Integral Approach to Vulnerability Assessment of Ship’s Critical Equipment and Systems

The digital transformation of the maritime industry is almost a fait accompli. Merchant ships today use computing and cyber-dependent technologies for navigation, communications, cargo operations, environmental monitoring, and many other purposes. Nowadays, entire industries and businesses are becoming increasingly dependent on data arrays, and the maritime sector is fully experiencing this transformation. A modern commercial ship is unthinkable without digital technology, and the reasons for the deep digitalization of the fleet are numerous. Emergency systems such as safety monitoring, fire detection and alarms are increasingly reliant on cyber technology. Therefore, cybersecurity is a critical component of ship and shipping safety, and cyber-attacks on maritime transport are a very likely problem.

These risks will only increase with the further development of information technology. This article proposes approaches to identifying cyber threats as well as a probabilistic assessment of ship cybersecurity, which is based on an integral approach to assessing the vulnerability of shipboard critical equipment and systems. Estimated probabilities of target and non-target cybersecurity breaches of the ship, as well as their overall probability, which allows considering all chains of events leading to a certain consequence associated with potential losses. The model of probability assessment of ship cybersecurity violation and its consequences, which allows evaluation of possible losses as a result of these events, is presented and mathematically described.
satellite communications equipment. Attackers only need a narrow bandwidth and a short communication session, during which normally ships en route regularly report to each other e.g., transmission of telemetry information about the parameters of ship movement, its equipment, ports, cargo condition, and details of the route. These phenomena can be countered by analyzing the nature of attacks on ships (Hyra, 2019) and considering the degree of reliability and availability of shipboard computer systems (Vujović et.al., 2020).
Progressing digitalization of maritime transport brings new threats that lie partly in the principles of using modern IT trends in maritime shipping (Shipunov et al., 2020), which could pose a serious threat to the safety of the maritime industry (Kala & Balakrishnan, 2019). Exploring the nature of major security issues and potential threats to the shipping industry is crucial (Alcaide & Llave, 2020;Melnyk et.al., 2021), which causes the emerging risks in the maritime transport system (Malone & Strouboulis, 2021). Cybersecurity challenges in the maritime sector (Akpan et.al., 2022), particularly in maritime transportation (Bielawski & Lazarowska, 2021), indicate the need to improve the efficiency of safety management systems to ensure the safe operation of computer-controlled ship systems . In particular, cybersecurity of critical infrastructure facilities of the maritime sector plays a key role (Mednikarov et.al., 2020). Of particular relevance is cybersecurity at sea and securing digital maritime routes, as well as upcoming legal challenges in this field (Boyes, 2014). Of particular interest are the growing threat of maritime cyberattacks, the level of maritime cybersecurity preparedness (Greiman, 2020) in the seas and straits, and a comparison of practices among countries (Marcus, 2021). The new IACS (International Association of Classification Societies) uniform cybersecurity requirements (UR E26 and UR E27) will become mandatory on January 1, 2024. In particular, DNV is already offering type approvals for the upcoming mandatory requirements.
The ship's cybersecurity system must exclude the possibility of intrusion by alien conversion systems and ensure control of open access ports and anti-virus protection (Nyrkov et al., 2018;Simpanu, 2018). Thus, ensuring the cyber resilience of the ship's information systems (Onishchenko et al., 2022), which in turn requires the use of e.g., firewalls, regular updating of system data, rejection of outdated operating systems, and introduction of new cybersecurity products. Various modeling such as behavior, conceptual (Meshkat et al., 2020;Yusif and & Hafeez-Baig, 2021), and casual modeling were proposed for cybersecurity (Abel et al., 2018) in order to utilize principles, ideas, and tools to determine the maximum effectiveness of a ship's cybersecurity system.
It should be emphasized that the reviewed works improve the theoretical basis and offer some solutions to enhance the cybersecurity of maritime transport. Development of theoretical provisions using an integral approach to assess the vulnerability of basic or critical systems of a seagoing vessel is of high practical interest. Therefore, the purpose of this study is to analyze potential threats to the ship's cybersecurity, aggregate them, and establish links between various events, cybersecurity breaches and their consequences.

