Кибербезопасность на море. навигационный аспект

Статья представляет собой обзор публикаций, посвященных вопросам кибербезопасности на море, связанным с навигационным обеспечением мореплавания. Обсуждаются киберугрозы в отношении ЭКНИС, автоматической идентификационной системы, регистратора данных рейса и интегрированной навигационной системы в целом. Отмечаются специфика кибербезопасности беспилотных судов, влияние на кибербезопасность человеческого фактора, анализируется нормативная база по борьбе с киберугрозами.

1. The Review of Maritime Transport [Электронный ресурс]. URL: https://unctad.org/system/files/ official-document/rmt2017_en.pdf (дата обращения: 16.01.2024).

2. Cyber-enabled ships, Lloyd’s Register, 2016.

3. Fosen, J., Cyber Security Awareness in the Maritime Industry, January 2019. [Электронный ресурс]. URL: https://www.gard.no/Content/25634225/Cyber%20Security_Presentation%20(ID%201418279).pdf (дата обращения: 15.01.2024).

4. Cyber security threats in maritime industry, DNV, 2019.

5. Akpan, F., Bendiab, G., Shiaeles, S., et al., Cybersecurity challenges in the maritime sector, Network, 2022, 2(1), pp. 123–138, doi:10.3390/network2010009.

6. Семенов С. Морская кибербезопасность – ситуация, проблемы и риски [Электронный ресурс] // Российский совет по международным делам» (НП РСМД). URL: https://russiancouncil.ru/analytics-and-comments/columns/cybercolumn/morskaya-kiberbezopasnost-situatsiya-problemy-i-riski/ (дата обращения: 16.01.2024).

7. Roberts, F.S., Egan, D., Nelson, C., and Whytlaw, R., Combined cyber and physical attacks on the maritime transportation system, NMIOTC Marit. Interdiction Oper. J., 2019, 18, 22.

8. Cohen, Z. US Navy ship collides with South Korean fishing boat [Электронный ресурс], CNN, 2024. URL: https://edition.cnn.com/2017/05/09/politics/fishing-vessel-hits-us-navy-ship-south-korea/index. html (дата обращения: 18.01.2024).

9. The Guidelines on Cyber Security Onboard Ships. Version 3 [Электронный ресурс]. URL: https://safety4sea.com/wp-content/uploads/2018/12/BIMCO-Guidelines-on-cyber-security-onboardships-2018_12.pdf (дата обращения: 19.01.2024)

10. Al-Mhiqani, M.N., Ahmad, R., Yassin, W., Hassan, A., Abidin, Z.Z., Ali, N.S., and Abdul-kareem, K.H., Cyber-security incidents: A review cases in cyber-physical systems, Int. J. Adv. Comput. Sci. Appl., 2018, 1, 499–508.

11. Andersen, I., The 10 Most Common Types of Cyber Security Attacks Today 3 [Электронный ресурс]. May 15, 2018. URL: https://blog.netwrix.com/2018/05/15/top-10-most-common-types-of-cyber-attacks/ (дата обращения: 16.01.2024).

12. The Guidelines on Cyber Security Onboard Ships. Version 4 [Электронный ресурс]. URL: https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboardships (дата обращения: 13.01.2024).

13. Mednikarov, B., Tsonev Y., and Lazarov, A., Analysis of cybersecurity issues in the maritime industry, Information & Security, 2020, vol. 47, no. 1, pp. 27–43, doi: 10.11610/isij.4702.

14. Yevgen Dyryavyy, Preparing for Cyber Battleships – Electronic Chart Display and Information System Security [Электронный ресурс], 2014. URL: https://research.nccgroup.com/wp-content/uploads/2020/07/2014-03-03_-_ncc_group_-_whitepaper_-_cyber_battle_ship_v1-0.pdf (дата обращения: 13.01.2024).

15. Svilicic, B., Brčić, D., Žuškin, S., and Brčić, D., Raising awareness on cyber security of ECDIS, TransNav the Int., J. on Marine Navigation and Safety of Sea Transportation, 2019, 13(1), pp. 231–236, doi:10.12716/1001.13.01.24

16. ‘Petya’ ransomware attack: what is it and how can it be stopped? [Электронный ресурс], The Guardian, 2017. URL: https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyberattack-who-what-why-how (дата обращения: 17.01.2024).

17. Svilicic, B., Kristić, M., Žuškin, S., and Brčić, D. Paperless ship navigation: Cyber security weaknesses, Journal of Transportation Security, 2020, 13, pp. 203–214. https://doi.org/10.1007/s12198-020-00222-2.

18. Revised guidelines for onboard operational use of AIS (safety4sea.com) [Электронный ресурс]. URL: https://safety4sea.com/revised-guidelines-for-the-onboard-operational-use-of-shipboard-ais/ (дата об ращения: 16.01.2024).

