AN INTEGRATED APPROACH TO ASSESSING AND APPLYING INTERNATIONAL CYBERSECURITY STANDARDS IN THE MARITIME SECTOR

Authors

  • Tetiana Zaitseva

DOI:

https://doi.org/10.14308/ite000821

Keywords:

cyber incident, cybersecurity of ship systems, security standards, information technology, operational technology, human factor, TRL analysis

Abstract

The maritime sector is facing a growing number of cyber threats that challenge the operational safety of vessels and ports. This study analyses cyber incident detection operations and standards, examines current challenges in maritime cybersecurity, and based on this analysis, proposes a new approach to the development of a cyber incident response plan. The implementation of international cybersecurity standards ISO/IEC 27001, NIST CSF, IEC 62443, as well as the guidelines of the International Maritime Organization (IMO) [12, 13, 14, 22], has become mandatory in modern maritime cybersecurity practice. However, a detailed analysis of regulatory documents, scientific publications, and the conducted preliminary study indicates that the effectiveness of these standards is limited due to incomplete coverage of the system life cycle, technical challenges related to the integration of information and operational technologies, insufficient consideration of the interaction between onboard systems of different vessel types, and inadequate attention to the impact of the human factor on ensuring sustainable and secure maritime operations. Therefore, the development of a methodological approach to creating an adaptive cyber incident response plan for different vessel types, considering international standards and the specifics of shipboard operational technologies, remains a relevant and urgent task. The aim of this study is to substantiate and develop an integrated approach to assessment and recommendations for the application of international cybersecurity standards under real vessel operating conditions. The proposed approach combines multicriteria analysis of standards, technological, organizational, and human factors, and considers modern cyber threats specific to the maritime industry. To reduce the impact of the human factor and to validate the proposed model, the next step involves implementing the project within the educational system of the relevant specialization and its practical application during cadets’ sea training. Further application is envisaged for operational training of ship crew members onboard vessels. The practical significance of the study lies in the possibility of using the obtained results by shipping companies, port authorities, and for personnel training in accordance with international standard requirements. According to a report by Thetius, CyberOwl, and HFW, in 2024 alone, one in five shipping companies experienced some form of cyberattack [35]. Survey results indicate that 93% of crew members admitted they do not feel capable of solving cybersecurity-related tasks, while 70% believe that proper training and timely exercises would significantly improve their preparedness. These findings are supported by recent CyberOwl studies, which show that out of more than 12,000 cyber incidents recorded on vessels in 2024, 60% involved malware infections. Alarmingly, 77% of these incidents were caused through USB storage devices and other removable media, such as personnel laptops. Timely awareness, specialized training, certification, and the signing of responsibility agreements by personnel represent an effective path toward significantly reducing cyber risks in the maritime sector. The development of cybersecurity standards and strict compliance with their requirements remains one of the key measures for enhancing maritime cybersecurity. 

Downloads

Download data is not yet available.

References

Akpan, F., Bendiab, G., Shiaeles, S., Karamperidis, S., & Michaloliakos, M. (2022). Cybersecurity challenges in the maritime sector. Network, 2(1), 123-138. https://doi.org/10.3390/network2010009

Alcaide, J., & Llave, R. (2020). Maritime cyber risk: A review of incidents and mitigation strategies. Safety Science, 130, 104821. https://doi.org/10.1016/j.ssci.2020.104821

Alcaide, J. I., & Llave, R. G. (2020). Critical infrastructures cybersecurity and the maritime sector. Transportation Research Procedia, 45, 547-554. https://doi.org/10.1016/j.trpro.2020.03.058

American Club. (n.d.). A primer on IMO cyber risk management guidelines. https://www.american-club.com/files/files/A_Primer_on_IMO_Cyber_Risk_Management_Guidelines.pdf

Androjna, A., Brcko, T., Pavic, I., & Greidanus, H. (2020). Assessing cyber challenges of maritime navigation. Journal of Marine Science and Engineering, 8(10), 776. https://doi.org/10.3390/jmse8100776

BIMCO. (2024). The guidelines on cyber security onboard ships (Version 5). https://www.bimco.org/media/s4ddrsfe/2024-11-14-guidelines_on_cyber_security-v5final.pdf

Bolbot, V., Kulkarni, K., Brunou, P., Banda, O., & Musharraf, M. (2022). Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis. International Journal of Critical Infrastructure Protection, 39, 100571. https://doi.org/10.1016/j.ijcip.2022.100571

Čelić, J., Vukšić, M., Baždarić, R., & Cuculić, A. (2025). The challenges of cyber resilience in the maritime sector: Addressing weak awareness of cyber threats. Journal of Marine Science and Engineering, 13(4), 762. https://doi.org/10.3390/jmse13040762

Čelić, J., & Vukšić, M. (2018). Cyber security in maritime systems: Risks and challenges. Pomorstvo, 32(1), 17-25.

