Педагогика

Морска киберсигуpност

MODELLING OF MARITIME CYBER SECURITY EDUCATION AND TRAINING

Gizem Kayisoglu
Istanbul Technical University
Istanbul Turkey
ORCiD: 0000-0003-2730-9780
E-mail: yukselg@itu.edu.tr
Pelin Bolat
Istanbul Technical University
Istanbul Turkey
ORCiD: 0000-0003-4262-3612
SCOPUS: 55568241400
Emre Duzenli
Istanbul Technical University
Istanbul Turkey

https://doi.org/10.53656/ped2023-6s.07

Резюме. The existence of sophisticated and integrated cyberspace aboard ships with information technology (IT) and operational technology (OT) makes cybersecurity a crucial concern for the maritime sector. The marine sector has benefited greatly from information and communication technologies, but they have also made ship systems and maritime infrastructure more susceptible to cyberattacks. Cyberattacks on ships have the potential to result in fatalities, severe financial losses, environmental damage, and other negative effects. A model course or specification for maritime cyber security education and training through the International Convention on Standards of Training, Certification, and Watchkeeping for Seafarers (STCW) 1978 has not yet been published by the International Maritime Organization (IMO), despite the fact that MSC.428 mandates cyber security risk management in the safety management system on ships to combat cyber-attacks and improve cyber resistance in maritime environments. The Analytic Hierarchical Process (AHP) technique is used in this work to offer a model for a curriculum for cyber security in the Maritime Education and Training (MET) system. It is possible to identify each competency's priority in the MET system's cyber security curriculum by comparing the relative weights assigned to each one. The results of the research provide the Met Institutions with the ability to be proactive and include cyber security knowledge and abilities into proposed curricula.

Ключови думи: maritime cyber security; MET; maritime cyber education; SEM

1. Introduction

Networking information and communication technology and operational technology on board ships is becoming more common as technology advances, and often connects to the Internet. While the goal of implementing cyber systems is to reduce the navigator's workload, doing so comes with the trade-off of increased complexity and vulnerability, both of which may necessitate a reevaluation of the skillset required to navigate safely and efficiently. To improve the navigator's skill through heightened system awareness, modern examples of how cyber-attacks can distort situational awareness and impede operations are required. Onboard ships, seafarers must be prepared to deal with an increasing number of cyber risks, with cybersecurity knowledge playing a vital part in emergency and crisis management. Unfortunately, current maritime education and training (MET) programs do not offer seafarers enough understanding of cybersecurity to enable them to recognize and mitigate the current cyber threat scenario.

There are important cybersecurity institutions in close proximity to the MET. The United States Naval Academy (USNA) has a cyber-operations program that is both NCAE-C Program-affiliated and ABET-accredited1, 10, and the United States Coast Guard Academy (USCGA) is applying for ABET accreditation for its cyber systems program9. The world over, however, signs of cybersecurity education deficiencies can be seen at METs.

In the literature, there are limited studies focusing on maritime cyber security education and training. Heering et al., (Heering et al. 2021) offer a structured survey of published maritime cybersecurity research, as well as an overview of the cybersecurity component of MET for sailors. According to the findings, there are presently no regulations for MET institutions to include cybersecurity awareness or cyber hygiene practice in their curricula. Shapo & Levinskyi (Shapo & Levinskyi 2021) stated that, on the one hand, it's important to enhance and broaden maritime schools' instruction in the following areas of information technology: the Industrial Internet of Things; wireless data transfer technologies; hardware for large-scale computer control systems; satellite data transfer systems, technologies, and protocols; big data; artificial intelligence; virtual and augmented reality; remote control; and pc programming. However, education about cyber security measures, tools, and procedures is essential. Specific hardware facilities and e-learning technologies are required for the actualization of each of these goals. Hareide et al., (Hareide et al. 2018) illustrate some of the entry points through which a cyber-attack can compromise a ship and discuss the likelihood and repercussions of such an attack. To better understand how to demystify cyber dangers and increase navigators' proficiency, they give a case study in their research. Scanlan et al. (2022) discuss a number of approaches that have been taken to address difficulty for maritime cyber security education. Their main goals include spreading knowledge about cyber risk and teaching people how to handle it safely in the maritime industry. There is no one answer to this problem; rather, multiple alternatives are offered. To guarantee digital systems are used in a secure manner, there needs to be an industry-wide effort. One answer could be to take another look at business relationship management/enterprise resource planning and determine what role it can play in laying a solid groundwork for the necessary skill requirements within the industry. To help shipping businesses keep a trained staff, an updated BRM/ERM might set a baseline of abilities and awareness in connection to cybersecurity.

