A BN driven FMEA approach to assess maritime cybersecurity risks

Cybersecurity risks present a growing concern in the maritime industry, especially due to the fast development of digitalised technologies, also vis-à-vis autonomous shipping. Research on maritime cybersecurity is receiving increased attention. This paper aims to assess the cybersecurity risks in the maritime sector and improve safety at sea and in coastal areas. First, we identify all the concerned cyber threats in the sector based on literature review and expert opinion. A novel risk assessment framework of maritime cyber threats, which combines Failure Mode and Effects Analysis (FMEA) with a Rule-based Bayesian Network (RBN), is proposed and used to evaluate the risk levels of the identified threats and to better understand the threats that contribute the most to the overall maritime cybersecurity risk. The results can inform stakeholders about the most vulnerable parts in their cyber operations and stimulate the development of risk-based control measures. More specifically, the next step in managing cyber threats is to tackle the threats that are associated with unacceptable risk levels and identify cost-effective measures to manage them. To that extent, our findings provide a list of top threats – that is the areas where efforts should be focused on. As a result, this work can help the whole community to grow its resilience to cyber-attacks and improve the security of shipping operations.