Fundamentals of Ship Cybersecurity Assessment
According to analysts, the potential channels and opportunities for hacker attacks will increase over time, and their types will be changed and modified. Thus, ship's cybersecurity becomes an important factor in ensuring the security of navigation. Notably, the Maritime Safety Committee of the International Maritime Organization (IMO) adopted Resolution MSC.428 (98) -Maritime Cyber Risk Management in Security Management Systems in June 2017. This resolution requires administrations to ensure that cyber risks are addressed in ship security management systems after January 1, 2021. Thus, protection against cyber risks becomes not only an initiative of shipowners, but also an international requirement for them. Today, cyberattacks are not just aimed at stealing shipboard data; at the heart of cyber crime is the control of shipboard systems' operating technology, which is the result of the evolution of maritime piracy, as the mentioned control by outsiders can lead to the takeover of ship's command and control systems. Operational technology (OT) is part of the ship's management and control processes in conjunction with information technology (IT), where IT and OT have different roles within the organization: OT correlates more with the physical world, while IT refers to information processing.
Operational technologies are also part of the ship's 'critical systems' , which are vital to the ship, and they are usually separated 'physically' from information systems ( Figure 1). Therefore, when it comes to cyberattacks on ships, due to the fact that IT systems interact with OT systems, the focus of cybersecurity issues should be on these two key systems.
According to the analysis of information on the vulnerability of ship systems (Figure 2), we can see that the vulnerability range is very significant and reaches up to 52% in some places, e.g., the positioning system. If we consider cybersecurity as a whole, then both types of ship systems should be obviously targeted when developing appropriate security measures.
Thus, experts distinguish two groups of cyberattacks -'targeted' and 'non-targeted' , in particular, given their following composition (    The 2020 BIMCO guidance provides that the main subjects of cyberattacks are activists (including disgruntled employees), criminals, opportunists, states, state-sponsored organizations, and terrorists. Experts have also established the following possible security breach scenarios: • modifying the ship's data, including its position, course, cargo information, speed, and name; • creating a 'ghost ship' identified by other ships as a real ship in any world location; • sending false weather information to specific ships to force them to alter course to avoid a nonexistent gale; • activating false collision warnings, potentially causing a ship's course to be automatically corrected; • 'turning' an existing vessel into an invisible one; • creating non-existent search and rescue helicopters; • tampering with EPIRB signals that activate alarms on ships in the vicinity; • conducting a DoS attack on the entire network by initiating an increase in the frequency of AIS messaging.
Ensuring comprehensive cybersecurity measures for a ship requires first a comprehensive assessment of the ship's systems in terms of vulnerability in this context. The components of a cybersecurity assurance system are presented below. Threat and vulnerability identification are the first steps in the proposed approach (Figure 4). Risk assessment methodology, which, among other things, extends to ship cybersecurity risk assessment, is based on three components -threats, vulnerabilities, and consequences. This triad should form the basis of the cybersecurity assessment of an ocean-going vessel.
The subject study proposes a probabilistic assessment of a ship's cybersecurity, which is formed on the basis of an integral approach to assessing the vulnerability of basic ship systems (operating technologies), targets of cyberattacks (threats), and their consequences.
Note that cybersecurity experts should periodically perform the probabilistic assessment of each component of the ship's technological system. As a result of the assessment, they also form suggestions and alternatives for minimizing cyber risks.