Cyber-attacks onboard ships can cause navigational accidents, critical economic costs, environmental pollution, and loss of human life. Although the International Maritime Organization (IMO) has issued MSC.428 – which stipulates cyber security risk management in the safety management system on ships to combat cyber-attacks and improve cyber resistance in maritime environments – the IMO has yet to publish a model course or a specification for maritime cyber security education and training through the International Convention on Standards of Training, Certification, and Watchkeeping for Seafarers (STCW) 1978. In this paper, a model is proposed to provide a curriculum for cyber security in the Maritime Education and Training (MET) system, which complies with the STCW code. For this purpose, competences, understanding, knowledge, proficiency, methods for demonstrating competence, and criteria for evaluating competence under a function are developed in the maritime community by examining the current situation of maritime cyber security with the help of academic and industrial literature, as well as codes, instructions, and regulatory frames for maritime cyber security. Additionally, determined competences in curriculum for maritime cyber security are compared by using Analytic Hierarchical Process (AHP) method. By comparing the relative weights of each competence, their prioritization in the curriculum for cyber security in the MET system can be determined. These rankings provide guidance on the relative importance and priority of each competence in the curriculum, allowing for informed decision-making during the curriculum design process. The output of the study enables the MET Institutions to be proactive and include cyber security information and skills in the curriculum proposals.

2. Methodology

Designing a curriculum for cyber security in the Maritime Education and Training (MET) system requires careful consideration of various factors. Casey (2008) proposes steps for a curriculum development as in Figure 1. In this study, in addition to the steps shown in Figure 1, mainly, table framework in the STCW code, which shows the specification of minimum standards of competence for related proficiency of seafarers, is considered for the purpose of development a curriculum tailor-made cyber security in MET. After the development of curriculum, determined competences in curriculum for maritime cyber security are compared by using AHP method for determining prioritizations of the competences in the curriculum for cyber security in the MET system. These rankings provide guidance on the relative importance and priority of each competence in the curriculum, allowing for informed decision-making during the curriculum design process.

The main purpose of the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers (STCW) is to establish minimum training, certification, and watchkeeping standards for seafarers globally7. The convention sets out the requirements for seafarers' competence, knowledge, and skills to ensure safe navigation, protection of the marine environment, and the wellbeing of seafarers. STCW code defines standards and requirements for international maritime education, training, and certification in the specific tables for the purpose how seafarers gain skill and competence regarding professionalism. Accordingly, in this study, by setting the STCW table for cyber security in MET, a model is created for the purpose of defining specification of minimum standard of competence for officers in charge of ship cyber security or designated duty officers in a periodically cyber security of ship. The table includes columns regarding “competence”, “knowledge, understanding, and proficiency”, “methods for demonstrating competence”, and “criteria for evaluating competence” under a function.

