Review of marine ship communication cybersecurity

doi:10.11772/j.issn.1001-9081.2023070975

Journal of Computer Applications ›› 2024, Vol. 44 ›› Issue (7): 2123-2136.DOI: 10.11772/j.issn.1001-9081.2023070975

• Cyber security • Previous Articles Next Articles

Review of marine ship communication cybersecurity

Zhongdai WU¹^,², Dezhi HAN³, Haibao JIANG³, Cheng FENG³(), Bing HAN¹, Chongqing CHEN³

^1.Shanghai Ship and Shipping Research Institute Company Limited，Shanghai 200135，China
^2.State Key Laboratory of Maritime Technology and Safety，Shanghai 200135，China
^3.College of Information Engineering，Shanghai Maritime University，Shanghai 201306，China

Received:2023-07-19 Revised:2023-09-27 Accepted:2023-09-27 Online:2023-10-26 Published:2024-07-10
Contact: Cheng FENG
About author:WU Zhongdai， born in 1976， Ph. D.， professor. His research interests include cognitive radio， secure transmission in heterogeneous wireless networks.
HAN Dezhi， born in 1966， Ph. D.， professor. His research interests include network security， wireless network security， intelligent ship system security.
JIANG Haibao， born in 1998， M. S. His research interests include wireless communication and network， network security.
CHEN Chongqing， born in 1994， Ph. D. candidate. His research interests include network security based on reinforcement learning.
First author contact:FENG Cheng， born in 1999， M. S. candidate. His research interests include deep learning-based ship search.
HAN Bin， born in 1983， Ph. D.， professor. His research interests include intelligent ship system security， intelligent ship network system architecture， intelligent operation and maintenance.
Supported by:
National Key R&D Program(2021YFC2801000);Shanghai Science and Technology Plan(22XD1431000);Shanghai Natural Science Foundation(21ZR1426500);Graduate Students Top-notch Innovative Talent Cultivation Program of Shanghai Maritime University(2022YBR005)

海洋船舶通信网络安全综述

吴中岱¹^,², 韩德志³, 蒋海豹³, 冯程³(), 韩冰¹, 陈重庆³

^1.上海船舶运输科学研究所有限公司, 上海 200135
^2.水路交通控制全国重点实验室, 上海 200135
^3.上海海事大学信息工程学院, 上海 201306

通讯作者: 冯程
作者简介:吴中岱（1976—），男，江苏无锡人，教授，博士，主要研究方向：认知无线电、异构无线网络安全传输；
韩德志（1966—），男，河南信阳人，教授，博士，CCF高级会员，主要研究方向：网络安全、无线网络安全、智能船舶系统安全；
蒋海豹（1998—），男，安徽六安人，硕士，主要研究方向：无线通信与网络、网络安全；
韩冰（1983—），男，辽宁大连人，教授，博士，主要研究方向：智能船舶系统安全、智能船舶网络系统架构、智能运维；
陈重庆（1994—），男，安徽安庆人，博士研究生，主要研究方向：基于强化学习的网络安全。
第一联系人：冯程（1999—），男，江苏盐城人，硕士研究生，主要研究方向：基于深度学习的船舶搜索；
基金资助:
国家重点研发计划项目(2021YFC2801000);上海市科技计划项目(22XD1431000);上海市自然科学基金资助项目(21ZR1426500);上海海事大学研究生拔尖创新人才培养项目(2022YBR005)

Abstract

Abstract:

Maritime transportation is one of the most important modes of human transportation. Maritime cybersecurity is crucial to avoid financial loss and ensure shipping safety. Due to the obvious weakness of maritime cybersecurity， maritime cyberattacks are frequent. There are a lot of research literatures about maritime cybersecurity at domestic and abroad， but most of them have not been reviewed yet. The structures， risks and countermeasures of the maritime network were systematically organized and comprehensively introduced. On this basis， some suggestions were put forward to deal with the maritime cyberthreats.

