Hello from Turkey,My research field is "Maritime Cyber Security". Originally I am a marine engineer. I am the member of IMarEST (UK) and Engineering Council (UK).
International Journal of Information Security, 2024
In recent years, vessels have become increasingly digitized, reflecting broader societal trends. ... more In recent years, vessels have become increasingly digitized, reflecting broader societal trends. As a result, maritime operations have become an attractive target for cyber threat actors. Despite the limited cybersecurity training seafarers receive, they are expected to operate within technologically advanced environments. The importance of cybersecurity awareness is evident, but the extent of seafarers' knowledge in this area remains uncertain. This article investigates three primary aspects: (1) the current state of cybersecurity onboard cargo vessels, (2) seafarers' cybersecurity awareness, and (3) potential improvements in seafarers' cybersecurity awareness. To accomplish this, a literature review is conducted to collect and analyze current research, supplemented by a questionnaire survey targeting Turkish seafarers. Our findings support increased investment in awareness and training programs, including organizational-wide cybersecurity awareness efforts, more frequent training, mandatory training for all seafarers through the Standards of Training Certification and Watchkeeping (STCW), and the appointment of a cybersecurity Officer (CySO) to ensure satisfactory cybersecurity levels onboard. Since this article focuses on high-level topics by assessing the general state of maritime cybersecurity and seafarers' cybersecurity awareness, it does not delve into detailed considerations of awareness and training programs. Nevertheless, it lays the foundation for future research in this area.
International Journal of Information Security, 2024
The global maritime industry is continuing the rapid digitization of systems and dependency on ad... more The global maritime industry is continuing the rapid digitization of systems and dependency on advancing technology, in a trend akin to other industrial domains. One of the main issues that this integration has brought is an increased vulnerability to a growing number of cyber threats. While several security measures are being implemented to prevent or respond to cyber attacks, the human element is still one of the main weaknesses. Many of today's cyber attacks take advantage of human personnel's lack of awareness, which makes cyber security awareness and training activities of critical importance. Unfortunately, current research is still limited in its offerings for cyber security training specific to maritime personnel. Moreover, such training programmes for the professionals should be developed role-based in accordance with the suggestions of many credited maritime organizations. For this reason, we developed a modular cyber security training programme for the maritime domain called Maritime Cyber Security (MarCy) by implementing Critical Events Model (CEM). Then, we evaluated the MarCy programme by utilizing the Delphi technique with the participation of 19 experts from academia and industry. In this study, we offer cyber security training for seafarers and office employees in shipping companies. We proposed eleven elective modules to improve the knowledge, skills, and attitude of learners against cyber risks. The MarCy programme can be implemented by universities, shipping companies, training institutes, and governmental organizations for maritime cyber security training purposes.
TransNav the International Journal on Marine Navigation and Safety of Sea Transportation, 2024
The maritime industry is undergoing a digital transformation, with an increasing integration of I... more The maritime industry is undergoing a digital transformation, with an increasing integration of Information Technology (IT) and Operational Technology (OT) systems on modern vessels. Its multiple benefits notwithstanding, this transformation brings with it increased cybersecurity risks, that need to be identified, assessed, and managed. Although several cyber risk assessment methodologies are available in the literature, they may be challenging for experts with a maritime background to use. In this paper we propose a simple and effective cyber risk assessment methodology, named Cyber Risk Assessment for SHips (CRASH), that can be easily implemented by maritime professionals. To showcase its workings, we assessed 24 cyber risks of the Integrated Navigation System (INS) using CRASH and we validated the method by comparing its results to those of another method and by means of interviews with experts in the maritime sector. CRASH can aid shipping companies in effectively assessing cyber risks as a step towards selecting and implementing necessary measures to enhance the cyber security of cyber-physical systems onboard their vessels.
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are eq... more Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities.
