PDF
Abstract
This study is an investigation into cyberattacks on autonomous vessels, focusing on previous “real-world” cyberattacks and their consequences. The future of commercial and noncommercial shipping is moving toward autonomous vessels. Autonomous ships can provide significant financial and logistical benefits for shipping companies and their stakeholders. However, these vessels suffer from shortcomings concerning cybersecurity. Previous cyberattacks are investigated to understand how the command system of an autonomous ship is infiltrated, the consequences of an attack, and the shortfalls of the security of the vessel. This aim is achieved via a literature review concerning cyberattacks on autonomous vessels with a focus on sources indicating how the security systems of previous vessels were breached, the consequence of said cyberattacks, and their capability for recovery. Sources used include Web of Science, Scopus, Google Scholar, Mendeley, Zotero, SciFinder, broadsheet, and newspaper articles. The results of the literature review showed that autonomous vessels are significantly vulnerable to cyberattacks. Autonomous vessels were determined to have relatively easy-to-breach security systems. In most cases, the consequences of a cyberattack had a negative financial impact, a loss of cargo, and a potential breach of oceanic airspace, resulting in military action. The vessels analyzed were left “dead in the water” until they were recovered, and after a severe attack, the affected shipping company servers suffered potential weeklong incapacitation. This study also aims to fill the gaps in the transport industry and maritime market concerning the security of autonomous vessels and viable recovery procedures.
Cite this article
Download citation ▾
Steve Symes, Eddie Blanco-Davis, Tony Graham, Jin Wang, Edward Shaw.
Cyberattacks on the Maritime Sector: A Literature Review.
Journal of Marine Science and Application 1-18 DOI:10.1007/s11804-024-00443-0
| [1] |
Agari Damages from business email compromise (BEC) top the 2019 FBI IC3 list, 2020 Retrieved from
|
| [2] |
Ahmed A, Gkioulos V. Utilizing AIS for command and control in maritime cyber attacks. Computer security-ESORICS, 2022 535-553
|
| [3] |
Ahvenjarvi S, Czarnowski I, Szyman P. Safe information exchange on board of the ship. Trans-nav International Journal on Maritime Navigation and Safety of Sea Transportation, 2019, 13(1): 165-171.
|
| [4] |
Alop A. The main challeges and barriers to the successful ‘smart shipping’. Transnav-International Journal on Marine Navigation and Safety of Sea Transportation, 2019, 13(3): 521-528.
|
| [5] |
Amro A, Gkioulos V (2023a) Evaluation of a cyber risk assessment approach for cyber physical systems: maritime and energy use cases. Journal of Marine Science and Engineering 11(4). https://doi.org/10.3390/jmse11040744
|
| [6] |
Amro A, Gkioulos V. Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth. Int Journal of Information Security, 2023, 22(1): 249-288.
|
| [7] |
Amro A, Gkioulos V, Katsikas S. Connect and protect: Requirements for maritime autonomous surface ship in urban passenger transportation. Computer Security, ESORICS, 2020, 11980: 69-85.
|
| [8] |
Amro A, Gkioulos V, Katsikas S. Assessing cyber risk in cyber physical systems using the ATT&CK framework. ACM Transactions on Privacy and Security, 2023, 2: 26
|
| [9] |
Amro A, Oruc A, Katsikas S. Navigation data anomaly analysis and detection. Information, 2022, 13(3): 104.
|
| [10] |
Anatoliy P, Kristina V, Aleksandr V. Technologies of safety in the Bank Sphere from cyber attacks. ELConRUS, 2018 14-19
|
| [11] |
Bakdi A, Glad IV. Testbed scenario design exploiting traffic big data for autonomous ship trails under multiple conflicts with collision/grounding risks and spatio-temporal dependencies. IEEE Transactions on Intelligent Transportation Systems, 2021, 22(12): 7914-7930.
|
| [12] |
Bakdi A, Vanem E. Fullest COLREGs evaluation using fuzzy logic for collabarative decision making analysis of autnomous ships in complex situatuions. IEEE Transactions on Intelligent, 2022, 23(10): 18433-18445.