Ship's Cybersecurity Objects
The main targets of cyberattacks are mentioned above, but this is certainly not their entire list. So, let us take G as the number of possible cyberattack targets, and their multitude described as A = { A g , g=1,G }. Thus, each event A g characterizes a specific cybersecurity threat.
In addition, we should not forget the cybersecurity threats that are not targeted but result from the causes of the second block in Figure 1. Most of these threats are similar to threats to an ordinary home or office computer, but their consequences are naturally not comparable.
The following example given in Simpanu (2018), describes a case where the absence of a collection of paper charts and a virus-infected ECDIS system lead to a ship's voyage delay. After the system inspection, the virus was quarantined and the ECDIS was restored, but the incident resulted in significant losses.
Therefore, let us distinguish the set U = { U l , gl=1,L }, which characterizes the possible threats to ship cybersecurity, not related to the targeted impact.
Objects that are vulnerable in terms of cybersecurity are various ship systems, which today are managed and controlled by appropriate software and information systems.
It is worth noting that different sources give various views on the composition of these systems, but these approaches mostly coincide. Some components of the above list are highlighted as separate systems (e.g. access control system, alarm management system, thruster control system). A visual representation of the location of these systems on board ships is provided in Figure 5.
The 2020 BIMCO guidance provides a more extended and detailed list of these systems. Thus, depending on the specifics of the ship and the degree of aggregation of ship systems when assessing cybersecurity, a specific list of a ship's cybersecurity entities is compiled. To form a generalized assessment, let us assume the number of such ship systems N, and the corresponding set B = { B n , n=1,N }, where the essence is B n -'cybersecurity violation of the n-th ship system' . It is necessary to note that each threat A g is connected to the influence on specific ship systems, the threat U l is characteristic almost for all ship systems (Fig. 5); however, taking into account the presence of features on each ship, we will consider the generalized variant in which each type of threats is connected to a specific set of ship systems.
Thus, multiple ship systems listed above which are vulnerable to cyberattacks of the ship are formed: related respectively to threats A g и U l . Note that the events A = { A g , g=1,G } and events U = { U l , l=1,L } are joint, i.e. they can occur at the same time.
Each threat can be characterized by a probabilistic assessment 0 ≤ P ( A g )≤ 1, which is formed on the basis of expert opinions, considering the specifics of the vessel, cargo, and the area of her operation. The probabilities 0 ≤ P ( U l )≤ 1 are determined on the basis of statistics by cybersecurity specialists.

Probability of Breach and Consequences for Ship's Cybersecurity
Suppose the results of successful cyberattacks are M variants (Fig.7), forming a multitude of consequences C = { C m , m=1,M }, which have a monetary value of R = { R m , m=1,M }.
Examples C m could be 'a delay in passage' , 'increased sailing time' , etc. Some C m may coincide with the threats (goals) of cyberattacks formulated in set A. Thus, the goal of the cyberattack either is achieved and then its result coincides with the threat, or the goal is not achieved, but other consequences may occur (e.g., the already mentioned 'increase in voyage time'). Another example of a consequence could be an 'accident due to a breach of navigational safety' . Thus, different cybersecurity breaches can lead to the same consequences, while at the same time, a cybersecurity breach of one of the ship systems under the influence of a certain cyberattack can lead to different consequences.
(1) Each consequence C m is associated with subsets of sets А and U (targeted and non-targeted cybersecurity violations) and a subset of set В (ship systems).
Thus, we assign to each consequence C m a set of Ω C m , the elements of which are those pairs of attacks and systems that lead to the consequence in question: Based on the cost characteristics of the ship's daily maintenance, ship repair costs, etc., the shipowner's losses can be derived in monetary terms and the ship's crew expenses should also be considered.
Note that, depending on the state of the cybersecurity system, each type of potential threat can be implemented as a cyberattack (successfully or not) and lead, respectively, to consequences or not (see Figure 7). The barrier between attacks as a result of threat realization and consequences is the ship's cybersecurity system, which is linked to each ship's system.
Since cybersecurity breaches are associated with specific ship systems, the following events reflect the fact that the cyberattack (cybersecurity breach) is related to the relevant ship system.
In turn, the consequence C m is manifested after the occurrence of events (4) or (5). Thus, complete and incomplete chains of dependent events are formed, which are mathematically represented as products of dependent events: (5) Full chains of events include consequences for the ship and the shipowner; incomplete chains consider only a cybersecurity breach.
The probability of each chain respectively is: We denote S -ship cybersecurity breach, an event that is the sum of all events associated with various types of cyberattacks (both targeted and non-targeted). Assume S 1 ship's cybersecurity breach due to targeted cyberattacks, and S 2 a ship's cybersecurity breach due to non-targeted attacks. Note that the events S 1 and S 2 in their theoretical consideration are joint, but of course the probability of the event is quite little, and the probability of these events S 1 and S 2 occurring together is even less. Nevertheless, in matters of safety, even events insignificant in terms of probability must be considered.