Key words: marine ship communication network, ship network security, network attack, attack defense

摘要：

海上运输是人类最重要的运输方式之一，海上船舶通信网络安全对一个涉海国家的经济发展至关重要。由于海上船舶通信网络基础设施建设远不如陆地互联网络基础设施建设完善，其通信网络存在很多安全漏洞，导致多起船舶在海洋航行时遭受网络攻击。近几年，国内外已有大量有关海上通信网络安全的研究文献，但缺乏海洋船舶通信网络安全研究综述文献发表。为此，针对海洋船舶通信网络结构、存在的网络安全风险及其应对安全措施等研究文献进行系统的梳理和综合讨论。在此基础上，对海上船舶通信网络安全威胁提出应对的策略和建议。

关键词: 海洋船舶通信网络, 船舶网络安全, 网络攻击, 攻击防御

CLC Number:

TP393

Zhongdai WU, Dezhi HAN, Haibao JIANG, Cheng FENG, Bing HAN, Chongqing CHEN. Review of marine ship communication cybersecurity[J]. Journal of Computer Applications, 2024, 44(7): 2123-2136.

吴中岱, 韩德志, 蒋海豹, 冯程, 韩冰, 陈重庆. 海洋船舶通信网络安全综述[J]. 《计算机应用》唯一官方网站, 2024, 44(7): 2123-2136.