TransNav the International Journal on Marine Navigation and Safety of Sea Transportation, 2022
Maritime transportation, an essential component of world trade, is performed by contemporary vess... more Maritime transportation, an essential component of world trade, is performed by contemporary vessels. Despite the improvements that rapid advances in technology have brought to vessels’ operational efficiency and capability for safe navigation, the cyber risks associated with modern systems have increased apace. Widespread publicity regarding cyber incidents onboard ships has sparked extensive research on the part of universities, industry, and governmental organisations seeking to understand cyber risks. Consequently, researchers have discovered and disclosed an increasing number of threats and vulnerabilities in this context, providing information that in itself may pose a threat when accessed by the wrong parties. Thus, this paper aims to raise researchers’ awareness of ethical concerns and provide guidance for sound decision-making in areas where the research process must be handled carefully to avoid harm. To this end, this paper presents a literature review that explores the ethical issues involved in maritime cybersecurity research and provides specific examples to promote further understanding. Six ethical principles and four categories of ethical dilemmas are discussed. Finally, the paper offers recommendations that can guide researchers in dealing with any ethical conflicts that may arise while studying maritime cybersecurity.
Academic conferences are an indispensable component of contemporary science, giving researchers t... more Academic conferences are an indispensable component of contemporary science, giving researchers the opportunity to present the results of recent investigations, become familiar with other scholars' studies, and build and expand a network for future collaborations. However, the impact of the COVID-19 pandemic has caused the format of academic conferences to shift, leading virtual conferences to become increasingly popular in the academic environment. Along the way, practical online tools used to organize a virtual academic conference have attained prominence. This study evaluates the various features that service providers currently offer, having thoroughly investigated many tools that are currently on the market. The discussion categorizes these online tools into three groups based on function: event management tools, submission management tools, and online conferencing tools. The study findings contribute to conference organizers' ability to determine useful features for conducting a virtual academic conference. Moreover, the results reveal that the tools that support event and submission management can also benefit traditional scientific conferences, making this study valuable for those organizing all types of conferences, whether virtual or traditional.
Drone Systems and Applications (formerly the Journal of Unmanned Vehicle Systems), 2022
This study seeks to contribute to the literature by presenting a discussion of potential cyber ri... more This study seeks to contribute to the literature by presenting a discussion of potential cyber risks and precautionary measures concerning unmanned vehicles as a whole. In this study, Global Navigation Satellite System (GNSS) spoofing, jamming, password cracking, denial-of-service (DoS), injecting malware, and modification of firmware are identified as potential cyberattack methods against unmanned vehicles. Potential deterrents against the aforementioned cyberattack methods are suggested as well. Illustrations of such safeguards include creating an architecture of the multi-agent system, using solid-state storage components, applying distributed programming tools and techniques, implementing sophisticated encryption techniques for data storage and transmission, deploying additional sensors and systems, and comparing the data received from different sensors.
Several disruptive attacks against companies in the maritime industry have led experts to conside... more Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, ...
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards e... more The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of e-navigation testbeds including some recognized by the IALA exist, they pertain to parts only of the Integrated Navigation System (INS) concept. Moreover, existing e-navigation and bridge testbeds do not have a cybersecurity testing functionality, therefore they cannot be used for assessing the cybersecurity posture of the INS. With cybersecurity concerns on the rise in the maritime domain, it is important to provide such capability. In this paper we review existing bridge testbeds, IMO regulations, and international standards, to first define a reference architecture for the INS and then to develop design specifications for an INS Cyber-Physical Range, i.e., an INS testbed with cybersecurity testing functionality.
Modern life is improving as a result of the research that corporations, research centres, and uni... more Modern life is improving as a result of the research that corporations, research centres, and universities, in particular, conduct. Moreover, besides their teaching function, the quantity and quality of universities' research activities comprise an essential criterion for measuring the university's quality. Today, universities around the world face global competition. Although one facet of the effort to attract productive researchers entails offering more and more, individual incentives are not enough. Universities must also create an attractive academic environment for researchers. This study sought answers to the following question: "What incentives and requirements are necessary to create a productive academic environment?" As the result of a literature review in pursuit of the study aim, the study findings include a total of 10 incentives for researchers and requirements for universities to build a productive research environment in academia.
