Maritime cyber security – securing the digital seaways

Maritime transport is critical to the global economy. In a competitive environment, the industry is constantly seeking economies of scale and efficiencies. This has led to the introduction of larger vessels and an increasing use of information technology to achieve greater automation, both in ports and at sea. The technologies employed are vulnerable to the same cyber-security threats as those in other sectors affecting commercial, production and government systems. This article reviews the threats in the maritime environment and examines the need for increased awareness and protection of what are in effect maritime industrial control systems.

Go to the profile of Hugh Boyes
Aug 31, 2017
0
0
Upvote 0 Comment

Author: Hugh A. Boyes, Cyber Security Lead, The Institution of Engineering & Technology, UK

Introduction

Society is heavily dependent on reliable and secure seaborne delivery of goods and raw materials. Maritime transport is responsible for handling over 80 percent by volume of global trade and accounts for over 70 per cent of its value [ 1 ]. The worldwide shipping fleet continues to expand, in the four years to January 2012, there was an increase of over 37% in the deadweight tonnage [ 2 ]. Mirroring this growth in trade and shipping capacity, world container port throughput increased by an estimated 12.6 per cent in 2010 and further double digit growth was forecast for 2011 and 2012 [ 3 ]. There is also extensive use of maritime transport by both ferry and cruise industries.

Alongside this expansion in trade, ship owners and operators have taken advantage of technology advances to derived benefit from operational economies of scale, for example, through construction of increasingly large ships [ 3 ]. These larger ships require efficiencies both in operation at sea and management of port services. This has encouraged the use of greater use of automation and information technology (IT), both on ship and ashore. A study by ENISA found low levels of cyber security awareness in the maritime sector and that current maritime regulations and policies primarily focus on the physical aspects of security and safety [ 4 ].

This article examines the IT systems currently used in marine transportation, both shipboard and in ports and cargo terminals. It examines some of the potential consequences of cyber security incidents which can include loss of life, damage to or destruction of vessels and their cargo, economic or environmental damage and severe disruptions to society's supply chains. The article considers the need for improvements in maritime cyber security and the steps that might be taken to reduce the cyber security risks.

How is IT used in Maritime Transport?

From an IT perspective, maritime transport can be considered to involve two connected but distinct domains. The shore-based technologies associated with the operation of ports and the seaborne elements related to the operation of the ships.

Use of IT in ports

To both efficiently handle the increasing volume of passengers and trade, and to provide appropriate border security, ports make extensive use of IT. The systems used in a port may include [ 5 ]:

Security systems – For example, access control through the use of security or identity card systems to control entry to sensitive or restricted areas through doors or personnel gates. Use of CCTV for monitoring perimeters and the access to sensitive areas. Use of automatic number plate recognition (ANPR) to manage access to the site by cars and road haulage vehicles. The access control systems may also be used by customs and border security personnel where the port is handling passenger traffic, for example, for cruise liners.

Communications systems – These can range from mobile radio, email and websites to specialist cargo-related messages to support cargo tracking and customs clearance. Some communications may use fixed cable-based networks, but increasingly wireless networking technology is used to allow greater flexibility.

Business systems, including – Terminal Operation System, Container Terminal Management System and traditional back office systems such as payroll and human resource systems.

Terminal automation systems, including scheduling software covering vessels, yard equipment and maintenance. These systems can be used to optimise the use of berths, cranes and yards to ensure efficient and timely turnaround of vessels.

Ports also make extensive use of control systems for cranes, yard equipment, remote monitoring of equipment, building management and to control gates and access to buildings. Some ports are now using driverless cranes and other vehicles to enable automated handling of containers.

These port systems are increasingly used in an integrated fashion. For example, to enable automated container terminal entry, where an ANPR system reads the vehicle number plate and optical character recognition is used to read the container number. The system checks the vehicle and container identities against pre-booked delivery schedules and allows access to the site to approved vehicles and containers. Imaging systems may also be used to detect container damage prior to its entry to the terminal. If any damage is detected the system can alert terminal staff to investigate prior to further handling of the container.