Figures/Tables 12

References 97

1	AVEN T. On the meaning of a black swan in a risk context ［J］. Safety Science， 2013， 57： 44-51.
2	TALEB N N. The black swan： the impact of the highly improbable ［J］. Academy of Management Perspectives， 2011， 25（2）： 87-90.
3	KIISKI T. Major maritime cyber incidents ［EB/OL］. ［2023-09-05］. .
4	MELAND P H， BERNSMED K， WILLE E， et al. A retrospective analysis of maritime cyber security incidents ［J］. TransNav， 2021， 15（3）： 519-530.
5	RISI Online incident database ［DB/OL］. ［2023-09-05］. .
6	KOCHETKOVA K. Maritime industry is easy meat for cyber criminals ［EB/OL］. （2015-03-22）［2023-09-05］. .
7	CHAN E S Y. Global challenges in maritime security： an introduction ［J］. Global Change， Peace & Security， 2021， 33（1）： 100-102.
8	Maritime cyber-risks ［EB/OL］. ［2023-09-05］. .
9	BELMONT K B. Maritime Cybersecurity： cyber cases in the maritime environment ［EB/OL］. ［2023-09-05］. .
10	McQUADE M. The untold story of NotPetya， the most devastating cyberattack in history ［EB/OL］. ［2023-09-05］. .
11	WARRICK J， NAKASHIMA E. Officials： Israel linked to a disruptive cyberattack on Iranian port facility ［EB/OL］. （2020-05-18）［2023-09-05］. .
12	Hurtigruten hit by cyber-attack ［EB/OL］. ［2023-09-05］. .
13	PSIAKI M L， HUMPHREYS T E. Protecting GPS from spoofers is critical to the future of navigation ［EB/OL］. ［2023-09-05］. .
14	Cyber threats prompt return of radio for ship navigation ［EB/OL］. ［2023-09-05］. .
15	Windward. AIS data on the high seas： an analysis of the magnitude and implications of growing data manipulation at sea ［EB/OL］. ［2023-09-05］. .
16	Biggest DDoS attack on record hits Github ［EB/OL］. ［2023-09-05］. .
17	LEMOS R. Coast guard warns shipping firms of maritime cyberattacks ［EB/OL］. ［2023-09-05］. .
18	MIMOSO M. Icefog espionage campaign is ‘hit and run’ targeted operation ［EB/OL］. ［2023-09-05］. .
19	Norwegian maritime cyber resilience centre ［EB/OL］. ［2023-09-05］. .
20	BØE E， JORDHEIM H. Politiet etterforsker dataangrepet mot Hurtigruten ［EB/OL］. ［2023-09-05］. .
21	WALKER J. AIDA cruise ships under cyber attack： are costa ships also affected ［EB/OL］. ［2023-09-05］. .
22	The Icefog APT： a tale of cloak and three daggers ［EB/OL］. ［2023-09-05］. .
23	KRISTIANSEN T. DR： Kina hackede sig ind i Søfartsstyrelsen ［EB/OL］. ［2023-09-05］. .
24	Australian defense shipbuilder Austal hit by cyber attack ［EB/OL］. ［2023-09-05］. .
25	ZĂGAN R， RAICU G， HANZU-PAZARA R， et al. Realities in maritime domain regarding cyber security concept ［J］. Advanced Engineering Forum， 2018， 27： 221-228.
26	MRAKOVIĆ I， VOJINOVIĆ R. Maritime cyber security analysis： How to reduce threats ［J］. Transaction on Maritime Science， 2019， 8（1）： 132-139.
27	SHAIKH S A. Future of the sea： cyber security ［EB/OL］. （2017-08）［2023-09-05］. .
28	吴笑风，许攸.海上网络安全：航运与船舶工业的跨界挑战［J］.中国船检， 2017（7）： 42-44， 110-111.
	WU X F， XU Y. Maritime cyber security： challenges for shipping and shipbuilding industry ［J］. China Ship Survey， 2017（7）： 42-44， 110-111.
29	DIRENZO J， GOWARD D A， ROBERTS F S. The little-known challenge of maritime cyber security ［C］// Proceedings of the 2015 6th International Conference on Information， Intelligence， Systems and Applications. Piscataway： IEEE， 2015： 1-5.
30	SAKAR C， KOSEOGLU B， BUBER M， et al. Are the ships fully secured against the cyber-attacks？［C］// Proceedings of the 3rd Global Conference on Innovation in Marine Technology and the Future of Maritime Transportation. Izmir： UCTEA Turkish Chamber of Marine Engineers， 2019： 276-288.
31	PENG P， CHENG S， CHEN J， et al. A fine-grained perspective on the robustness of global cargo ship transportation networks ［J］. Journal of Geographical Sciences， 2018， 28（7）： 881-889.
32	ANDROJNA A， BRCKO T， PAVIC I， et al. Assessing cyber challenges of maritime navigation ［J］. Journal of Marine Science and Engineering， 2020， 8（10）： 776.
33	Overview of maritime industries ［EB/OL］. ［2023-09-05］. .
34	LARSEN M H， LUND M S. A maritime perspective on cyber risk perception： a systematic literature review ［J］. IEEE Access， 2021， 9： 144895-144905.
35	SVILIČIĆ B， BRČIĆ D， ŽUŠKIN S， et al. Raising awareness on cyber security of ECDIS ［J］. TransNav， 2019， 13（1）： 231-236.