Developments in technology bring inherent risks along with convenience. Undoubtedly, cyberattacks... more Developments in technology bring inherent risks along with convenience. Undoubtedly, cyberattacks constitute one potentially serious risk. While a stereotypical scenario involves a curious teenager sitting in front of his computer at home, a much more critical threat comes from experienced professionals, supported by states, who are specially trained and who have the necessary technological equipment to do great harm. These cyberattacks exert a negative impact on the maritime industry due to the wide usage area of both information technology (IT) and operational technology (OT) systems. On a related note, opponents of autonomous ship projects can effectively cite the weaknesses detected in navigation systems onboard ships. Examination of cyberattacks in the maritime industry as reflected in the press or in academic studies reveals claims that some of these attacks are state-sponsored. However, no country has to date accepted responsibility for such cyberattacks. Although those targeted by such accusations have neither confirmed nor rejected responsibility, the nature of the attacks-sophisticated or requiring high-cost equipment-raises the possibility that behind the attacks are countries that may have conducted research studies for defensive or offensive purposes. China, Iran, North Korea, Russia and Turkey have been named among the countries carrying out cyberattacks on the maritime industry. It is envisaged that these attacks are based on motivations such as information theft, defence research or sabotage of exploration for underground sources. Among the cyberattacks on vessels that have been assessed as state-sponsored, the most common have involved GPS jamming, rendering GPS useless, and GPS spoofing that causes the GPS to report an incorrect position for a ship at sea. This study examines the cyberattacks on the maritime industry that are asserted as state-sponsored as well as the parties involved in these attacks and the possible objectives of those parties.
Cyber security in the maritime industry has been emphasised due to both academic researches and i... more Cyber security in the maritime industry has been emphasised due to both academic researches and incidents. There are academic studies that show vulnerabilities in various navigation equipments such as GPS, ECDIS, AIS and ARPA-Radar. Additionally, there are different cyber incidents around the world.
Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector have triggered IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 01st January 2021.
Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition.
On the other hand, Rightship provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by Rigthship for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”.
In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of Rightship that offers vetting service for dry cargo ships, were assessed to maritime cyber security.
Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons.
Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential.
In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 01st January 2021, this process started earlier for tanker operators.
International Journal of Information Security, 2024
In recent years, vessels have become increasingly digitized, reflecting broader societal trends. ... more In recent years, vessels have become increasingly digitized, reflecting broader societal trends. As a result, maritime operations have become an attractive target for cyber threat actors. Despite the limited cybersecurity training seafarers receive, they are expected to operate within technologically advanced environments. The importance of cybersecurity awareness is evident, but the extent of seafarers' knowledge in this area remains uncertain. This article investigates three primary aspects: (1) the current state of cybersecurity onboard cargo vessels, (2) seafarers' cybersecurity awareness, and (3) potential improvements in seafarers' cybersecurity awareness. To accomplish this, a literature review is conducted to collect and analyze current research, supplemented by a questionnaire survey targeting Turkish seafarers. Our findings support increased investment in awareness and training programs, including organizational-wide cybersecurity awareness efforts, more frequent training, mandatory training for all seafarers through the Standards of Training Certification and Watchkeeping (STCW), and the appointment of a cybersecurity Officer (CySO) to ensure satisfactory cybersecurity levels onboard. Since this article focuses on high-level topics by assessing the general state of maritime cybersecurity and seafarers' cybersecurity awareness, it does not delve into detailed considerations of awareness and training programs. Nevertheless, it lays the foundation for future research in this area.
International Journal of Information Security, 2024
The global maritime industry is continuing the rapid digitization of systems and dependency on ad... more The global maritime industry is continuing the rapid digitization of systems and dependency on advancing technology, in a trend akin to other industrial domains. One of the main issues that this integration has brought is an increased vulnerability to a growing number of cyber threats. While several security measures are being implemented to prevent or respond to cyber attacks, the human element is still one of the main weaknesses. Many of today's cyber attacks take advantage of human personnel's lack of awareness, which makes cyber security awareness and training activities of critical importance. Unfortunately, current research is still limited in its offerings for cyber security training specific to maritime personnel. Moreover, such training programmes for the professionals should be developed role-based in accordance with the suggestions of many credited maritime organizations. For this reason, we developed a modular cyber security training programme for the maritime domain called Maritime Cyber Security (MarCy) by implementing Critical Events Model (CEM). Then, we evaluated the MarCy programme by utilizing the Delphi technique with the participation of 19 experts from academia and industry. In this study, we offer cyber security training for seafarers and office employees in shipping companies. We proposed eleven elective modules to improve the knowledge, skills, and attitude of learners against cyber risks. The MarCy programme can be implemented by universities, shipping companies, training institutes, and governmental organizations for maritime cyber security training purposes.
