Guidelines for Cyber Risk Management in Autonomous Shipping

The emergence of autonomous ships represents a significant advancement in maritime technology, promising enhanced efficiency, reduced operating costs and reducing or even completely removing crews from hazardous environments. However, the progress is accompanied by a burgeoning concern on the cyber security of these autonomous ships due to their exposure to the "connected world". The four key systems investigated in this study are: 1) Shore Control Centre (SCC); 2) Communication System; 3) Autonomous Ship Controller (ASC), and 4) Autonomous Navigation System (ANS). The paper highlights specific operational technology (OT) risks associated with MASS (Maritime Autonomous Surface Ship). For completeness, the study also drills down to cyber risks and impacts associated with sub-systems of these major OT systems. A comprehensive cyber risk assessment methodology employing the MITRE framework is provided to evaluate the severity of risks. Recommended mitigations include defence-in-depth cybersecurity protections for all systems, security-by-design approaches, personnel training and redundancy in certain critical systems (The full version of guidelines is accessible through this link for further reference). Taking into account all aspects, this paper functions as a case study examining cyber risks of the OT system of autonomous ships.