilience, Security and Risk in Transport, 2013, pp. 56–63 61
&The Institution of Engineering and Technology 2013
professionals. The solutions will involve technology, people
and process changes. With maritime safety currently in the
news following the successful righting of the capsized liner
‘Costa Concordia’, we should urgently consider how best to
avoid the spectacle of a major maritime disaster caused by a
cyber-security incident or attack.
8 References
[1] United Nations: ‘World Economic Situation and
Prospects 2012 ’(UnitedNations,NewYork,2012).
e-ISBN: 978-92-1-055103-8. Chapter 2, p. 44. Available
online at: http://www.un.org/en/development/desa/
policy/wesp/wesp_archive/2012chap2.pdf. Last accessed:
16 September 2013
[2] UNCTAD: ‘Review of Marine Transport’. United
Nations Conference on Trade and Development, Geneva,
2012. e-ISBN: 978-92-1-055950-8, Available online at:
http://unctad.org/en/PublicationsLibrary/rmt2012_en.pdf.
Last accessed: 16 September 2013
[3] United Nations: ‘World Economic Situation and
Prospects 2012’, 2012, Chapter 2, p. 46
[4] Enisa: ‘Analysis of Cyber Security Aspects in the
Maritime Sector’. Available online at: http://www.enisa.
europa.eu/activities/Resilience-and-CIIP/critical-infrastru
cture-and-services/dependencies-of-maritime-transport-to-
icts/cyber-security-aspects-in-the-maritime-sector-1.Last
accessed: 16 September 2013, (2011)
[5] MCCARTHY C.: ‘Department of Homeland Security
Control Systems Security Program – Transportation
Sector’. Available online at: http://www.cruising.org/sites/
default/files/leadershipforum2012/Trends%20p2%
20Ben%20Shore%20CLIA%2014%20Nov.pdf. Last accessed:
16 September 2013, (2012)
[6] IET Sector Insights: ‘Global challenges in maritime
security’. Institution of Engineering and Technology.
Available online at: http://www.theiet.org/sectors/
transport/maritime-security.cfm. Last accessed: 16
September 2013, (2013)
[7] Rolls Royce: ‘Positioning systems’. Available online at:
http://www.rolls-royce.com/marine/products/automation_
control/positioning_systems/index.jsp. Last accessed: 16
September 2013, (2013)
[8] Rolls Royce: ‘Integrated bridge systems’. Available
online at: http://www.rolls-royce.com/marine/products/
automation_control/integrated_bridge_systems/index.jsp.
Last accessed: 16 September 2013, (2013)
[9] Rolls Royce: ‘Automation systems’. Available online at:
http://www.rolls-royce.com/marine/products/
automation_control/automation_systems/index.jsp.Last
accessed: 16 September 2013, (2013)
[10] BOYES H.A.:‘Trustworthycyber-physicalsystems–a
review’. In 8th IET International System Safety Conference
incorporating the Cyber Security Conference 2013, Cardiff,
15–17 October 2013, Cardiff, (2013)
[11] Switzerland. International Telecommunications Union:
‘Series X: Data Networks, Open System Communications
and Security, Telecommunications security: Overview of
cybersecurity ’ (I. T. U. (ITU-T X.1205), Geneva, 2008)
[12] HUGHES R.: ‘Maritime Cyber Security’, NIMO Technical
Bulletin, 2013, 5, pp. 3–5. Available online at: http://
nmio.ise.gov/docs/NMIO_QuarterlyVOL5.pdf.Last
accessed: 16 September 2013
[13] Symantec: ‘W32.Stuxnet’. Available: http://www.
symantec.com/security_response/writeup.jsp?docid=2010-
071400-3123-99. Last accessed 26 June 2013, (2010)
[14] BENCSA
´TH B.,PE
´KG.,BUTTYA
´NL.,FE
´LEGYHA
´ZI M.:‘Duqu:
analysis, detection, and lessons learned’. In ACM
European Workshop on System Security (EuroSec), 2012,
2012
[15] IET Sector Insights: ‘Jamming and radio interference:
understanding the impact’. Institution of Engineering and
Technology. Available online at: http://www.theiet.org/
sectors/information-communications/signal-jamming.cfm.
Last accessed: 16 September 2013, (2012)
[16] ZARAGOZA S.: ‘Humphreys Research Group successfully
spoofs an $80 million Yacht at sea’. University of Texas,
Cockrell School of Engineering. Available online at: http://
www.ae.utexas.edu/news/archive/2013-news-archive/
humphreys-research-group-successfully-spoofs-an-80-
million-yacht-at-sea, Last accessed: 16 September 2013,
(2013)
[17] GREENE S.S.:‘Security policies and procedures’ (Pearson
Education, 2006)
[18] NIST: ‘Trustworthy Information Systems’. Available:
http://www.nist.gov/itl/tis/. Last accessed: 16 September
2013, (2009)
[19] Trustworthy Software Initiative: ‘The name’. Available:
http://www.uk-tsi.org/. Last accessed: 16 September 2013,
(2013)
[20] MITROPOULOS E.E.: ‘Nor-Shipping Conference – What’s
next, IMO?’ In Nor-Shipping Conference, Oslo, 24 May
2011, Oslo. Available online at: http://www.imo.org/
MediaCentre/SecretaryGeneral/SpeechesByTheSecretary
General/Pages/Nor.aspx. Last accessed: 16 September
2013, (2011)
62 Resilience, Security and Risk in Transport, 2013, pp. 56–63
&The Institution of Engineering and Technology 2013