Figure 1.Steps for Curriculum Development (Casey 2008)
Table 1.Curriculum for Cyber Security in METTable: Specication of minimum standard of competence for ocers in charge of ship cyber securityor designated duty ocers in a periodically cyber security of shipFunction: Cyber Security at the operational level / management levelCompetenceKnowledge, understanding andprociencyMethods for demonstratingcompetenceCriteria for evaluatingcompetence1. Knowledgeof Cyber ThreatLandscape:Understand the types of cyberthreats faced by the maritimesector, including malware, socialengineering, phishing attacks, andinsider threats.Identify emerging cyber threats andstay updated on the evolving threatlandscape.Written exams:Assess students'understanding ofdi󰀨erent typesof cyberthreatsand their characteristics through written examsthat include multiple-choice questions, shortanswers, and essays.Research papers:Assign research paperswhere students explore and analyze current andemerging cyber threats in the maritime sector,providing in-depth knowledge and insights.Accuracy and depth of knowledgethe maritime sector.Understanding of the characteristics,vectors, and potential impact of cyberthreats.Ability to explain the relevance of cyberthreats to the maritime industry.2. UnderstandingMaritime CyberSystems:Gain knowledge of the di󰀨erentcyber systems used in the maritimeindustry, such as navigation systems,communication systems, propulsionsystems, and cargo managementsystems.Comprehend the vulnerabilities andpotential risks associated with thesesystems.Practical demonstrations: Organize practicalsessions where students can interact withdi󰀨erent maritime cyber systems, understandtheir functionalities, and identify potentialvulnerabilities.Case studies: Present real-life case studiesof cyber incidents in the maritime domainand ask students to analyze the impacton maritime cyber systems and proposepreventive measures.Prociency in explaining thefunctionalities and components of maritimecyber systems.Identication of vulnerabilities andpotential risks associated with specicmaritime cyber systems.Application of knowledge to analyzethe potential impact of cyber threats onmaritime operations.3. Cyber RiskAssessment andManagement:Learn to conduct cyber riskassessments to identify potentialvulnerabilities and assess thepotential impact of cyber threats onmaritime operations.Develop skills to implement riskmitigation strategies and controls tominimize cyber risks.Risk assessment exercises: Providehypothetical scenarios or real-worldexamples where students conduct cyber riskassessments, identify vulnerabilities, assessrisks, and develop risk mitigation strategies.Risk management projects:Assign individualor group projects where students developcomprehensive cyber risk management plansfor specicmaritime systems,including riskidentication, analysis,and mitigationstrategies.Ability to conduct e󰀨ective cyber riskassessments, identifying vulnerabilities andassessing risks.Development of comprehensive riskmitigation strategies and controls.Understanding of risk managementprinciples and their application in themaritime context.
4. TechnicalSecurity– Network Security:Understand the principles andbest practices of securing maritimenetworks, including rewalls,intrusion detection systems, securecongurations, and access controls.Gain knowledge of networksegmentation and isolationtechniques to prevent unauthorizedaccess and protect critical systems.– Security of Industrial ControlSystems (ICS):Understand the unique securitychallenges associated with ICSused in the maritime industry, suchas SCADA(Supervisory Controland DataAcquisition) systems andonboard automation systems.Learn to implement securitymeasures to protect ICS from cyberthreats and potential disruptions.– Network Security:Network security simulations: Use networksimulation tools or virtual environments tocreate scenarios where students congureand secure maritime networks, implementrewalls, and manage access controls.Practical exercises:Assign hands-onexercises where students demonstrate theirability to secure network devices, conguresecurity protocols, and detect and respond tonetwork security incidents.– Security of Industrial Control Systems (ICS):ICS security assessments: Provideopportunities for students to assess thesecurity of ICS used in the maritime industryby identifying vulnerabilities, analyzingattack vectors, and recommending securitymeasures.Practical lab exercises: Set up hands-onlab sessions where students congure andsecure ICS components, apply patches,and implement access controls to protectindustrial control systems.– Network Security:Competence in conguring and securingmaritime networks, including rewalls,access controls, and secure congurations.Ability to detect and respond to networksecurity incidents.Understanding of network segmentationand isolation techniques for improvedsecurity.