TransNav the International Journal on Marine Navigation and Safety of Sea Transportation, 2024
The maritime industry is undergoing a digital transformation, with an increasing integration of I... more The maritime industry is undergoing a digital transformation, with an increasing integration of Information Technology (IT) and Operational Technology (OT) systems on modern vessels. Its multiple benefits notwithstanding, this transformation brings with it increased cybersecurity risks, that need to be identified, assessed, and managed. Although several cyber risk assessment methodologies are available in the literature, they may be challenging for experts with a maritime background to use. In this paper we propose a simple and effective cyber risk assessment methodology, named Cyber Risk Assessment for SHips (CRASH), that can be easily implemented by maritime professionals. To showcase its workings, we assessed 24 cyber risks of the Integrated Navigation System (INS) using CRASH and we validated the method by comparing its results to those of another method and by means of interviews with experts in the maritime sector. CRASH can aid shipping companies in effectively assessing cyber risks as a step towards selecting and implementing necessary measures to enhance the cyber security of cyber-physical systems onboard their vessels.
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are eq... more Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities.
TransNav the International Journal on Marine Navigation and Safety of Sea Transportation, 2022
Maritime transportation, an essential component of world trade, is performed by contemporary vess... more Maritime transportation, an essential component of world trade, is performed by contemporary vessels. Despite the improvements that rapid advances in technology have brought to vessels’ operational efficiency and capability for safe navigation, the cyber risks associated with modern systems have increased apace. Widespread publicity regarding cyber incidents onboard ships has sparked extensive research on the part of universities, industry, and governmental organisations seeking to understand cyber risks. Consequently, researchers have discovered and disclosed an increasing number of threats and vulnerabilities in this context, providing information that in itself may pose a threat when accessed by the wrong parties. Thus, this paper aims to raise researchers’ awareness of ethical concerns and provide guidance for sound decision-making in areas where the research process must be handled carefully to avoid harm. To this end, this paper presents a literature review that explores the ethical issues involved in maritime cybersecurity research and provides specific examples to promote further understanding. Six ethical principles and four categories of ethical dilemmas are discussed. Finally, the paper offers recommendations that can guide researchers in dealing with any ethical conflicts that may arise while studying maritime cybersecurity.
Academic conferences are an indispensable component of contemporary science, giving researchers t... more Academic conferences are an indispensable component of contemporary science, giving researchers the opportunity to present the results of recent investigations, become familiar with other scholars' studies, and build and expand a network for future collaborations. However, the impact of the COVID-19 pandemic has caused the format of academic conferences to shift, leading virtual conferences to become increasingly popular in the academic environment. Along the way, practical online tools used to organize a virtual academic conference have attained prominence. This study evaluates the various features that service providers currently offer, having thoroughly investigated many tools that are currently on the market. The discussion categorizes these online tools into three groups based on function: event management tools, submission management tools, and online conferencing tools. The study findings contribute to conference organizers' ability to determine useful features for conducting a virtual academic conference. Moreover, the results reveal that the tools that support event and submission management can also benefit traditional scientific conferences, making this study valuable for those organizing all types of conferences, whether virtual or traditional.
Drone Systems and Applications (formerly the Journal of Unmanned Vehicle Systems), 2022
This study seeks to contribute to the literature by presenting a discussion of potential cyber ri... more This study seeks to contribute to the literature by presenting a discussion of potential cyber risks and precautionary measures concerning unmanned vehicles as a whole. In this study, Global Navigation Satellite System (GNSS) spoofing, jamming, password cracking, denial-of-service (DoS), injecting malware, and modification of firmware are identified as potential cyberattack methods against unmanned vehicles. Potential deterrents against the aforementioned cyberattack methods are suggested as well. Illustrations of such safeguards include creating an architecture of the multi-agent system, using solid-state storage components, applying distributed programming tools and techniques, implementing sophisticated encryption techniques for data storage and transmission, deploying additional sensors and systems, and comparing the data received from different sensors.