Use of IT on ships

IT is extensively used on ships. For example, in the cruise industry, vessels in the Carnival Cruise Line OASIS class are equipped with 900+ wireless access points, 30 000+ IP ports and 1200 wireless phones linked by 600 000 m of fibre cable and 44 network switching locations [ 6 ].

More generally there is extensive use of IT-based seaborne systems to support vessel automation, including [ 5 ]:

Navigation systems, these can include electronic charts, global positioning systems (GPS), positioning systems [ 7 ], radar and automatic identification system.

Communications systems including radio (terrestrial and satellite), and data communications (broadband, Internet access and e-mail).

An integrated bridge, with computer-based consoles and all systems interconnected [ 8 ].

Control systems [ 9 ], to manage and operate a wide range of electro-mechanical systems, for example, the main engine, generators, ballast tanks, life support, fuel and oil pumps, water tight doors, fire alarm and control, cargo hold fans and environmental control.

As illustrated by this range of systems, many ships have become complex computer-controlled platforms, where the operators have limited physical control over critical systems. The use of digital communications to link seaborne systems to shore-based applications means that the vessels are also part of a hyper-connected world which is dominated by the Internet.

Technology convergence and cyber physical systems

The use of electronics for navigation, communications and control is not new. Ship borne radar was developed following the Second World War, and maritime radio was in use prior to that. Electrical and electronic control systems are both well-established technologies and the systems were often designed or customised for specific applications and vessels. However, there has been a move to use commercially available technologies in communications and control systems rather than undertaking bespoke developments. This has the benefit of reducing development times and cost, but the result is that the systems are based on similar technologies and operating systems to those found in our personal and office IT systems.

The maritime systems described in the preceding sections are effectively cyber-physical systems. They are computer-based (cyber) systems which embed a combination of sensors, processors and actuators in the real world to manage or control specific outcomes. While there are many similarities between conventional data processing and cyber-physical systems, there are also some significant differences. Two critical differences are:

cyber-physical systems are control systems working in real-time to influence physical outcomes in the real world; and

there can be serious physical consequences arising from failure or malfunction of a cyber-physical system, potentially including loss of life, damage to property, pollution and environmental harm.

Given the increasing prevalence of cyber-physical systems and the potential consequence of their failure, it is important that they are trustworthy [ 10 ], that is, operate in a reliable, safe and secure manner.

Why is Cyber Security an Issue?

What do we mean by cyber security?

The impression given by some media coverage of cyber security is that it primarily affects the Internet. It is important to recognise that cyber security affects more than the IP-based networks. An internationally agreed definition [ 11 ], which recognises this broader scope of cyber security is ‘the collection of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies that can be used to protect the cyber environment and organisation and user's assets’.

This definition refers to the ‘cyber environment’ (also known as cyberspace), which effectively comprises the interconnected networks of electronic, computer-based and wireless systems. The definition also refers to ‘organisation and user's assets’, which effectively includes all connected computing devices, personnel, infrastructure, applications, services, telecommunication systems and the totality of transmitted, processed and/or stored data and information in the cyber environment.

It is important to recognise that cyber security encompasses not only the technology, but people and process aspects. The behaviour of individual system users, implementation of poor processes and failure to follow standard operating procedures can all weaken a system and create cyber security vulnerabilities.

Does cyber security matter in marine transport?

A report by ENISA indicates that cyber security awareness in the maritime sector is currently low to non-existent [ 4 ]. Maritime operators have been fortunate that to date there have been few if any attacks directed towards shipboard systems [ 12 ]. The same is not true of port systems where attacks are alleged to have occurred allowing theft of valuable contents from shipping containers.

In modern vessels, the critical systems are typically digital systems using industrial control systems technology, often with network connectivity allowing real-time sharing of information with other shipboard and shore-based systems. Industrial control systems are clearly targets for cyber-attacks as illustrated by two pieces of malware – Stuxnet [ 13 ] and Duqu [ 14 ]. The combination of technology and connectivity exposes maritime control systems to this type of attack. If a large cargo vessel were to be disabled at sea because of a malware attack disabling key ship systems, the consequences could be economically damaging and may even lead to loss of the vessel.