19. Botunac Ive, Analysis of software threats to the automatic identification system, Brodogradnja, 2017, 68(1), pp. 97–105, doi:10.21278/brod68106.

20. Kessler, G., Craiger, P., and Haass, J., A taxonomy framework for maritime cybersecurity: a demonstration using the automatic identification system, TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, 2018, 12(3), pp. 429–437, doi:10.12716/1001.12.03.01.

21. Strohmeier, M., Lenders, V., & Martinovic, I., On the Security of the Automatic Dependent Surveillance // Broadcast Protocol, IEEE Communications Surveys & Tutorials, 2015, 17(2), pp. 1066–1087.

22. Balduzzi, M., Pasta, A. and Wilhoit, K., A security evaluation of AIS automated identifica tion system, Proc. 30th Annual Computer Security Applications Conference, New Orleans, 2014, pp. 436–445.

23. Gallagher, S., Hacked at sea: Researchers find ships’ data recorders vulnerable to attack [Электронный ресурс]. URL: https://arstechnica.com/information-technology/2015/12/hacked-at-sea-researchers-find-ships-data-recorders-vulnerable-to-attack/ (дата обращения: 16.01.2024).

24. Anand, N., Voyage Data Recorder of Prabhu Daya may have been tampered with [Электронный ресурс]. URL: http://www.thehindu.com/news/national/tamil-nadu/voyage-data-recorder-of-prabhu-daya-may-have-been-tampered-with/article2982183.ece (дата обращения: 16.01.2024).

25. Soner, O., Kayişoğlu, G., Bolat, P.Y., and Tam, K., Cybersecurity risk assessment of VDR, Journal of Navigation, 2023, 1–18. https://doi.org/10.1017/S0373463322000595.

26. Lund, M.S., Gulland, J.E., Hareide, O.S., Jøsok, Ø., and Weum, K.O.C., Integrity of Integrated Navigation Systems, IEEE Conference on Communications and Network Security (CNS), 2018, doi:10.1109/CNS.2018.8433151.

27. Resolution MSC.252(83): Adoption of the Revised Performance Standard for Integrated Navigation Systems (INS), International Maritime Organization (IMO), 2007.

28. Shim, K.-A., A survey of public-key cryptographic primitives in wireless sensor networks, IEEE Commun. Surveys Tuts., 2016, vol. 18, no. 1, pp. 577–601.

29. Svilicic, B., Rudan, I., Jugović, A., and Zec, D., Security threats in a shipboard integrated navigational system, Journal of Marine Science and Engineering, 2019, 7(10):364, doi:10.3390/jmse7100364.

30. Hareide, O.S., Jøsok, Ø., Lund, M.S., Ostnes, R., and Helkala, K.M., Enhancing navigator competence by demonstrating maritime cyber security, Journal of Navigation, 2018, 71 (5), pp. 1025–1039, doi: 10.1017/S0373463318000164.

31. Hutchins, E.M., Cloppert, M.J., & Amin, R.M., Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains, Leading Issues in Information Warfare & Security Research, 2011, 1, 80.

32. Kavallieratos, G., Katsikas, S., and Gkioulos, V., Cyber-attacks against the autonomous ship, in Katsikas, S., et al., Computer Security. SECPRE CyberICPS 2018, Lecture Notes in Computer Science, 2019, vol. 11387, Springer, Cham, https://doi.org/10.1007/978-3-030-12786-2_2.

33. Shostack, A., Threat Modeling: Designing for Security, 1st edn, Wiley, Hoboken, 2014.

34. Silverajan, B., Ocak, M., and Nagel, B., Cybersecurity attacks and defences for unmanned smart ships, IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018, doi:10.1109/cybermatics_2018.2018.00037

35. Santamarta, R., Maritime Security: Hacking into Voyage [Электронный ресурс]. URL: https://blog.ioactive.com/2015/12/maritime-security-hacking-into-voyage.html (дата обращения: 19.01.2024).

36. Hammerschmidt, Ch., CAN FD vulnerability threatens vehicle security [Электронный ресурс]. URL: https://www.eenewseurope.com/en/can-fd-vulnerability-threatens-vehicle-security/ (дата обращения: 19.01.2024).

37. Bosnjak, R., Simunovic, L., and Kavran, Z., Automatic Identification System in Maritime Traffic and Error Analysis, Transactions on Maritime Science, 2012, 1(02), pp. 77–84.

38. Zhou, X., Liu, Z., Wu, Z., and Wang, F., Quantitative processing of situation awareness for au tonomous ships navigation, TransNav Int J Mar Navig Saf Sea Transport, 2019, 13 (1), pp. 25–31. doi:10.12716/1001.13.01.01.

39. Wróbel, K., Montewka, J., and Kujala, P., Towards the development of a system-theoretic model for safety assessment of autonomous merchant vessels, Reliability Engineering & System Safety, 2018, vol. 178, pp. 209–224, doi:10.1016/j.ress.2018.05.019.

