Cybersecurity in remote operations: Managing cyber risks to unmanned maritime autonomous surface ships

Abstract

As society moves towards increasing levels of digitalisation, the risk of cyber-attacks having potentially devastating impacts is increasing. In the maritime industry, the result of digitalisation is showing itself in the ongoing introduction of maritime autonomous surface ships (MASS) which can operate without crew on board. The increased reliance on technology introduces concerns regarding more cybersecurity vulnerabilities and increased attack surface, leading to new or heightened cyber risks. To this end, this study set out to answer the question: How can the cybersecurity risks related to unmanned maritime autonomous surface ships be managed?

To answer this question, this study has explored the existing risks, the potential barriers, and other factors which can contribute to managing the risks. The research has been conducted as a qualitative case study of autonomous ships in the maritime industry, using data from a systematic literature review of 18 cyber risk assessments of autonomous ships as well as 11 semi-structured expert interviews.

It was found that there is a wide array of cyber risks to autonomous ships, ranging from unauthorised access and theft of confidential information to modification or disruption of critical systems or information which can have severe consequences to the ship, such as loss of control, damage, or collision. To combat this, the study found that there are numerous barriers which can prevent or mitigate these risks, by detecting or averting attacks before they become successful, detecting ongoing attacks to reduce response time, or limiting the impact or consequences of a cyber incident. Moreover, there are multiple human, technological and organisational factors which can contribute to managing the cyber risks, by enhancing individual and organisational readiness as well as response-, learning-, and improvement potential. Conclusively it is argued that to manage cyber risks, the selection of barriers should include a consideration of their compatibility with the operational environment, while leveraging the human, technological, and organisational factors can potentially make up for limitations of the barriers and aid in the development of customised tools and approaches for autonomous ship cybersecurity.