It is not just the control systems that are vulnerable, reliance on GPS for navigation and position keeping is also a vulnerability [ 15 ]. Relatively weak signals for GPS satellites are susceptible to jamming and there are readily available devices on sale which can interfere with the signal. It is reported that the spoofing of GPS signals has also been successfully demonstrated [ 16 ]. Spoofing is a technique which involves creating false signals, in this case false civil GPS signals. It allowed a third party to gain control of a vessel's GPS receivers and, in this case, to do so without it being apparent to the ship's navigator.

The use of commercially available WiFi technology on ships can offer another means of gaining control or disabling the control systems. This is particularly an issue where the WiFi is poorly protected and provides connectivity to critical control networks and systems.

Cyber security and trustworthiness in maritime systems

Information security, the forerunner to cyber security, is often characterised by the CIA triad, which represents the three core principles [ 17 ]:

Confidentiality – this encompasses privacy, control and authorisation of access to data or information, and any ability to process, modify or delete data or information;

Integrity – this includes the trustworthiness of the data or information storage, the authenticity of data and results, and the safe operation of electronic systems; and

Availability – the availability of the systems and associated business or operational functions when needed.

When considering the cyber security of maritime cyber-physical system, the three principles do not fully address the critical characteristics of a maritime system. Building on the work by NIST in the United States [ 18 ] and the Trustworthy Software Initiative (TSI) [ 19 ] in the United Kingdom, it may be more appropriate think in terms of system trustworthiness as illustrated in Fig. 1 [ 10 ].

Fig. 1: Characteristics of a trustworthy system [ 10 ]

If a cyber-physical system is trustworthy it should be predictable in response to faults, errors, and failures and also be more secure from threats of attack. Assessing trustworthiness of a system, will involve the design and performance of both cyber and physical elements being taken into account.

Risk Management and Maritime IT Systems

In the maritime transport sector there is considerable interaction between systems. On ships this manifests itself as integrated bridges [ 20 ], on shore it is the complex terminal management systems used to marshal the handling of goods and where applicable passengers. These are complex systems-of-systems and often involving the integration of cyber-physical systems with conventional IT systems.

Risk management of complex systems

Across a number of engineering sectors, a review of systematic failures indicates they occur because of the fragility in complex systems [ 21 ]. The review suggests that complex systems are fragile because of their scale, non-linearity, interconnectedness and interactions with humans and the environment. Cumulative effects of multiple abnormalities may propagate in a variety of ways, resulting in systemic failure. The failure to identify all serious potential hazards is a common failing in disasters involving complex systems.

In conventional risk management methodologies it is often difficult to identify all serious potential hazards. A novel approach called Anticipatory Failure Determination Prediction has been proposed [ 21 ]. This approach employs a method which identifies potential failures not by asking what might go wrong, but can we make it go wrong and how would we prevent that failure. The aim is to encourage the generation of scenarios from combinations of single failures that might have a greater impact than individual failures.

Human factors in complex systems

User behaviour may also severely affect even the best designed systems. Whether through negligence, error, laziness or poor training, systems operators can compromise systems by failing to attend to alarms, failing to investigate unusual behaviour or by simply taking unauthorised short cuts in their day-to-day operations. For example in the 1997 MS Herald of Free Enterprise accident [ 22 ], a combination of design, process and user error (a member of the crew being asleep rather than at his duty station) led to the sinking of a ferry with the loss of 193 lives. There are numerous other examples of systems failures where human factors were a contributory element [ 23 ].

There is also a tendency to heavily rely on automated systems, ignoring minor irregularities and often not cross-checking information to validate system operation. For example, the grounding on 10 June 1995 of a Panamanian passenger ship ‘Royal Majesty’ off Nantucket Island, Massachusetts. The accident investigation [ 24 ] by the US NTSB determined that the probable causes of the grounding were the watch officers’ overreliance on the automated features of the integrated bridge system, failure to ensure that its officers were adequately trained in the automated features of the integrated bridge system, and in the implications of this automation for bridge resource management. The NTSB also identified deficiencies in the design and implementation of the integrated bridge system and in the procedures for its operation. The root causes of this accident were a fault with the GPS antenna cable leading to loss of signal and an integration issue between the GPS and the autopilot.

