Assessment of Cybersecurity Risks: Maritime Automated Piloting Process

Abstract

A modern society is a combination of several critical infrastructures, of which international and national maritime transportation systems are essential parts. Digitalization makes it possible to increase levels of autonomy in maritime systems. It also means fully existing cyberenvironments in maritime processes. In cyberenvironments, it is crucial there is trustable information communication between system elements of the process, alongside the usability, reliability, and integrity of systems data in the operating environment. In order to develop maritime autonomy in Finland the Sea4Value / Fairway (S4VF) research program has been developed. At the first stage of the program, the main goal is to create automated fairway piloting feature in the near future. An automated remote piloting process, “ePilotage,” will be a complex system of systems entity. This paper provides a research approach to investigating the cybersecurity risks at the system levels of process. It emphasizes the importation of comprehensive risk assessment to increase the cybersecurity of fairway operations. The findings of the study are located in cybersecurity risks in critical information flows between the main system blocks of the fairway process. The research question is “How can the cybersecurity risks of automated remote fairway operations be evaluated?”  The main findings are related to the probabilities of the risks in all levels of process stakeholders’ responsibilities. Risk assessment methodology, that has been described, is based on attack probabilities against probabilities to defend actions of adversarial in use of communication technologies. Risks assessment factors have been identified and the risk assessment tool have been proposed.