Several disruptive attacks against companies in the maritime industry have led experts to conside... more Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, ...
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards e... more The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of e-navigation testbeds including some recognized by the IALA exist, they pertain to parts only of the Integrated Navigation System (INS) concept. Moreover, existing e-navigation and bridge testbeds do not have a cybersecurity testing functionality, therefore they cannot be used for assessing the cybersecurity posture of the INS. With cybersecurity concerns on the rise in the maritime domain, it is important to provide such capability. In this paper we review existing bridge testbeds, IMO regulations, and international standards, to first define a reference architecture for the INS and then to develop design specifications for an INS Cyber-Physical Range, i.e., an INS testbed with cybersecurity testing functionality.
Modern life is improving as a result of the research that corporations, research centres, and uni... more Modern life is improving as a result of the research that corporations, research centres, and universities, in particular, conduct. Moreover, besides their teaching function, the quantity and quality of universities' research activities comprise an essential criterion for measuring the university's quality. Today, universities around the world face global competition. Although one facet of the effort to attract productive researchers entails offering more and more, individual incentives are not enough. Universities must also create an attractive academic environment for researchers. This study sought answers to the following question: "What incentives and requirements are necessary to create a productive academic environment?" As the result of a literature review in pursuit of the study aim, the study findings include a total of 10 incentives for researchers and requirements for universities to build a productive research environment in academia.
Developments in technology bring inherent risks along with convenience. Undoubtedly, cyberattacks... more Developments in technology bring inherent risks along with convenience. Undoubtedly, cyberattacks constitute one potentially serious risk. While a stereotypical scenario involves a curious teenager sitting in front of his computer at home, a much more critical threat comes from experienced professionals, supported by states, who are specially trained and who have the necessary technological equipment to do great harm. These cyberattacks exert a negative impact on the maritime industry due to the wide usage area of both information technology (IT) and operational technology (OT) systems. On a related note, opponents of autonomous ship projects can effectively cite the weaknesses detected in navigation systems onboard ships. Examination of cyberattacks in the maritime industry as reflected in the press or in academic studies reveals claims that some of these attacks are state-sponsored. However, no country has to date accepted responsibility for such cyberattacks. Although those targeted by such accusations have neither confirmed nor rejected responsibility, the nature of the attacks-sophisticated or requiring high-cost equipment-raises the possibility that behind the attacks are countries that may have conducted research studies for defensive or offensive purposes. China, Iran, North Korea, Russia and Turkey have been named among the countries carrying out cyberattacks on the maritime industry. It is envisaged that these attacks are based on motivations such as information theft, defence research or sabotage of exploration for underground sources. Among the cyberattacks on vessels that have been assessed as state-sponsored, the most common have involved GPS jamming, rendering GPS useless, and GPS spoofing that causes the GPS to report an incorrect position for a ship at sea. This study examines the cyberattacks on the maritime industry that are asserted as state-sponsored as well as the parties involved in these attacks and the possible objectives of those parties.
Cyber security in the maritime industry has been emphasised due to both academic researches and i... more Cyber security in the maritime industry has been emphasised due to both academic researches and incidents. There are academic studies that show vulnerabilities in various navigation equipments such as GPS, ECDIS, AIS and ARPA-Radar. Additionally, there are different cyber incidents around the world.
Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector have triggered IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 01st January 2021.
Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition.
On the other hand, Rightship provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by Rigthship for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”.
In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of Rightship that offers vetting service for dry cargo ships, were assessed to maritime cyber security.
Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons.
Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential.
In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 01st January 2021, this process started earlier for tanker operators.
Uploads
Papers by Aybars Oruc
Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector have triggered IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 01st January 2021.
Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition.
On the other hand, Rightship provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by Rigthship for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”.
In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of Rightship that offers vetting service for dry cargo ships, were assessed to maritime cyber security.
Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons.
Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential.
In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 01st January 2021, this process started earlier for tanker operators.
Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector have triggered IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 01st January 2021.
Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition.
On the other hand, Rightship provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by Rigthship for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”.
In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of Rightship that offers vetting service for dry cargo ships, were assessed to maritime cyber security.
Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons.
Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential.
In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 01st January 2021, this process started earlier for tanker operators.