Understanding impact of dependencies

The maritime transport industry is part of a global supply chain, and through use of information and communications technologies its systems exist in a hyper-connected world [ 25 ]. This connectivity delivers a diverse range of functions, and an addition of new interconnections provides additional functionality. However, in these complex systems we may also obtain functions interacting to create new functions. To understand the consequences of failure or cyber-attack we need to understand this network of functions and relationships. This makes it easier to understand multi-hazard risk and their impact on system resilience [ 26 ].

As the maritime systems are not working in isolation, the interdependency of the systems on critical infrastructure needs to be understood. A study [ 27 ] has led to the identification of six dependency dimensions as shown in Fig. 2 . It also proposed a hierarchy of elements: part, unit, subsystem, system, infrastructure and interdependent infrastructure. For example, a vessel navigation system is dependent on position data (e.g. from GPS), geographic data (e.g. charts), the proposed course and interfaces to vessel propulsion and steering systems. In the case of ‘Royal Majesty’, there was a failure of part (the antenna cable) and a system failure of system interfaces (the GPS to autopilot interface). The antenna cable had been unprotected and was subject to mechanical damage, while the interface issue related to an incompatibility between the systems in the event of a loss of GPS signal. Both failures were critical dependencies and were single points of failure.

Fig. 2: Dimensions describing interdependencies [ 27 ]

When examining dependencies it is worth considering the findings from a review of major mishaps and accidents [ 28 ]. This revealed that incidents have several characteristics in common, including:

Severe production pressures/tight schedule and unchecked risk build-up.

Pressing need for safety, but eroding safety margins, obscured by pressure to produce.

Over confidence, based on past success, replacing because diligence.

Failure to revisit and revise initial assessments or reinterpret facts in light of new evidence.

Breakdown of communications at organisational boundaries.

In 2007, an accident involving the ANNABELLA sailing in the Baltic Sea illustrates many of these common characteristics. In bad weather, a stack of containers collapsed causing damage to some containers of butylene gas. The investigation report [ 29 ] identifies issues with the intensity and speed of operations, communication breakdowns regarding the loading plan and problems with the load planning software regarding the stacking of 30-foot containers. In this incident, an explosion was avoided, but one could easily have occurred, resulting in loss of life and/or the vessel.

Nature of the Cyber Security Threats

Threat agents

Cyber security threats potentially emanate from one of four groups:

Malicious outsider: This is a person unconnected with the vessel owner/operator or the port. There are a diverse range of malicious outsiders including hackers, cyber criminals, activists, terrorists and state-supported attackers.

Malicious insider: These are connected to the vessel or the port and may be employees of the owner, operator or port, contractors, vessel crews or third parties with authorised access to the systems. A malicious insider will use their authorised or privileged access for a purpose that it was not intended.

Non-malicious insider: Unlike the malicious insider, these individuals cause an incident of security breach through error, omission, ignorance or negligence.

Nature: This can be any non-human factor which disrupts or impairs the operation of the maritime IT systems, thus affecting the correct operation of a vessel or port.

An assessment of the cyber security risks to maritime transport systems needs to consider the impact of threats from the above four groups.

Threats to shore-based IT

The move to electronic documents such as waybills, letters of credit, customs clearance and so on, coupled with the automation of cargo terminals offer opportunities for disruption by:

Hacking or use of malware to obtain commercially sensitive information about cargo, vessels and their destinations. This may allow the perpetrator to obtain commercial advantage.

Access to cargo information to allow for theft the port or damage to material in transit.

Unauthorised access to security information and systems to enable criminal activities, including smuggling and fraud.

Malicious interference with control and automation systems could severely disrupt the efficient operation of a port, cause reputational and/or physical damage. This could include attacks on critical infrastructure such as electricity substations or steam plants. If the embedded program logic in heavy cranes was interfered with this may lead to loss of cargo, hull damage or in extreme cases, serious injury or loss of life of the port or ship personnel [ 12 ].