– Security of Industrial Control Systems(ICS):Prociency in assessing the security ofmaritime ICS components and systems.Ability to recommend and implementsecurity measures for protecting ICS in themaritime industry.Understanding of best practices forsecuring and monitoring ICS in themaritime context.5. IncidentDetection andResponse:Learn techniques for detecting andresponding to cyber incidents in themaritime domain, including incidenthandling procedures, incidentclassication, and incident escalationprocesses.Develop skills to e󰀨ectively contain,investigate, and mitigate cyberincidents to minimize the impact onmaritime operations.Incident response simulations: Conductsimulated cyber-security incident scenarios,where students demonstrate their ability todetect, analyze, and respond to incidentsusing incident response procedures and tools.Incident response plans:Assign studentsto develop detailed incident response plansthat outline steps to be taken in di󰀨erenttypes of cyber security incidents, includingcontainment, investigation, and recovery.Capability to identify and classify di󰀨erenttypes of cyber security incidents in themaritime domain.Application of incident handlingprocedures, including containment,investigation, and recovery.E󰀨ective decision-making and responsecoordination during simulated incidentscenarios.6. SecurityAwareness andTraining:Promote a culture of cybersecurity awareness among maritimepersonnel, including the recognitionof social engineering techniques,phishing attacks, and safe onlinepractices.Awareness campaigns:Assign students todevelop cyber-security awareness campaignstargeting maritime personnel, includinginformative posters, educational videos, orinteractive workshops.Demonstration of knowledgeand understanding of social engineeringtechniques, phishing attacks, and safeonline practices.E󰀨ective communicationof cybersecurityawareness messages to maritime personnel.
6. SecurityAwareness andTraining:Provide training on how to respondto potential cyber security incidentsand report suspicious activities.Phishing simulations: Conduct simulatedphishing exercises to assess students' abilityto recognize and respond appropriatelyto phishing emails, educating them aboutpotential social engineering threats.Ability to respond appropriately topotential cyber security incidents and reportsuspicious activities.7. RegulatoryCompliance:Familiarize oneself with relevantinternational and national regulationsand guidelines concerning maritimecyber security, such as theInternational Maritime Organization(IMO) guidelines and industrystandards.Understand the requirements forcyber security audits, complianceassessments, and reporting.Compliance audits:Assign students toconduct mock cyber-security audits toassess compliance with relevant regulations,standards, and guidelines, evaluatingadherence to established security practices.Compliance reports:Ask students to preparereports or presentations summarizing the keycyber-security compliance requirements andhow they apply to the maritime industry.Understanding of relevant internationaland national regulations, guidelines, andstandards for maritime cyber security.Knowledge of compliance requirementsfor cyber security audits, assessments, andreporting.Adherence to established cyber-securitypractices in accordance with regulatoryframeworks.8. Ethicaland LegalConsiderations:Develop an understanding ofethical and legal issues related tocyber security in the maritime sector,including privacy, data protection,intellectual property, and internationallegal frameworks.Ethical case studies: Present ethicaldilemmas related to cyber security in themaritime sector and ask students to analyzethe situation, evaluate options, and proposeethical solutions.Legal research projects:Assign researchprojects where students explore legalframeworks related to maritime cyber securityand present ndings on the implications forindustry practices.Ability to analyze and evaluate ethicaland legal issues related to cyber security inthe maritime sector.Understanding of privacy, data protection,intellectual property, and international legalframeworks.Application of ethical decision-makingprinciples in addressing cyber securitychallenges.9. Cyber-SecurityIncident Exerciseand Simulation:Participate in hands-on exercisesand simulations to apply knowledgeand skills in responding to simulatedcyber security incidents in a realisticmaritime environment.Gain practical experience inincident handling, decision-making,and collaboration with relevantstakeholders.Tabletop exercises: Conduct tabletopexercises simulating cyber security incidentsin the maritime context, allowing studentsto practice their incident response skillsand decision-making abilities in a controlledenvironment.Post-exercise analysis: Facilitate debriengsessions where students reect on theirperformance during incident simulations,identify areas for improvement, and proposestrategies to enhance incident responsecapabilities.E󰀨ective participation and performance insimulated cyber-security incident scenarios.Application of incident responseprocedures, decision-making, andcollaboration with relevant stakeholders.Reection on post-exercise analysis,identication of areas for improvement, andproposed strategies for enhancing incidentresponse capabilities.