40. Endsley, M.R., Toward a theory of situation awareness in dynamic systems, Human factors, 1995, vol. 37, pp. 32–64, doi: 10.1518/001872095779049543.

41. Taylor, R.M., Situational awareness rating technique (SART): The development of a tool for aircrew systems design, Situational Awareness, Routledge, 2017, pp.111–128, doi:10.4324/9781315087924-8.

42. Wróbel, K., Montewka, J., and Kujala, P., System-theoretic approach to safety of remotely-controlled merchant vessel, Ocean Engineering, 2018, vol. 152, pp. 334–345, doi: 10.1016/j.oceaneng.2018.01.020.

43. Zhou, X., Liu, Z., Wang, F., and Ni, S., Collision risk identification of autonomous ships based on the synergy ship domain, Chinese Control and Decision Conference (CCDC), 2018, pp. 6746–6752, doi:10.1109/CCDC.2018.8408320.

44. Silverajan, B., Ocak, M., and Nagel, B., Cybersecurity attacks and defences for unmanned smart ships, Proc. IEEE Int. Conf. on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Compu-ting (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 30 July–3 August 2018, pp. 15–20.

45. Zhou, X., Liu, Z., Wu, Z., and Wang, F., Quantitative processing of situation awareness for autonomous ships navigation, Int. J. Mar. Navig. Saf. Sea Transp., 2019, 13, 25–31.

46. Bechtsis, D., Tsolakis, N., Bizakis, A., and Vlachos, D., A blockchain framework for contain-erized food supply chains, Computer Aided Chemical Engineering, Elsevier: Amsterdam, The Netherlands, 2019, vol. 46, pp. 1369–1374, doi:10.1016/B978-0-12-818634-3.50229-0.

47. Wullems, C., Pozzobon, O., and Kubik, K., Signal authentication and integrity schemes for next generation global navigation satellite systems, European Navigation Conference (ENC-GNSS), 2005, 2005-07-19–2005-07-22.

48. Caparra, G., Sturaro, S., Laurenti, N., Wullems, C., and Ioannides, R.T., A novel navigation message authentication scheme for GNSS open service, Proc. 29th Int. Tech. Meeting of the Satellite Division of the Institute of Navigation (ION GNSS+ 2016), Portland, OR, USA, 12–16 September 2016, pp. 2938–2947, doi:10.33012/2016.14692.

49. Reddy, G.N. and Reddy, G., A study of cybersecurity challenges and its emerging trends on latest technologies, arXiv, 2014, 1402.1842.

50. Bour, G., Bernsmed, K., Borgaonkar, R., and Meland, P.H., On the Certificate Revocation Problem in the Maritime Sector, in Asplund, M., Nadjm-Tehrani, S. (eds) Secure IT Sys-tems. NordSec 2020. Lecture Notes in Computer Science, 2021, vol. 12556, Springer, Cham., https://doi.org/10.1007/978-3-030-70852-8_9.

51. Pseftelis, T. and Chondrokoukis, G., A Study about the role of the human factor in maritime cybersecurity, SPOUDAI Journal of Economics and Business, 2021, vol. 71, no. 1–2, pp. 55–72.

52. Exercise Neptune: Maritime Cybersecurity training using the Navigational Simulators [Электронный ресурс]. https://www.researchgate.net/publication/338753306_Exercise_Neptune_Maritime_Cybersecurity_training_using_the_Navigational_Simulators (дата обращения: 17.01.2024).

53. Heering, D. and Lovell, K.N., Exercise Neptune: Maritime cybersecurity training using the navigational simulators, 5th Interdisciplinary Cyber Research Conference, Tallinn, Estonia, 2019 [Электронный ресурс]. URL: https://www.researchgate.net/publication/338753306_Exercise_Neptune_Maritime_Cybersecurity_training_using_the_Navigational_Simulators.

54. Caprolu, M., DiPietro, R., Raponi, S., Sciancalepore, S., and Tedeschi, P., Vessels Cyber-security: Issues, Challenges, and the Road Ahead, IEEE Communications Magazine, 2020, 58 (6): 90–96.

55. Kamlesh Kanwal, Wenming Shi, Christos Kontovas, Zaili Yang, & Chia-Hsun Chang, Maritime cybersecurity: are onboard systems ready? [Электронный ресурс], Maritime Policy & Management, 16 Sep 2022, doi: 10.1080/03088839.2022.2124464. URL: https://www.tandfonline.com/doi/full/10.1080/03088839.2022.2124464 (дата обращения: 17.01.2024).

56. Wu, Z., Pan, Q., Yue, M., Ma, S., An Approach of Security Protection for VSAT Network, 17th IEEE International Conference On Trust, Security and Privacy in Computing and Communications, 12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), New York, NY, USA, 1–3 August 2018, pp. 1511–1516.