Threats to shipboard IT

The greatest risk to shipboard systems is that malicious instructions or software could be used to disable or damage critical ship systems, for example, navigation, propulsion, emergency communications, life support and ballast systems. This could lead to a vessel being unable to proceed under its own power and jeopardise its safety. At present piracy typically involves an armed takeover of vessels, however, in future, with suitable expertise, vessels could be disabled through unplanned systems shutdown or interference with the navigation systems so the ship rendezvous with the pirates.

For liners there are also cyber security risks associated with the extensive use of IT by the passengers. These ‘floating towns’ could be targets for typical consumer-oriented malware aimed at stealing banking and personal information.

Discussion

The three incidents highlighted in this article are accidents that have been investigated by the relevant maritime authority. The incidents involving the ‘Royal Majesty’ and the ANNABELLA, were caused by the failure of electronic processing systems – the GPS and the load planning software, respectively. They could therefore be regarded as cyber security incidents and in neither case were because of the systems trustworthy.

With increasing connectivity of systems and operators’ reliance on information displayed on their consoles there is a need to improve the trustworthiness of systems. This will have benefits from both safety and security perspectives. In making improvements it is essential that system integration aspects are properly addressed.

The failure of the GPS system on the ‘Royal Majesty’ could have been spotted if an incompatibility in the interface between the GPS and autopilot system had been understood. When it lost the GPS unit lost satellite signal a bit (error flag) was set to indicate loss of signal. The autopilot system assumed that in the event of signal loss the GPS receiver would stop sending data and also ignored the presence of the error flag set in the GPS output.

It is important to recognise that cyber security is not just about the prevention of malicious actions. A recent survey on data breaches [ 30 ] found that 37% were attributable to malicious or criminal acts. The remainder was split between system glitches (29%) and human factors (35%). Human factors were defined as errors or negligence by the user/operator and system glitches included both IT and business process failures.

In onshore there are rapid technological innovations affecting commercial IT environments. These include innovations such as bring-your-own-device, transfer of business applications into the ‘cloud’ and delivered using a software-as-a-service models, and the increasing use of mobile IT and wireless technologies. Deployment of these technologies in the maritime domain will potentially increase the cyber security risks and further complicate the task of protection maritime transport assets.

To address the vulnerabilities in the industrial control systems that control many of the critical maritime functions, there will need to be close collaboration between the systems engineers, security and safety professionals. For example, with many control systems there may be little of no patching of the operating systems. While this may be desirable from the system engineering and safety perspectives, it is undesirable from a security perspective. Leaving known vulnerabilities unpatched can significantly increase the risk of cyber-attacks.

The global nature of the maritime transport industry can introduce complexities into the maintenance and operation of maritime systems. For example, in the data breach survey [ 30 ] there were some significant differences in the distribution of root causes by country. Breaches because of system glitches were significantly higher in India (46%) than in the UK (29%), the US (26%) and Germany (16%). In comparison, malicious attacks were significantly higher in the US (41%), UK (34%) and Germany (48%), than in India (25%). While these survey results were not for industrial control systems, they suggest that cyber security threats will vary from country to country. This has implications for the management of system security given the mobility of vessels.

A common theme across virtually all engineering and technology businesses is the skills gap. The recent roundtable held in London [ 31 ] suggests that the maritime sector is suffering in the same way as organisations involved in the cyber security.

Conclusion

Increasing sophistication and integration of maritime IT systems and their connectivity to the global communications systems means that the maritime domain is now part of cyberspace. This exposes the systems to significant levels of cyber security threat. The ENISA report indicates a lack of awareness of these threats and a need for improvements in the cyber security of maritime systems.

To address the lack of awareness, the professional engineering organisations should develop an awareness programme in collaboration with the maritime industry. The aim should be to provide material suitable for use at owner, officer and crew levels. Cyber security awareness should also be built into training programmes for all mariners and shore-based personnel to reduce the risks arising from ignorance or a lack of education.