|
| [13] |
Baker J MSC confirms website shutdown caused by cyber attack, 2020 Retrieved from LLoyds List
|
| [14] |
Bolbot V, Theotokatos G, Van Collie A. A novel risk assessment process: Application to an autonomous inland waterways ship. IMEJRR Glasgow, 2023
|
| [15] |
Bolbot V, Theotokatos G, Vassalos D. A novel cyber-risk assessment method for ship systems. Safety Science, 2020 224871472
|
| [16] |
Boudehenn C, Cexus J, Boudraa A. Holistic approach of integrated navigation equipment for cybersecurity at sea. ICCSASMCS, 2023 75-86
|
| [17] |
Chang C, Kontovas C, Yang Z. Risk assessment of the operations of maritime autonomous surface ships. RESS, 2021, 207: 107324
|
| [18] |
Chiu S, Provan G, Vasco D. Shipboard system diagnostics & reconfiguration using model-based autonomous cooperative agents. Control Applications in Maritime Systems, 2001, 34(7): 323-329
|
| [19] |
Corfield G The Telegraph-Royal Navy contractor forced to pay off cyber criminals, 2023
|
| [20] |
Dittman K, Hansen P, Blanke M. Autonomy for ships: A sovereign agents architecture for reliability and safety by design. SYSTOL, Saint-Raphael, 2021 50-57
|
| [21] |
EclecticIQ Thr’eat Research Team Multi-year spearphishing campaign targets he maritime industry likely for financial gain, 2023
|
| [22] |
Ehlers T, Portier M, Thoma D. Automation of maritime shipping for more safety and environmental protection. AT Automatisierungstechnik, 2022, 70(5): 406-410.
|
| [23] |
Epikhin A, Modina M. Problems of introducing unmanned vessels on the basis of statistical studies of emergencies and ship losses. Marine Interllectual technologies, 2021, 3: 77-82
|
| [24] |
Fang Y, Pu J, Liu S. A control strategy of normal motion and self-rescue for autonomous underwater vehicle based on deep reinforcement learning. AIP Advances, 2022, 1: 12
|
| [25] |
Gkioulos V, Ahmed A. AIS for ship survivability in maritime cyber attacks. Computer Security-ESORICS, 2021 91-119
|
| [26] |
Goud N Cyber attack on COSCO, 2018
|
| [27] |
Greenberg A The untold story of NotPetya, the most devastating cyberattack in history, 2017
|
| [28] |
Greiman V. Navigating the cyber sea: dangerous atolls ahead. 14th ICCWS, 2019 87-93
|
| [29] |
Hopcraft R, Harish A, Jones K. Raising the standard of maritime voyage data recorder security. Journal of Marine Science and Engineering, 2023, 11(2): 267.
|
| [30] |
Issa M, Ilinca A, Rizk P. Maritime autonomous surface ships: Problems and challenges facing the regulatory process. Sustainability, 2022, 14(23): 15630.
|
| [31] |
Jung B, Moon S, Shin Y. Development of autonomous recovery system for pipeline of naval ships by using a multistage control algorithm. Transactions on Mechatronics, 2022, 27(2): 1150-1161.
|
| [32] |
Jung J, Lee Y, Yeu T (2022b) Multi-Modal sonar mapping of offshore cable lines with an autonomous surface vehicle. Journal of Marine Science and Engineering 10(3). https://doi.org/10.3390/jmse10030361
|
| [33] |
Kardakova M, Shipunov I, Knysh T. Cyber security on sea transport. RESS, 2020, 982: 481-490
|
| [34] |
Kavallieratos G, Diamantopoulou V, Katsikas S. Shipping 0; Security requirements for the cyber-enabled ship. IEEE Transactions on Industrial Informatics, 2020, 16(10): 6617-6625.
|
| [35] |
Kavallieratos G, Katsikas S, Gkioulos V. Cyber-attacks against the autonomous ship. Computer Security, 2019, 11387: 276-230
|
| [36] |
Kavallieratos G, Katsikas S, Gkioulos V. Modelling shipping 0; A reference architecture for the cyber-enabled ship. ACIIDS Phuket, 2020 202-217
|
| [37] |
Kavallieratos G, Spathoulas G, Katsikas S. Cyber risk propagation and optimal selection of cybersecurity for complex cyberphysical systems. SENSORS, 2021, 21(5): 1691.
|
| [38] |
Kayisoglu G, Bolat P, Tam K. A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR. The Journal of Marine Engineering and Technology, 2024, 23(2): 67-81.
|
| [39] |
Li J, Yu X. Robust saturated tracking control of an autonomous surface vehicle. CCDC, 2020 3472-3477
|
| [40] |
Liberati A, Altman DG, Tetzlaff J, Mulrow C, Gøtzsche PC, Ioannidis JPA, Clarke M, Devereaux PJ, Kleijnen J, Moher D. The PRISMA statement for reporting systematic reviews and meta analyses of studies that evaluate health care interventions: explain and elaboration. The Journal of Clinical Epidemiology, 2009, 62(10): 1-34.