36	FURUMOTO K， KOLEHMAINEN A， SILVERAJAN B， et al. Toward automated smart ships： designing effective cyber risk management ［C］// Proceedings of 2020 International Conferences on Internet of Things and IEEE Green Computing and Communications and IEEE Cyber， Physical and Social Computing and IEEE Smart Data and IEEE Congress on Cybermatics. Piscataway： IEEE， 2020： 100-105.
37	GOUDOSSIS A， KATSIKAS S K. Towards a secure Automatic Identification System （AIS）［J］. Journal of Marine Science and Technology， 2019， 24： 410-423.
38	BALDUZZI M， WILHOIT K， PASTA A. AIS Exposed： understanding vulnerabilities & attacks 2.0 ［EB/OL］. ［2023-09-05］. .
39	BALDUZZI M， PASTA A， WILHOIT K. A security evaluation of AIS automated identification system ［C］// Proceedings of the 30th Annual Computer Security Applications Conference. New York： ACM， 2014： 436-445.
40	KESSLER G C. Protected AIS： a demonstration of capability scheme to provide authentication and message integrity ［J］. TransNav， 2020， 14（2）： 279-286.
41	HARMAN S. The performance of a novel three-pulse radar waveform for marine radar systems ［C］// Proceedings of the 5th European Radar Conference. Piscataway： IEEE， 2008： 160-163.
42	LEITE W C， Jr， DE MORAES C C， DE ALBUQUERQUE C E P， et al. A triggering mechanism for cyber-attacks in naval sensors and systems ［J］. Sensors， 2021， 21（9）： 3195.
43	DIPERT R R. Other-Than-Internet （OTI） cyberwarfare： challenges for ethics， law， and policy ［J］. Journal of Military Ethics， 2013， 12（1）： 34-53.
44	YANG C， FENG L， ZHANG H， et al. A novel data fusion algorithm to combat false data injection attacks in networked radar systems ［J］. IEEE Transactions on Signal and Information Processing over Networks， 2018， 4（1）： 125-136.
45	LI W， WANG J. Magnetic sensors for navigation applications： an overview ［J］. Journal of Navigation， 2014， 67（2）： 263-275.
46	MEDNIKAROV B， TSONEV Y， LAZAROV A. Analysis of cybersecurity issues in the maritime industry ［J］. Information & Security， 2020， 47（1）： 27-43.
47	BOYES H. Maritime cyber security： securing the digital seaways ［J］. Engineering & Technology Reference， 2014， 1： 56-63.
48	TAM K， FORSHAW K， JONES K. Cyber-SHIP： developing next generation maritime cyber research capabilities ［C/OL］// Proceedings of International Conference on Marine Engineering & Technology （ 2019-11-05）［2023-07-01］. .
49	AVANESOVA T P， GRUZDEVA L K， IUSKAEV R A， et al. Analysis of cyber-security aspects both ashore and at sea ［J］. IOP Conference Series： Earth and Environmental Science， 2021， 872： 012024.
50	SVILICIC B， KAMAHARA J， CELIC J， et al. Assessing ship cyber risks： a framework and case study of ECDIS security ［J］. WMU Journal of Maritime Affairs， 2019， 18： 509-520.
51	BOTHUR D， ZHENG G， VALLI C. A critical analysis of security vulnerabilities and countermeasures in a smart ship system ［C］// Proceedings of the 15th Australian Information Security Management Conference. Perth：［s.n.］， 2017： 81-87.
52	KARAMPERIDIS S， KAPALIDIS C， WATSON T. Maritime cyber security： a global challenge tackled through distinct regional approaches ［J］. Journal of Marine Science and Engineering. 2021， 9（12）： 1323.
53	苏义鑫，刘宇杰，龙飞.船舶网络安全综述［J］.船电技术， 2018， 38（9）： 11-14.
	SU Y X， LIU Y J， LONG F. Overview on ship cyber security ［J］. Marine Electric & Electronic Technology， 2018， 38（9）： 11-14.
54	HYRA B. Analyzing the attack surface of ships： brace yourself cyber pirates are coming ［EB/OL］. 2019 ［2023-09-05］. .
55	罗毅.探讨根据信息集成预处理的船舶综合舰桥系统［J］.内燃机与配件， 2021（23）： 237-238.
	LUO Y. Discuss the integrated ship bridge system based on information integration ［J］. Internal Combustion Engine & Parts， 2021（23）： 237-238.
56	SUMIĆ D， PERAKOVIĆ D， JURČEVIĆ M. Contribution to ECDIS reliability using Markov model ［J］. Transactions on Maritime Science， 2014， 3（2）： 149-157.
57	Ships movement information display system ［EB/OL］. ［2023-09-05］. .
58	Bon Voyage System （BVS）［EB/OL］. ［2023-09-05］. .
59	BMT Smart to launch new Smartfleet management system ［EB/OL］. ［2023-09-05］. .
60	毛新锐，王华.基于无线网络技术的船舶通信系统设计［J］.自动化与仪器仪表， 2014（10）： 111-123.
