AN INTEGRATED APPROACH TO ASSESSING AND APPLYING INTERNATIONAL CYBERSECURITY STANDARDS IN THE MARITIME SECTOR
DOI:
https://doi.org/10.14308/ite000821Keywords:
cyber incident, cybersecurity of ship systems, security standards, information technology, operational technology, human factor, TRL analysisAbstract
The maritime sector is facing a growing number of cyber threats that challenge the operational safety of vessels and ports. This study analyses cyber incident detection operations and standards, examines current challenges in maritime cybersecurity, and based on this analysis, proposes a new approach to the development of a cyber incident response plan. The implementation of international cybersecurity standards ISO/IEC 27001, NIST CSF, IEC 62443, as well as the guidelines of the International Maritime Organization (IMO) [12, 13, 14, 22], has become mandatory in modern maritime cybersecurity practice. However, a detailed analysis of regulatory documents, scientific publications, and the conducted preliminary study indicates that the effectiveness of these standards is limited due to incomplete coverage of the system life cycle, technical challenges related to the integration of information and operational technologies, insufficient consideration of the interaction between onboard systems of different vessel types, and inadequate attention to the impact of the human factor on ensuring sustainable and secure maritime operations. Therefore, the development of a methodological approach to creating an adaptive cyber incident response plan for different vessel types, considering international standards and the specifics of shipboard operational technologies, remains a relevant and urgent task. The aim of this study is to substantiate and develop an integrated approach to assessment and recommendations for the application of international cybersecurity standards under real vessel operating conditions. The proposed approach combines multicriteria analysis of standards, technological, organizational, and human factors, and considers modern cyber threats specific to the maritime industry. To reduce the impact of the human factor and to validate the proposed model, the next step involves implementing the project within the educational system of the relevant specialization and its practical application during cadets’ sea training. Further application is envisaged for operational training of ship crew members onboard vessels. The practical significance of the study lies in the possibility of using the obtained results by shipping companies, port authorities, and for personnel training in accordance with international standard requirements. According to a report by Thetius, CyberOwl, and HFW, in 2024 alone, one in five shipping companies experienced some form of cyberattack [35]. Survey results indicate that 93% of crew members admitted they do not feel capable of solving cybersecurity-related tasks, while 70% believe that proper training and timely exercises would significantly improve their preparedness. These findings are supported by recent CyberOwl studies, which show that out of more than 12,000 cyber incidents recorded on vessels in 2024, 60% involved malware infections. Alarmingly, 77% of these incidents were caused through USB storage devices and other removable media, such as personnel laptops. Timely awareness, specialized training, certification, and the signing of responsibility agreements by personnel represent an effective path toward significantly reducing cyber risks in the maritime sector. The development of cybersecurity standards and strict compliance with their requirements remains one of the key measures for enhancing maritime cybersecurity.
Downloads
References
Akpan, F., Bendiab, G., Shiaeles, S., Karamperidis, S., & Michaloliakos, M. (2022). Cybersecurity challenges in the maritime sector. Network, 2(1), 123-138. https://doi.org/10.3390/network2010009
Alcaide, J., & Llave, R. (2020). Maritime cyber risk: A review of incidents and mitigation strategies. Safety Science, 130, 104821. https://doi.org/10.1016/j.ssci.2020.104821
Alcaide, J. I., & Llave, R. G. (2020). Critical infrastructures cybersecurity and the maritime sector. Transportation Research Procedia, 45, 547-554. https://doi.org/10.1016/j.trpro.2020.03.058
American Club. (n.d.). A primer on IMO cyber risk management guidelines. https://www.american-club.com/files/files/A_Primer_on_IMO_Cyber_Risk_Management_Guidelines.pdf
Androjna, A., Brcko, T., Pavic, I., & Greidanus, H. (2020). Assessing cyber challenges of maritime navigation. Journal of Marine Science and Engineering, 8(10), 776. https://doi.org/10.3390/jmse8100776
BIMCO. (2024). The guidelines on cyber security onboard ships (Version 5). https://www.bimco.org/media/s4ddrsfe/2024-11-14-guidelines_on_cyber_security-v5final.pdf
Bolbot, V., Kulkarni, K., Brunou, P., Banda, O., & Musharraf, M. (2022). Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis. International Journal of Critical Infrastructure Protection, 39, 100571. https://doi.org/10.1016/j.ijcip.2022.100571
Čelić, J., Vukšić, M., Baždarić, R., & Cuculić, A. (2025). The challenges of cyber resilience in the maritime sector: Addressing weak awareness of cyber threats. Journal of Marine Science and Engineering, 13(4), 762. https://doi.org/10.3390/jmse13040762
Čelić, J., & Vukšić, M. (2018). Cyber security in maritime systems: Risks and challenges. Pomorstvo, 32(1), 17-25.