|
| [41] |
Liou J. AUV hydrodynamics for survivability and controllability. MTS/IEEE OCEANS Conference, 2011 1-9
|
| [42] |
Livelli K, Smith R, Gross J. Operation Shaheen. Cylance, 2020 1-32
|
| [43] |
Loukas GK. A taxonomy and survey of cyber physical intrusion detection approaches for vehicles. AD HOC Networks, 2019, 84: 124-147.
|
| [44] |
Manuel R The Defense Post, 2023
|
| [45] |
Martelli M, Cassara P, Tonellotto N. The internet of ships. ERCIM NEWS, 2020 17-18
|
| [46] |
Martelli M, Russo E, Merlo A, Zaccone R (2024) Adversarial waypoint injection attacks on Maritime Autonomous Surface Ships (MASS) collision avoidance systems. The Journal of Marine Engineering and Technology, 1–12. DOI: https://doi.org/10.1080/20464177.2023.2298521
|
| [47] |
Martelli M, Virdis A, Di Summa M. An outlook on the future marine traffic management system for autonomous ships. IEEE Access, 2021, 9: 157316-157328.
|
| [48] |
Mascellino A Fata morgana watering hole attack targets shipping, logistics firms, 2023
|
| [49] |
McGillivary P. Why maritime cybersecurity is an ocean policy priority and how it can be addressed. Marine Technology Society Journal, 2018, 52(5): 44-57.
|
| [50] |
Meland P, Bernsmed K, Nesheim D. A retrospective analysis of maritime cyber security incidents. Trans-nav-international Journal on Maritime Navigation and Safety of Sea Transportation, 2021, 15(3): 519-530.
|
| [51] |
Mission Secure Mission secure-maritime security, 2023
|
| [52] |
Nakhodchi S, Zolfaghari B, Yazdinejad A, Dehghantanha A. SteelEye: An application-layer attack detection and attribution model in industrial control systems using Semi-deep learning. 2021 18th International Conference on Privacy, Security and Trust, 2021 1-8
|
| [53] |
National Cyber S C APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on cisco routers, 2023
|
| [54] |
Nicaise V. Cybermaretique: a short history of cyberattacks against ports. Stormshield, 2021
|
| [55] |
Onishchenko O, Shumilova K, Volianskyi Y. Ensuring cyber resilience of ship information systems. Transnav-international Journal on Marine Navigation and Safety of Sea Transportation, 2022, 16(1): 43-50.
|
| [56] |
Park C, Kontovas C. A BN driven FMEA approach to assess maritime cybersecurity risks. Ocean & Coastal Management, 2023, 235: 106480.
|
| [57] |
Pitropakis N, Logothetis M, Lambrinoudakis C. Towards the creation of a threat intelligence framework for maritime infrastructures. Computer Security Esorics, 2020 53-68.
|
| [58] |
Polemi N, Van-Maele C Cybersecurity in maritime infrastructure, 2023
|
| [59] |
Port Technology T Major European ports hit by cyber attack, 2022
|
| [60] |
Qiao S, Zheng K, Wang G. A path planning method for autonomous ships based on SVM. Ocean Engineering, 2020 3068-3072
|
| [61] |
Qiu Y, Li Y, Lang J. An optimal tracking control method for unmanned ship approach. CCDC (33rd), 2021 546-551
|
| [62] |
Rabieinejad E, Yazdinejad A, Dehghantanha A, Srivastava G. Two-level privacy-preserving framework: federated learning for attack detection in the consumer internet of things. IEEE Transactions on Consumer Electronics, 2024 1
|
| [63] |
Rabieinejad E, Yazdinejad A, Dehghantanha A, Parizi RM, Srivastava G. Secure AI and blockchain-enabled framework in smart vehicular networks. IEEE Globecom Workshops GC wkshps, 2021 1-6
|
| [64] |
Sahay R, Estay DAS, Meng WZ, Jensen CD, Barfod MB. A comparative risk analysis on CyberShip system with STPA-Sec, STRIDE and CORAS. Computers and Security, 2023, 128: 117-129.