The issues related to systems engineering should be addressed by ensuring cyber security best practice from other engineering sectors is tailored to make it applicable in maritime situations. Steps should be taken to transfer knowledge and skills to the maritime transport industry from sectors that already have a greater experience of cyber security attacks and the need for protection of industrial control systems.

To achieve these improvements will require collaboration between professional engineering organisations, maritime operators, systems engineers, safety and security professionals. The solutions will involve technology, people and process changes. With maritime safety currently in the news following the successful righting of the capsized liner ‘ Costa Concordia’, we should urgently consider how best to avoid the spectacle of a major maritime disaster caused by a cyber security incident or attack.

References

  1. United Nations: ‘World Economic Situation and Prospects 2012’. United Nations, New York, 2012. eISBN 978-92-1-055103-8. Chapter 2, p. 44. Available at: http://www.un.org/en/development/desa/policy/wesp/wesp_archive/2012chap2.pdf, accessed 16 September 2013.
  2. Unctad: ‘Review of Marine Transport’. United Nations Conf. on Trade and Development, Geneva, 2012. e-ISBN 978-92-1-055950-8. Available at: http://www.unctad.org/en/PublicationsLibrary/rmt2012_en.pdf, accessed 16 September 2013.
  3. United Nations: ‘World Economic Situation and Prospects 2012’, 2012, Chapter 2, p. 46.
  4. ENISA: ‘Analysis of Cyber Security Aspects in the Maritime Sector’, 2011. Available at: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/critical-infrastructure-and-services/dependencies-of-maritime-transport-to-icts/cyber-security-aspects-in-the-maritime-sector-1, accessed 16 September 2013.
  5. Mccarthy, C.: ‘Department of Homeland Security Control Systems Security Program – Transportation Sector’, 2012. Available at: http://www.cruising.org/sites/default/files/leadershipforum2012/Trends%20p2%20Ben%20Shore%20CLIA%2014%20Nov.pdf, accessed 16 September 2013.
  6. IET sector insights: ‘Global challenges in maritime security’, Institution of Engineering and Technology, 2013. Available at: http://www.theiet.org/sectors/transport/maritime-security.cfm, accessed 16 September 2013.
  7. Rolls Royce: ‘Positioning Systems’, 2013. Available at: http://www.rolls-royce.com/marine/products/automation_control/positioning_systems/index.jsp, accessed: 16 September 2013.
  8. Rolls Royce: ‘Integrated Bridge Systems’, 2013. Available at: http://www.rolls-royce.com/marine/products/automation_control/integrated_bridge_systems/index.jsp, accessed 16 September 2013.
  9. Rolls Royce: ‘Automation Systems’, 2013, Available at: http://www.rolls-royce.com/marine/products/automation_control/automation_systems/index.jsp, accessed 16 September 2013.
  10. Boyes, H.A.: ‘Trustworthy cyber-physical systems – a review’, Eighth IET Int. System Safety Conf. incorporating the Cyber Security Conf., 2013. 15–17 October 2013, Cardiff, UK.
  11. Switzerland International Telecommunications Union: ‘Series X: Data Networks, Open System Communications and Security, Telecommunications security: overview of cybersecurity’, 2008. Geneva, I. T. U. (ITU-T X.1205).
  12. Hughes, R.: ‘Maritime cyber security’, NIMO Techn. Bull., 2013, 5, pp. 3–5. Available at: http://www.nmio.ise.gov/docs/NMIO_QuarterlyVOL5.pdf, accessed 16 September 2013.
  13. Symantec: ‘ W32.Stuxnet’, 2010. Available at: http://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99, accessed 26 June 2013.
  14. Bencsáth, B., Pék, G., Buttyán, L. and Félegyházi, M.: ‘Duqu: Analysis, detection, and lessons learned’, ACM European Workshop on System Security (EuroSec), 2012.