RESULTS AND DISCUSSION
Mathematically, the events in question are described as follows: The reasoning presented above allows us to estimate: 1) probability of a ship's cybersecurity breach P ( S ); 2) probability of the consequences of a ship's cybersecurity breach; 3) property damage as a result of a ship's cybersecurity breach.
In order to assess P ( S ), it is necessary to establish the cooccurrence/non-occurrence of the events that form S in (16). Theoretically, targeted and non-targeted cyberattacks can occur simultaneously and in different ship systems, which determines the theoretical coincidence of the events that form S. Practically, these probabilities tend to 0. Thus, in a targeted attack, hackers typically seek to gain control of a particular ship's system. The effect of non-targeted attacks is also manifested in a specific ship system. Therefore, the events forming are taken as incompatible. This fact will be considered when estimating the probability of this event and its two components: Therefore, (17) -(19) estimate respectively the probabilities of targeted and non-targeted ship cybersecurity violations as well as their overall probability.
The resulting P ( S ) must be identified according to some kind of cybersecurity scale. In particular, there should be a threshold value P • ( S ), which defines the boundary of acceptable values of P ( S ), at cybersecurity risk is classified as tolerable, otherwise critical. In turn, the likelihood of the integrity of ship's cybersecurity (event S ): Note that (11) and (13) describe the probabilities of the chains of events -'attack-vessel-system-sequence' . The probability of each consequence considers all the chains of events leading to a particular consequence: Each consequence-event C m , m=1, M is associated with a potential loss R m , m=1, M as a result of a cybersecurity breach, the average value of which is estimated as: This value reflects the shipowner's risks as a result of a cybersecurity breach of the ship.
Note that in reality risks as a result of cybersecurity breach are not inherent only to the shipowner. For example, the loss of ship's control can lead to an accident, and if it is a tanker, the consequences are a possible environmental disaster due to an oil spill. It can be argued that the full list of consequences of cybersecurity breach includes all possible consequences of accidents at sea. That is why it is so important to pay as much attention to this aspect of safety as to other, traditional issues of ship and maritime safety in general.

CONCLUSION
Utilization of computer systems on board modern seagoing ships brings cybersecurity issues of maritime transport to the forefront in view of possible failure, malfunction, or errors in their operation, which can be crucial for the functionality of the vessel and, as a result, cause negative effects on its safety and security, and the safety of navigation as a whole.
The ship's cybersecurity management system should be integrated into the security and safety systems and should be involved at all levels from the management of the shipping company ashore to the ship's administration including all crew members to ensure safe operation and routine activities on board ship. Primarily, the control over reception, storage, and processing of information data, which can be a basis in the acceptance of administrative or operational decisions, should be established. Additionally, in order to develop a set of measures aimed at cybersecurity of the ship, all vulnerable technical systems must be clearly identified, categorized, and adequately protected. Comprehensiveness or integrity is important to ensure the effectiveness of any measures. Incidents related to various contingencies, such as unplanned course changes, machinery automation failures due to cyberattacks or other types of cyberattacks, could only be excluded by a comprehensive approach to ship cybersecurity system design. The practical implementation of ship vulnerability assessment and the proposed model can be supported by the development of measures and preventive actions by shipowners and operator companies to improve the cybersecurity of the fleet, such as control of open access ports, antivirus protection and firewall, regular system data updates, abandonment of outdated operating systems, introduction of new cybersecurity products.

CONFLICT OF INTEREST:
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.