|
| [65] |
Sakhnini J, Karimipour H, Dehghantanha A, Yazdinejad A, Gadekallu T, Victor N. A generalizable deep neural network method for detecting attacks in industrial Cyber-Physical systems. IEEE Systems Journal, 2023, 17(4): 5152-5160
|
| [66] |
Sepehri A, Vandchali H, Montewka J. The impact of shipping 0 on controlling shipping accidents: A systematic literature review. Ocean Engineering, 2022 243
|
| [67] |
Serru T, Nguyen N, Rauzy A (2023) Modeling cyberattack propagation and impacts on cyber physical system safety: An experiment. Electronics (1): 12. https://doi.org/10.3390/electronics12010077
|
| [68] |
Shapo V, Levinskyi M. Means of cyber security aspects studying in maritime specialists education. Infrastructures and Mobile Applications, 2021, 1192: 389-400.
|
| [69] |
Shipunov I, Voevodskiy K, Gatchin Y. About the problems of ensuring information security on unmanned ships. EICONRUS, 2019 1-9
|
| [70] |
Silva R, Hickert C, Sookoor T. AlphaSOC: reinforcement learning-based cybersecurity automation for cyber-physical systems. ICCPS, 2022 290-291
|
| [71] |
Silverajan B, Ocak M, Nagel B. Cybersecurity attacks and defences for unmanned smart ships. IEEE ICC, 2018 15-20
|
| [72] |
Solnor P, Volden O, Fossen T. Hijacking of unmanned surface vehicles: A demonstration of attacks and countermeasures in the field. Journal of Field Robotics, 2022, 39(5): 631-649.
|
| [73] |
Symes SW, Fairclough S, Wang J, Yang Z, Blanco-Davis E Simulator based human performnace assessment in a ship engine room using functional near-infrared spectroscopy, 2022 Liverpool Liverpool John Moores University 29303124
|
| [74] |
Talos C DNS hijacking abuses trust in core internet service, 2018
|
| [75] |
Tam K, Jones K. Cyber-risk assessment for autonomous ships. International Conference on Cyber Security and Protection of Digital Services, 2018 1-8
|
| [76] |
The International Maritime Organisation (IMO) Imo. org, 2019
|
| [77] |
Tidy J BBC news-technology, 2023
|
| [78] |
Titov A, Barakat L, Kovalev O. Risk assessment of operating unmanned ships. Marine Intellectual Technologies, 2019, 4(4): 11-23
|
| [79] |
Turner J Sea hunter: inside the US navy’s autonomous submarine tracking vessel, 2018
|
| [80] |
Tusher H, Munim Z, Nazir S. Cyber security risk assessment in autonomous shipping. Maritime Economics and Logistics, 2022, 24(2): 208-227.
|
| [81] |
Vagale A. Evaluation simulator platform for extended collision risk of autonomous surface vehicles. Journal of Marine Science and Engineering, 2022, 10(5): 14-17.
|
| [82] |
Vagale A, Bye R, Fossen T. Path planning for autonomous surface vehicles II: a comparative study of algorithms. Journal of Marine Science and Technology, 2021, 26(4): 1307-1323.
|
| [83] |
Yazdinejad A, Dehghantanha A, Parizi R, Hammoudeh M, Karimipour H, Srivastava G. Block hunter: federated learning for cyber threat hunting in blockchain-based IIoT networks. IEEE Transactions on Industrial Informatics, 2022, 18(11): 8356-8366.
|
| [84] |
Yazdinejad A, Dehghantanha A, Parizi R, Srivastava G, Karimipour H. Secure intelligent fuzzy blockchain framework: Effective threat detection in IoT networks. Computers in Industry, 2023 144
|
| [85] |
Yazdinejad A, Parizi RM, Srivastava G, Dehghantanha A, Choo K K. Energy efficient decentralized authentication in internet of underwater things using blockchain. IEEE Globecom Workshops GC Wkshps, 2019 1-6
|
| [86] |
Yoo J, Jo Y. Formulating cybersecurity requirements for autonomous ships using SQUARE methodology. SENSORS, 2023, 11(1): 23
|
| [87] |
Yoo Y, Park H (2021) Qualitative risk assessment of cybersecurity and development of vulnerability enhancement plans in consideration of digitalized ships. Journal of Marine Science and Engineering, 9. https://doi.org/10.3390/jmse9060565
|
| [88] |
Zhou X, Liu Z, Ni S. Collision risk identification of autonomous ships based on the synergy ship domain. CCDC, 2018 6746-7652
|
| [89] |
Zhou X, Liu Z, Wu Z. A system-theoretic approach to safety and security co-analysis of autonomous ships. Ocean Engineering, 2021, 222: 108569.
|
