Cyber Risk Assessment for SHips (CRASH)

Abstract

The maritime industry is undergoing a digital transformation, with an increasing integration of Information Technology (IT) and Operational Technology (OT) systems on modern vessels. Its multiple benefits notwithstanding, this transformation brings with it increased cybersecurity risks, that need to be identified, assessed, and managed. Although several cyber risk assessment methodologies are available in the literature, they may be challenging for experts with a maritime background to use. In this paper we propose a simple and effective cyber risk assessment methodology, named Cyber Risk Assessment for SHips (CRASH), that can be easily implemented by maritime professionals. To showcase its workings, we assessed 24 cyber risks of the Integrated Navigation System (INS) using CRASH and we validated the method by comparing its results to those of another method and by means of interviews with experts in the maritime sector. CRASH can aid shipping companies in effectively assessing cyber risks as a step towards selecting and implementing necessary measures to enhance the cyber security of cyber‐physical systems onboard their vessels.