Accordingly, in this study, the curriculum for cyber security in MET is developed by utilizing STCW code table as in Table 1. In this context, in order to develop the columns regarding “competence”, “knowledge, understanding, and proficiency”, “methods for demonstrating competence”, and “criteria for evaluating competence” for maritime cyber security, both DNV-GL class guideline for cyber secure3, international security standards4, 5, 6, the NIST Cyber Security Framework (NIST2018), and other codes of best practices for maritime cyber security2, 8 (Boyes & Isbell 2017) are taken as references.

AHP Analysis

Thomas Saaty (1980) created the Analytic Hierarchy Process (AHP) for use in the military, and it is a representation of the hierarchical structure of a system. As shown in Figure 2, the factors are summarized in a hierarchy that is built by several levels according to the system's objective. These levels include the breakdown of the main goal into a collection of classes and subclasses, and the ultimate level. Class in a hierarchy is an attribute or criterion, while a subclass is referred to as a subcriterion or subattribute. In a multi criterion decision making (MCDM), the options are included in the highest tier of the tree. The interactive nature of the solution process for various, objective programming formulations makes AHP a common choice as the methodological procedure. Experts compare criteria and options by comparing them head-to-head (Taherdoost 2018).

Figure 2. Sample Hierarchical Structure for AHP (Taherdoost 2018)

The AHP is meant to use expert judgment to give relative importance to the various elements under consideration. In this approach, components are given relative importance in order to achieve two distinct goals. To begin, AHP is used to rank the factors and isolate the most important ones. It is useful for setting up directional metrics, notably in business. Second, by zeroing in on the most important metrics, more informed business decisions can be made, more correct information for commercial operations can be decided, and more reliable assessments of different marketing tactics can be made (Cheng & Li 2001).

Figure 3. Flowchart for A HP Methodology (Bolat et al. 2020)

Figure 3 shows a flowchart depicting the processes of AHP implemented in this paper (Bolat et al. 2020).

An AHPAnalysis for the Framework of the Curriculum for Cyber Security in the MET System

In this study, for data collection, opinions of five experts in maritime cyber security are used. The evaluation is made according to the Saaty’s scale (1-9) for pairwise comparisons stated in (Bolat, et al. 2020). For analysis, experts’ scores are averaged.

Step 1: Identify the criteria and alternatives

Criteria:

• Relevance to the maritime industry (1)

• Importance for ensuring cyber security (2)

• Feasibility of implementation (3)

• Potential impact on operations (4)

• Alignment with regulatory requirements (5)

Alternatives:

• Knowledge of Cyber Threat Landscape (1)

• Understanding Maritime Cyber Systems (2)

• Cyber Risk Assessment and Management (3)

• Network Security (4)

• Incident Detection and Response (5)

• Security of Industrial Control Systems (ICS) (6)

• Security Awareness and Training (7)

• Regulatory Compliance (8)

• Ethical and Legal Considerations (9)

• Cyber Security Incident Exercise and Simulation (10)

Step 2: Create a pairwise comparison matrix

Using a scale of 1-9, where 1 means equal importance and 9 means extremely important, a pairwise comparison matrix for the criteria are created as below:

Criteria

1 2 3 4 511 3 5 5 321/313 3 131/5 1/31 3 141/5 1/3 1/3 1 15 1/311 1 1

Step 3: Calculate the priority vector for the criteria

The priority vector for the criteria is created by normalizing the values in each column and then taking the average of the rows:

Criteria Priority Vector

10.45320.27630.11440.08650.071

Step 4: Create pairwise comparison matrices for each alternative

Using the same scale of 1-9, pairwise comparison matrices for each alternative is created:

Alternative 1: Knowledge of Cyber Threat Landscape

Competence

123456 7 8 9 101137553 7 5 332 1/315331 5 3 113 1/7 1/51331 3 3 114 1/5 1/3 1/3131 5 3 115 1/5 1/3 1/3 1/3 11 3 3 116 1/31 1 1 113 3 1 17 1/7 1/5 1/3 1/5 1/3 1/3 1 1 118 1/5 1/3 1/3 1/3 1/3 1/3 1 1 119 1/3 1/1 1/1 1/1 1/1 1/1 1 1 1110 1/3 1/1 1/1 1/1 1/1 1/1 1 1 11

Step 5: Calculate the priority vectors for each alternative

The values in each column of the pairwise comparison matrices are normalized for each alternative and then the average of the rows is calculated to obtain the priority vectors:

– Alternative 1: Knowledge of Cyber Threat Landscape

Priority Vector: [0.210, 0.087, 0.047, 0.047, 0.047, 0.047, 0.047, 0.037, 0.037, 0.037]

Step 6: Calculate the weighted sum of each alternative

The priority vector of each alternative is multiplied by the corresponding priority vector of the criteria, and the results are summed:

– Alternative 1: Knowledge of Cyber Threat Landscape

Weighted Sum: (0.210 * 0.453) + (0.087 * 0.276) + (0.047 * 0.114) + (0.047 * 0.086) + (0.047 * 0.071) = 0.106

Step 7: Calculate the relative weights of each alternative

The weighted sum of each alternative is divided by the sum of all weighted sums:

Relative Weight of Alternative 1: (Weighted Sum of Alternative 1) / (Sum of Weighted Sums)

All above-mentioned steps for each alternative (2 to 10) is repeated.