	MAO X R， WANG H. Design of ship communication system based on wireless network technology ［J］. Automation & Instrumentation， 2014（10）： 111-123.
61	Reveiw of maritime transport 2018 ［EB/OL］. ［2023-09-05］. .
62	JONES K D， TAM K， PAPADAKI M. Threats and impacts in maritime cyber security ［J/OL］. Engineering & Technology Reference， 2012［2023-07-01］. .
63	MARTIN K， HOPCRAFT R. Why 50000ships worldwide are vulnerable to cyberattacks ［EB/OL］. ［2023-09-05］. .
64	Can you hack a ship？ Global maritime industry ripe for hacking ［EB/OL］. ［2023-09-05］. .
65	How hackers are targeting the shipping industry ［EB/OL］. ［2023-09-05］. .
66	KINTHAERT L. 8 Experts weigh in on cybersecurity in shipping & maritime ［EB/OL］. ［2023-09-05］. .
67	BELMONT K B. Maritime cyber attacks： changing tides ［EB/OL］. （2015-11-16）［2023-09-05］. .
68	NGUYEN L. Crew connectivity 2018 survey report ［EB/OL］. ［2023-09-05］. .
69	IVEZIC M. Defeating 21st century pirates： the maritime industry and cyberattacks ［EB/OL］. ［2023-09-05］. .
70	朱钰珏.海上网络安全与控制问题研究［J］.信息记录材料， 2020， 21（9）： 186-188.
	ZHU Y J. Research on maritime cyber security and control issues ［J］. Information Recording Materials， 2020， 21（9）： 186-188.
71	Browse vulnerabilities by date ［DB/OL］. ［2023-09-05］. .
72	STAY D M. IHS fairplay cyber security survey 2016 in association with BIMCO ［EB/OL］. （2016-08-02）［2023-09-05］. .
73	WAN X， GAN C. Electronic chart display and information system ［J］. Geo-spatial Information Science， 2002， 5（1）： 7-11.
74	WEINTRIT A. The Electronic Chart Display and Information System （ECDIS）： an Operational Handbook ［M］. Boca Raton： CRC Press， 2009.
75	RUTKOWSKI G. ECDIS limitations， data reliability， alarm management and safety settings recommended for passage planning and route monitoring on VLCC Tankers ［J］. TransNav， 2018， 12（3）： 483-490.
76	Hacking， tracking， stealing and sinking ships ［EB/OL］. ［2023-09-05］. .
77	BHATTI J， HUMPHREYS T. Covert control of surface vessels via counterfeit civil GPS signals ［EB/OL］. ［2023-09-05］. .
78	WEINTRIT A. Operational considerations for Electronic Chart Display and Information Systems （ECDIS）［EB/OL］. ［2023-09-05］. .
79	Maritime security ［EB/OL］. ［2023-09-05］. .
80	Marine traffic ［EB/OL］. ［2023-09-05］. .
81	WAGSTAFF J. All at sea： global shipping fleet exposed to hacking threat ［EB/OL］. （2014-04-24）［2023-09-05］. .
82	ASHOUR M. The influence on safety at sea from the Voyage Data Recorder （VDR）［J］. International Journal of Multidisciplinary and Current Research， 2013， 3（5）： 955-960.
83	GALLAGHER S. Hacked at sea： researchers find ships’ data recorders vulnerable to attack ［EB/OL］. ［2023-09-05］. .
84	BRODIE P. Commercial Shipping Handbook ［M］. London： Informa Law from Routledge， 2006： 222-226.
85	陈林春，吴晓红. AIS和RADAR/ARPA在保障船舶安全航行中的应用探讨［J］.浙江国际海运职业技术学院学报， 2010（4）： 9-12.
	CHEN L C， WU X H. On application of AIS and RADAR/ARPA to guarantee safety of ships during voyage ［J］. Journal of Zhejiang International Maritime College， 2010（4）： 9-12.
86	CLARKE R A， KNAKE R. Cyber War： the Next Threat to National Security and What to do About it ［M］. New York： Ecco， 2010： 1-304.
87	ADEE S. The hunt for the kill switch ［EB/OL］. ［2023-09-05］. .
88	CARUSO M J. Applications of magnetoresistive sensors in navigation systems ［J］. SAE Transactions， 1997， 106： 1092-1098.
89	GRANT G A A. The ship’s compass： including general magnetism， theory， practice and calculations relating to magnetic and gyro compasses ［M］. 2nd ed. London： Routledge and K. Paul， 1970： 1-436.
90	MUNRO K. Hacking maritime IFTFCC messaging for invoice fraud ［EB/OL］. ［2023-09-05］. .
91	Which remote printing protocol to use？［EB/OL］. ［2023-09-05］. .
92	How can I encrypt my print jobs？［EB/OL］. ［2023-09-05］. .
93	MIAO Y. Have printers become a gateway for malware？［EB/OL］. ［2023-09-05］. .
94	Printers can be a hacker’s gateway to your network ［EB/OL］. ［2023-09-05］. .
95	Heres why your email is insecure and likely to stay that way ［EB/OL］. ［2023-09-05］. .
96	Direction des Affaires Maritimes. Cyber sécurité： renforcer la protection des systèmes industriels du navire ［EB/OL］. ［2023-09-05］. .
97	PAUQUET W， BERCY J， BENEDITTINI M. Cybersécurité dans le milieu maritime ［EB/OL］. ［2023-09-05］. .