International Electrotechnical Commission. (2021). IEC 62443-1-1:2021 Security for industrial automation and control systems. https://www.iec.ch

International Maritime Organization. (2017). Resolution MSC.428(98): Maritime cyber risk management in safety management systems. https://www.imo.org

International Organization for Standardization. (2013). ISO 16290:2013 Space systems: Definition of the technology readiness levels (TRLs) and their criteria of assessment. https://www.iso.org

International Organization for Standardization. (2022). ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection. https://www.iso.org/standard/27001

International Organization for Standardization. (2023). ISO/IEC 27035-1:2023 Information security incident management. https://www.iso.org/standard/78973.html

Kaminska, N., Kravtsova, L., Kravtsov, H., & Zaytseva, T. (2023). Modeling ship cybersecurity using Markov chains: An educational approach. In Proceedings of the 11th Workshop on Cloud Technologies in Education. CEUR Workshop Proceedings. 22-35. http://ceur-ws.org/

Kavallieratos, G., Katsikas, S., & Gkioulos, V. (2023). Cyberattacks against the autonomous ship. Computer Security. Springer. 20-36.

Karas, A. (2023). Maritime industry cybersecurity: A review of contemporary threats. European Research Studies Journal, 26, 921-935. https://doi.org/10.35808/ERSJ/3336

Kessler, G., & Shepard, S. (2020). Maritime cybersecurity: A guide for leaders and managers. Independently published.

Macdonald, F. (2025). The lifecycle dilemma: Navigating cybersecurity risks across designing, constructing and operating a vessel. Thetius, CyberOwl, & HFW. https://thetius.com/wp-content/uploads/2025/03/Thetius-CyberOwl-HFW-The-Lifecycle-Dilemma.pdf

Martínez, F., Sánchez, L., Santos-Olmo, A., Rosado, D., & Fernández-Medina, E. (2025). Poseidon: An integrated cybersecurity framework for maritime systems with empirical validation. Research Square. https://doi.org/10.21203/rs.3.rs-7490210/v1

Mission Secure. (n.d.). Complying with the IMO 2021 cyber risk management regulations. https://www.missionsecure.com/regulation-overview-imo-2021-cyber-risk-management-compliance

National Institute of Standards and Technology. (2024). The NIST cybersecurity framework (CSF) 2.0. https://www.nist.gov

National Institute of Standards and Technology. (2024). Cybersecurity framework profile guidance (NIST CSWP 29). https://doi.org/10.6028/NIST.CSWP.29

Oruc, A., Bauk, S., & Zhou, J. (2025). A National Maritime Cyber Security Operations Centre (M-SOC) Concept. Marine Science and Engineering, 14(1), 17-29. https://doi.org/10.3390/jmse14010017

Reason, J. (2020). Human error. Cambridge University Press.

Saaty, T. (1990). How to make a decision: The analytic hierarchy process. European Journal of Operational Research, 48(1), 9-26. https://doi.org/10.1016/0377-2217(90)90057-I)

Saaty, T. (2008). Decision making with the analytic hierarchy process. International Journal of Services Sciences, 1(1), 83-98.

Skladannyi, P., Kostiuk, Y., Zhyltsov, O., Savchenko, Y., & Antypin, Y. (2025). Intelligent modeling of personalized learning in cybersecurity training. In Proceedings of CPITS-II 2025. CEUR Workshop Proceedings. 95-119.

Вавіленкова, А. (2025). Процес управління кіберінцидентами як необхідний етап в організації кібербезпеки підприємства. Інформаційна безпека людини, суспільства, держави, 1(38), 64-71. https://journals.uran.ua/ispss/article/view/340022

Горбов, В., Ратушняк, І., & Горбова, Г. (2023). Стандарти компетентності персоналу морських суден та захисту його прав. Миколаїв: НУК.

Зайцева, Т., Безбах, О., & Камінська, Н. (2025). Кібербезпека в морській галузі: загрози, реагування та управління інцидентами. Прикладні питання математичного моделювання, 8(1), 65-78. https://doi.org/10.32782/mathematical-modelling/2025-8-1-6

Корнієнко, О. (2023). Тенденції цифрових технологій у морському менеджменті. Економіка та управління національним господарством,

, 51-56. https://doi.org/10.32782/2521-666X/2023-81-6

Кочерєв, О. (2021). Система сертифікації судноводіїв у сфері морського, зокрема річкового, судноплавства в Україні. Південноукраїнський правничий журнал, 3(1), 77-81.

Кравцова, Л., Зайцева, Т., & Камінська, Н. (2023). Марковські процеси в дослідженні ймовірності кібератак на морському судні. Information Technologies in Education (ITE), 3(52), 20–32. https://doi.org/10.14308/ite000763

Новини про дослідження Thetius/CyberOwl/HFW. (2025). Центр транспортних стратегій. https://cfts.org.ua/news/2025/03/13/u_2024_rotsi_kozhna_pyata_sudnoplavna_kompaniya_zaznala_kiberataki_doslidzhennya_82248

Published

13.07.2026

How to Cite

Zaitseva Т. В. (2026). AN INTEGRATED APPROACH TO ASSESSING AND APPLYING INTERNATIONAL CYBERSECURITY STANDARDS IN THE MARITIME SECTOR. Journal of Information Technologies in Education (ITE), (59), 142–158. https://doi.org/10.14308/ite000821