  15. IET sector insights: ‘Jamming and radio interference: understanding the impact’, 2012, Institution of Engineering and Technology. Available at: http://www.theiet.org/sectors/information-communications/signal-jamming.cfm, accessed 16 September 2013.
  16. Zaragoza, S.: ‘Humphreys Research Group Successfully Spoofs an $80 million Yacht at Sea’, 2013. University of Texas, Cockrell School of Engineering. Available at: http://www.ae.utexas.edu/news/archive/2013-news-archive/humphreys-research-group-successfully-spoofs-an-80-million-yacht-at-sea, accessed 16 September 2013.
  17. Greene, S.S.: ‘Security Policies and Procedures’, Pearson Education, 2006.
  18. NIST.: ‘ Trustworthy Information Systems’, 2009. Available at: http://www.nist.gov/itl/tis/, accessed 16 September 2013.
  19. Trustworthy software initiative: ‘ The name’, 2013. Available at: http://www.uk-tsi.org/, accessed 16 September 2013.
  20. Mitropoulos, E.E.: ‘Nor-shipping conference – what's next, IMO’? Nor-Shipping Conf. Oslo, 24 May 2011. Available at: http://www.imo.org/MediaCentre/SecretaryGeneral/SpeechesByTheSecretaryGeneral/Pages/Nor.aspx, accessed 16 September 2013.
  21. Venkatasubramanian, V.: ‘Systemic failures: challenges and opportunities in risk management in complex systems’, IEEE Eng. Manag. Rev., 2011, 39, (4), pp. 61–72. (doi: 10.1109/EMR.2011.6093889).
  22. MAIB: ‘MV Herald of Free Enterprise: report of Count No. 8074 Formal Investigation’, 1987, Department of Transport, London. ISBN 0-11-550828-7.
  23. Perrow, C.: ‘Normal accidents: living with high-risk technologies’, Princeton University Press, Princeton, NJ, 1990.
  24. NTSB: ‘Grounding of the Panamanian Passenger Ship Royal Majesty on Rose and Crown Shoal, Near Nantucket, Massachusetts, June 10, 1995’, 1997, Available at: http://www.ntsb.gov/doclib/reports/1997/mar9701.pdf, accessed 16 September 2013.
  25. World Economic Forum: ‘Perspectives on a Hyperconnected World’, 2013. Available at: http://www.weforum.org/reports/perspectives-hyperconnected-world, accessed 11 July 2013.
  26. Kimmance, J.P. and Harris, A.J.: ‘Infrastructure risk and resilience: a review’, Infrastructure Risk and Resilience: Transport, The Institution of Engineering and Technology, 2013, pp. 8–16.
  27. Rinaldi, S.M., Peerenboom, J.P. and Kelly, T.K.: ‘Identifying, understanding, and analyzing critical infrastructure interdependencies’, IEEE Control Syst., 2001, 21, (6), pp. 11–25. (doi: 10.1109/37.969131).
  28. Madni, A.M. and Jackson, S.: ‘Towards a conceptual framework for resilience engineering’, IEEE Eng. Manage. Rev., 2011, 39, (4), pp. 85–102 (doi: 10.1109/EMR.2011.6093891).
  29. MAIB: ‘Report on the investigation of the collapse of cargo containers on Annabella, Baltic Sea, 26 February 2007’, 2007. Available at: http://www.maib.gov.uk/cms_resources/Annabella_Report.pdf, accessed 16 September 2013.
  30. Ponemon institute: ‘2013 Cost of Data Breach Study Global Analysis’, 2013. Available at: https://www4.symantec.com/mktginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf, accessed 16 September 2013.
  31. IMarEST: ‘UK marine engineering roundtable debates alarming new skills gap survey results’, 2013, London. Available at: http://www.imarest.org/GainKnowledge/LatestNews/tabid/1239/ctl/ArticleView/mid/606/articleId/2912/PRESS-RELEASE-UK-marine-engineering-roundtable-debates-alarming-new-skills-gap-survey-results.aspx., accessed 16 September 2013.

First published on Engineering & Technology Reference on 27/11/14

Go to the profile of Hugh Boyes

Hugh Boyes

Cyber Security Engineer, University of Warwick

No comments yet.