影响	主要具体手段
针对海上航行采取行动，将船带到危险区域（礁石、海盗等）	• 对定位系统干扰或拒绝服务； • 攻击助航系统
在狭窄水域或附近采取行动，使船舶处于危险状态，如碰到障碍物或其他船舶	• 接管或破坏船舶的控制设备（舵、推进等）； • 发射错误的自动识别系统（AIS）回波； •攻击用来传达命令的内部通信网络（语音或信息）
针对海上安全系统行动	• 禁止或修改有关的船舶安全信息（天气、紧急通知、电子导航系统、安全警报系统等）
针对船舶的完整性、可用性或安全性行动	• 攻击船舶或其货物的工业或安全系统（推进、火水探测和控制系统、阀门开关等）； • 恶意接管船舶监管流程和设备远程维护操作
针对船舶的网络安全采取行动	• 船组人员执行IT操作中的风险行为； • 无法维持安全状况或舰载信息安全参数； • 发生计算机网络攻击时船组人员应对不良
降低船舶和主管部门的反应能力，以便促进恶意行为	• 对通信系统干扰或攻击，阻止发出遇险信号

影响	主要具体手段
针对海上航行采取行动，将船带到危险区域（礁石、海盗等）	• 对定位系统干扰或拒绝服务； • 攻击助航系统
在狭窄水域或附近采取行动，使船舶处于危险状态，如碰到障碍物或其他船舶	• 接管或破坏船舶的控制设备（舵、推进等）； • 发射错误的自动识别系统（AIS）回波； •攻击用来传达命令的内部通信网络（语音或信息）
针对海上安全系统行动	• 禁止或修改有关的船舶安全信息（天气、紧急通知、电子导航系统、安全警报系统等）
针对船舶的完整性、可用性或安全性行动	• 攻击船舶或其货物的工业或安全系统（推进、火水探测和控制系统、阀门开关等）； • 恶意接管船舶监管流程和设备远程维护操作
针对船舶的网络安全采取行动	• 船组人员执行IT操作中的风险行为； • 无法维持安全状况或舰载信息安全参数； • 发生计算机网络攻击时船组人员应对不良
降低船舶和主管部门的反应能力，以便促进恶意行为	• 对通信系统干扰或攻击，阻止发出遇险信号

[1]	Wenting BI, Haitao LIN, Liqun ZHANG. Moving target defense decision-making algorithm based on multi-stage evolutionary signal game model [J]. Journal of Computer Applications, 2022, 42(9): 2780-2787.
[2]	ZHOU Aiping, ZHU Chengang. Detection method for network-wide persistent flow based on sketch data structure [J]. Journal of Computer Applications, 2019, 39(8): 2354-2358.
[3]	WU Ruohao, DONG Ping, ZHENG Tao. Malicious scanning protection technology based on OpenDayLight [J]. Journal of Computer Applications, 2018, 38(1): 188-193.
[4]	SUN Wenjun, SU Yang, CAO Zhen. Attack-defense game model for advanced persistent threats with asymmetric information [J]. Journal of Computer Applications, 2017, 37(9): 2557-2562.
[5]	WAN Zhiping. UAPL: Wireless sensor network user authentication based on improved Das protocol [J]. Journal of Computer Applications, 2014, 34(2): 452-455.
[6]	WANG Chun-zi HUANG Guang-qiu. Network attack-defense strategy based on rough Bayesian game [J]. Journal of Computer Applications, 2011, 31(03): 784-789.
[7]	. Worm discrete propagation model based on uneven random scan [J]. Journal of Computer Applications, 2010, 30(10): 2677-2678.
[8]	. Network risk assessment model based on rough graph [J]. Journal of Computer Applications, 2010, 30(1): 190-195.
[9]	. Improved algorithm for generating random CAPTCHA [J]. Journal of Computer Applications, 2010, 30(06): 1501-1504.
[10]	. Design of an immune model based on fuzzy pattern recognition [J]. Journal of Computer Applications, 2007, 27(1): 89-91.
[11]	. An extensible distributed testing system for network attack [J]. Journal of Computer Applications, 2006, 26(9): 2140-2144.
[12]	ShuJun Li . Research on technology of DoS based on protocol transform [J]. Journal of Computer Applications, 2006, 26(10): 2323-2325.

Review of marine ship communication cybersecurity

海洋船舶通信网络安全综述

RichHTML

PDF

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 12

References 97

Related Articles 12

Recommended Articles

Metrics