57. Maritime Security: Hacking into a Voyage Data Recorder (VDR) [Электронный ресурс]. URL: https://ioactive.com/maritime-security-hacking-into-a-voyage-data-recorder-vdr/ (дата доступа 16.01.2024). 58. Heffner, C., Exploiting network surveillance cameras like a Hollywood hacker [Электронный ресурс]. URL: https://privacy-pc.com/articles/exploiting-network-surveillance-cameras-like-a-hollywood-hack er.html (дата доступа 16.01.2024).

58. Ben Farah, M.A., Ukwandu, E., Hindy, H., Brosset, D., Bures, M., Andonovic, I., Bellekens, X., Cybersecurity in the maritime industry: A systematic survey of recent advances and future trends, Information, 2022, 13, 22, Article 22, https://doi.org/103390/info13010022.

59. Bugeja, J., Jönsson, D., Jacobsson, A., An investigation of vulnerabilities in smart connected cameras, Proceedings of the 2018 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Athens, Greece, 19–23 March 2018, pp. 537–542, doi:10.1109/PERCOMW.2018.8480184.

60. The Guidelines on Cyber Security onboard Ships (05 October 2023). [Электронный ресурс]. URL: https://www.intercargo.org/guidelines-cyber-security-onboard-ships/ (дата обращения: 18.01.2024).

61. The Guidelines on Cyber Security onboard Ships, Version 4, December 2020 [Электронный ресурс]. URL: https://www.ics-shipping.org/wp-content/uploads/2021/02/2021-Cyber-Security-Guidelines.pdf (дата обращения: 17.01.2024).

62. Maritime cyber risk management in safety management systems (RESOLUTION MSC.428(98), 16 June 2017) [Электронный ресурс]. URL: https://wwwcdn.imo.org/localresources/en/KnowledgeCentre/IndexofIMOResolutions/MSCResolutions/MSC.428(98).pdf (дата обращения: 17.01.2024).

63. Ahvenjärvi, S., Czarnowski, I., Kåla, J., Kyster, A., Meyer, I., Mogensen, J., Szyman, P., Safe information exchange on board of the ship, TransNav: International Journal on Marine Naviga-tion and Safety of Sea Transportation, 2019, vol. 13, no. 1, doi: 10.12716/1001.13.01.17 [Электронный ресурс]. URL: https://paperity.org/p/275182587/safe-information-exchange-on-board-of-the-ship (дата обращения: 17.01.2024).

64. Dean, M., New ECDIS Cyber Security Regulations & Requirements [Электронный ресурс], Feb 08, 2020. URL: https://www.amnautical.com/es/blogs/news/keep-ecdis-secure-with-software-updates (дата обращения: 19.01.2024).

65. NaviSailot 4000 ECDIS Overview Brochure [Электронный ресурс]. URL: https://static.mackaycomm.com/wp-con-tent/uploads/2021/08/Transas_ECDIS_NaviSailor_4000_Summary_Dec11_Mackay_ v01HR.pdf.

66. Recommendation on Cyber Resilience No. 166 (Apr 2020) [Электронный ресурс]. URL: https://www.steamshipmutual.com/sites/default/files/downloads/articles/2020/IACS-Recommendation-onCyber-resilience-No-166-2020_04.pdf (дата обращения: 18.01.2024).

67. Cybersecurity for the maritime industry [Электронный ресурс]. URL: https://www.maritime.cybersecurity.com/ (дата обращения: 18.01.2024).

68. National Maritime Cybersecurity Plan Released [Электронный ресурс]. Vincent Milano, Jan 12, 2021. URL: https://www.hsdl.org/c/national-maritime-cybersecurity-plan-released/ (дата обращения: 17.01.2024).

69. Guidelines on maritime cyber risk management MSC-FAL.1/Circ.3/Rev.1 [Электронный ресурс]. 14 June 2021. URL: https://wwwcdn.imo.org/localresources/en/OurWork/Facilitation/Facilitation/ MSC-FAL.1-Circ.3-Rev.1.pdf (дата обращения: 19.01.2024).

70. Афонин А. Кибербезопасность в судоходстве. Актуальные вызовы. [Электронный ресурс]. 2021. URL: https://www.korabel.ru/news/comments/kiberbezopasnost_v_sudohodstve_aktualnye_vyzovy. html (дата обращения: 19.01.2024).

71. Семенов С. Морские вести России [Электронный ресурс] // Морская кибербезопасность. Новое в 2021 году. URL: https://morvesti.ru/analitika/1692/92320/ (дата обращения: 19.01.2024).

72. Ривкин Б.С. е-Навигации – десять лет // Гироскопия и навигация. 2015. №4. С. 173–191. 10.17285/0869-7035.2015.23.4.173-191.