Classification of Cyber Risks for Sea Vessel’s Voyage Cycle

Abstract

Modern digital transformation in the shipping industry Shipping 4.0 is accompanied by increased automation and autonomy of the ship. This means strengthening the digitization of the ship's navigation systems (cyber systems). Therefore, the safe operation and navigation of modern ships depends on the adequate operation of cyber-physical systems, which are created on the basis of information and operational technologies. Such interconnections of ship information systems inevitably increase the vulnerability of the ship's digital navigation infrastructure to cyber-attacks. The article examines methods of controlling cyber risks of various origins, which determine the priority of flows, their internal interconnection and relations with the sources of messages that form them. The formalization of the qualitative and quantitative properties of information flows of the voyage cycle using matrix and graph-analytical modeling methods has been carried out. A decomposition of information was built and a cluster of information security of ship maneuvering control was defined, with its access closed for cyber-attacks. In the event of cyber-attacks, it is very important for the navigator to determine the moment of it’s appearance and the state of navigational devices of the bridge. Usually, the working state of the device is determined by the presence of electric current in it. However, only the presence of current in the device during cyber-attacks is not enough to assess its working condition. Inspection and verification of 11 navigation devices on the bridge takes a lot of time, which the navigator does not have in the event of a cyber-attack. Therefore, we propose to introduce an additional function of controlling the working status of each navigational device, and to transmit the results of all devices to a separate navigation cluster Mk of the navigation bridge via shielded cable lines of the vessel without other methods. This will make it possible to gather information about all the devices in one place on the bridge, protect it from cyberattacks, and quickly determine the operating status of all the navigation devices on the bridge. Descriptive modeling of the meaningful categories of the information space of maritime routes during cyberattacks was performed. The proposed classification of cyber risks has a logical structure based on the grouping of message flows, using the cluster connection coefficient between them. This makes it possible to assess the criticality of the impact of cyber-attacks on the ship and to choose ways to reduce their impact on the maneuvering of the ship in the voyage cycle.