Step 8: Results of the AHP analysis for each alternative
Alternative 1: Knowledge of Cyber Threat Landscape
Relative Weight: 0.106
– Alternative 2: Understanding Maritime Cyber Systems
Relative Weight: 0.067
– Alternative 3: Cyber Risk Assessment and Management
Relative Weight: 0.089
– Alternative 4: Network Security
Relative Weight: 0.125
– Alternative 5: Incident Detection and Response
Relative Weight: 0.137
– Alternative 6: Security of Industrial Control Systems (ICS)

Relative Weight: 0.068
– Alternative 7: Security Awareness and Training
Relative Weight: 0.090
– Alternative 8: Regulatory Compliance
Relative Weight: 0.125
– Alternative 9: Ethical and Legal Considerations
Relative Weight: 0.063
– Alternative 10: Cyber Security Incident Exercise and Simulation
Relative Weight: 0.130

Results

By comparing the relative weights of each alternative, their prioritization in the curriculum for cyber security in the MET system is determined. Based on the analysis, the alternatives are ranked as follows:

1. Incident Detection and Response (Relative Weight: 0.137)

2. Cyber Security Incident Exercise and Simulation (Relative Weight: 0.130)

3. Network Security (Relative Weight: 0.125)

4. Regulatory Compliance (Relative Weight: 0.125)

5. Security Awareness and Training (Relative Weight: 0.090)

6. Cyber Risk Assessment and Management (Relative Weight: 0.089)

7. Knowledge of Cyber Threat Landscape (Relative Weight: 0.106)

8. Security of Industrial Control Systems (ICS) (Relative Weight: 0.068)

9. Understanding Maritime Cyber Systems (Relative Weight: 0.067)

10. Ethical and Legal Considerations (Relative Weight: 0.063)

These rankings provide guidance on the relative importance and priority of each alternative in the curriculum, allowing for informed decision-making during the curriculum design process.

3. Conclusion

As the ongoing digital change persists and even quickens, so too will the sector's changing educational requirements. Cyber risk management is a fundamental part of this. Although the International Maritime Organization (IMO) and others have taken action to increase the industry's ability to deal with this threat, the preparation of seafarers to fulfill their duties remains vital to any effective response. Many in the shipping sector will need to upgrade their knowledge and expertise to keep the industry safe and secure.

Getting the word out and raising awareness about this is a major obstacle. The current cyber skills gap may be the first sign of a future skills landscape that is increasingly data- and automation-driven.

It takes a lot of work to prepare an industry to deal with threats it has never encountered before. While technology advancement is essential for mitigating these threats, a shift in mindset is also required to guarantee these challenges receive the resources and attention they need. As a result, there exist gaps in knowledge and expertise as a result of the industry's changing educational requirements. Those currently employed in the field have many responsibilities and little spare time to devote to additional education. Time constraints need adaptability in the methods used, yet the results must be substantial.

In this study, a curriculum for maritime cyber security is proposed under STCW code by using exist literature, regulations, national and international standards, and incidents about maritime cyber security. Then, determined competences in curriculum for maritime cyber security are compared by using Analytic Hierarchical Process (AHP) method for determining prioritizations of the competences in the curriculum for cyber security in the MET system. These rankings provide guidance on the relative importance and priority of each competence in the curriculum, allowing for informed decision-making during the curriculum design process. The output of the study enables the MET Institutions to be proactive and include cyber security information and skills in the curriculum proposals.

Seafarers and others in the maritime industry will need to adapt to a new reality in which vessels are increasingly autonomous. Many of the cyber-security education programs and approaches outlined here might be considered as a “dry runˮ for the more substantial shifts that will occur in the coming years.

NOTES

1. ABET, 2022. ABET Approves Accreditation Criteria for Undergraduate Cybersecurity Programs. Web site. Available from: https://www.abet.org/abetapproves-accreditation-criteria-for-undergraduate-cybersecurity-programs/.

2. ANSSI, 2015. Managing Cybersecurity for Industrial Control Systems. Web site. ANSSI. Available from: https://www.ssi.gouv.fr/en/guide/managingcybersecurity-for-industrial-control-systems/. FRANCE: French Network and Information Security Agency. Web site. Available from: https://www.ssi.gouv. fr/uploads/2014/01/Managing_Cybe_for_ICS_EN.pdf.

3. DNVGL, 2020. DNVGL-CG-0325 Cyber Secure.

4. IEC 62443-3, 2008. Security for Industrial Process Measurement and Control. Network and System Security. BS IEC British Standard.