International Electrotechnical Commission. (2021). IEC 62443-1-1:2021 Security for industrial automation and control systems. https://www.iec.ch
International Maritime Organization. (2017). Resolution MSC.428(98): Maritime cyber risk management in safety management systems. https://www.imo.org
International Organization for Standardization. (2013). ISO 16290:2013 Space systems: Definition of the technology readiness levels (TRLs) and their criteria of assessment. https://www.iso.org
International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection. https://www.iso.org/standard/27001
International Organization for Standardization. (2023). ISO/IEC 27035-1:2023 Information security incident management. https://www.iso.org/standard/78973.html
Kaminska, N., Kravtsova, L., Kravtsov, H., & Zaytseva, T. (2023). Modeling ship cybersecurity using Markov chains: An educational approach. In Proceedings of the 11th Workshop on Cloud Technologies in Education. CEUR Workshop Proceedings. 22-35. http://ceur-ws.org/
Kavallieratos, G., Katsikas, S., & Gkioulos, V. (2023). Cyberattacks against the autonomous ship. Computer Security. Springer. 20-36.
Karas, A. (2023). Maritime industry cybersecurity: A review of contemporary threats. European Research Studies Journal, 26, 921-935. https://doi.org/10.35808/ERSJ/3336
Kessler, G., & Shepard, S. (2020). Maritime cybersecurity: A guide for leaders and managers. Independently published.
Macdonald, F. (2025). The lifecycle dilemma: Navigating cybersecurity risks across designing, constructing and operating a vessel. Thetius, CyberOwl, & HFW. https://thetius.com/wp-content/uploads/2025/03/Thetius-CyberOwl-HFW-The-Lifecycle-Dilemma.pdf
Martínez, F., Sánchez, L., Santos-Olmo, A., Rosado, D., & Fernández-Medina, E. (2025). Poseidon: An integrated cybersecurity framework for maritime systems with empirical validation. Research Square. https://doi.org/10.21203/rs.3.rs-7490210/v1
Mission Secure. (n.d.). Complying with the IMO 2021 cyber risk management regulations. https://www.missionsecure.com/regulation-overview-imo-2021-cyber-risk-management-compliance
National Institute of Standards and Technology. (2024). The NIST cybersecurity framework (CSF) 2.0. https://www.nist.gov
National Institute of Standards and Technology. (2024). Cybersecurity framework profile guidance (NIST CSWP 29). https://doi.org/10.6028/NIST.CSWP.29
Oruc, A., Bauk, S., & Zhou, J. (2025). A National Maritime Cyber Security Operations Centre (M-SOC) Concept. Marine Science and Engineering, 14(1), 17-29. https://doi.org/10.3390/jmse14010017
Reason, J. (2020). Human error. Cambridge University Press.
Saaty, T. (1990). How to make a decision: The analytic hierarchy process. European Journal of Operational Research, 48(1), 9-26. https://doi.org/10.1016/0377-2217(90)90057-I)
Saaty, T. (2008). Decision making with the analytic hierarchy process. International Journal of Services Sciences, 1(1), 83-98.
Skladannyi, P., Kostiuk, Y., Zhyltsov, O., Savchenko, Y., & Antypin, Y. (2025). Intelligent modeling of personalized learning in cybersecurity training. In Proceedings of CPITS-II 2025. CEUR Workshop Proceedings. 95-119.
Вавіленкова, А. (2025). Процес управління кіберінцидентами як необхідний етап в організації кібербезпеки підприємства. Інформаційна безпека людини, суспільства, держави, 1(38), 64-71. https://journals.uran.ua/ispss/article/view/340022
Горбов, В., Ратушняк, І., & Горбова, Г. (2023). Стандарти компетентності персоналу морських суден та захисту його прав. Миколаїв: НУК.
Зайцева, Т., Безбах, О., & Камінська, Н. (2025). Кібербезпека в морській галузі: загрози, реагування та управління інцидентами. Прикладні питання математичного моделювання, 8(1), 65-78. https://doi.org/10.32782/mathematical-modelling/2025-8-1-6
Корнієнко, О. (2023). Тенденції цифрових технологій у морському менеджменті. Економіка та управління національним господарством,
, 51-56. https://doi.org/10.32782/2521-666X/2023-81-6
Кочерєв, О. (2021). Система сертифікації судноводіїв у сфері морського, зокрема річкового, судноплавства в Україні. Південноукраїнський правничий журнал, 3(1), 77-81.
Кравцова, Л., Зайцева, Т., & Камінська, Н. (2023). Марковські процеси в дослідженні ймовірності кібератак на морському судні. Information Technologies in Education (ITE), 3(52), 20–32. https://doi.org/10.14308/ite000763
Новини про дослідження Thetius/CyberOwl/HFW. (2025). Центр транспортних стратегій. https://cfts.org.ua/news/2025/03/13/u_2024_rotsi_kozhna_pyata_sudnoplavna_kompaniya_zaznala_kiberataki_doslidzhennya_82248
Downloads
Published
How to Cite
Issue
Section
License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.





