5. ISO/IEC 27001, 2017. Information technology - Security techniques - Information security management systems – Requirements (ISO/IEC 27001:2013 including Cor 1:2014 and Cor: 2:2015).

6. ISO/IEC 27033-3, 2010. Information Technology; Security Techniques; Network Security Part 3: Reference networking scenarios – Threats, design techniques and control issues. BS ISO/IEC British Standard.

7. STCW 2010, 2010. Standards of Training Certification and Watchkeeping.

8. THE FINNISH SHIPOWNERS’ASSOCIATION, 2021. Maritime Cybersecurity – Best Practices For Vessels. Web site. Finnish National Emergency Supply Organization, The Maritime Transport Pool. Available from: https://www. huoltovarmuuskeskus.fi/files/a9cb864dbec0780649661775ea66b6f1db076efb/ cybersecurity-best-practices-for-vessels.pdf.

9. UNITED STATES COAST GUARD ACADEMY, 2022. Cyber Systems. Web site. United States Coast Guard Academy. Available from: https://uscga.edu/ academics/majors/cysys/.

10. U.S. NAVAL ACADEMY, 2020. USNA Cyber Operations Program Granted NSA Designation. Web site. U.S. Naval Academy. Available from: https://www. usna.edu/NewsCenter/2020/11/USNA_CYBER_OPERATIONS_PROGRAM_ GRANTED_NSA_DESIGNATION.php.

Acknowledgement

This study is supported by Maritime Security and Cyber Threats Research Laboratory at Istanbul Technical University Maritime Faculty in Turkey.

REFERENCES

BOLAT, P.; KAYISOGLU, G.; GUNES, E.; KIZILAY, F. E. & OZSOGUT, S., 2020. Weighting Key Factors for Port Congestion by AHP Method. Journal of ETA Maritime Science, vol. 8, no. 4, pp. 252 – 273. Available from: https://doi.org/10.5505/jems.2020.64426.

BOYES, H. & ISBELL, R., 2017. Code of Practice: Cyber Security for Ships. United Kingdom: Institution of Engineering and Technology. Available from: https://assets.publishing.service.gov.uk/government/ uploads/system/uploads/attachment_data/file/642598/cyber-securitycode-of-practice-for-ships.pdf.

CASEY, J. N., 2008. Educational Curricula. N.Y.: Nova Publishers.

CHENG, E. W. & LI, H., 2001. Analytic hierarchy process. Measuring Business Excellence, vol. 5, no. 3, pp. 30–37. Available from: https://doi.org/10.1108/eum0000000005864.

HAREIDE, O. S.; JØSOK, Y.; LUND, M. S.; OSTNES, R. & HELKALA, K., 2018. Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. Journal of Navigation, vol. 71, no. 5, pp. 1025 – 1039. Available from: https://doi.org/10.1017/s0373463318000164.

HEERING, D.; MAENNEL, O. & VENABLES, A. N., 2021. Shortcomings in cybersecurity education for seafarers. Developments in Maritime Technology and Engineering, no. 1, pp. 49 – 61. Available from: https://doi.org/10.1201/9781003216582-6.

NIST, 2018. Framework for Improving Critical Infrastructure Cybersecurity. In: Proceedings of the Annual ISA Analysis Division Symposium, vol. 535, pp. 9–25.

SAATY, T. L., 1980. The Analytic Hierarchy Process.

SCANLAN, J.; HOPCRAFT, R.; COWBURN, R.; TROVÅG, J. M. & LÜTZHÖFT, M., 2022. Maritime Education for a Digital Industry. NECESSE. Royal Norwegian Naval Academy. Monographic Series, vol. 7, no. 1, pp. 24 – 34.

SHAPO, V. & LEVINSKYI, M., 2020. Means of Cyber Security Aspects Studying in Maritime Specialists Education. Internet of Things, Infrastructures and Mobile Applications, pp. 389 – 400. Available from: https://doi.org/10.1007/978-3-030-49932-7_38.

TAHERDOOST, H., 2018. Decision Making Using the Analytic Hierarchy Process (AHP); A Step by Step Approach. International Journal of Economics and Management Systems, no. 2, pp. 244 – 246.

Година XCV, 2023/6s Архив

стр. 64 - 78 Изтегли PDF

©2005 Национално Издателство Аз-Буки ООД. Всички права запазени.