Abstract

     Autonomous ships would require higher cyber-physical interaction in comparison with traditional shipping operations, thus increasing the vulnerabilities associated with cyber security. The increasing complexity surrounding the innate characteristics of the shipping industry makes it challenging to build a resilient framework for ensuring cyber security. This study proposes a multi-criteria decision-making (MCDM) framework for assessing cyber security risk in the autonomous shipping context. The research was validated through surveying subject matter experts, system designers and seafarers. Different types of equipment and systems are ranked based on their perceived vulnerability to cyber threats. Survey data from 28 subject matter experts are collected and analysed through the Bayesian best–worst method (BWM). At system level, the results indicate that navigational systems are the most vulnerable to potential cyber threats, while propulsion systems are the least vulnerable element in the context of future autonomous shipping operations. On a sub-system level, the three most vulnerable parts are Global Navigation Satellite System (GNSS), Electronic Chart Display and Information System (ECDIS) and the communication devices on shore control centres (SCC), while the least vulnerable parts are engine controls, SCC integration platforms and cargo handling at ports.

Introduction

     Merchant ships have been an integral part of international trade, carrying about 90% of the goods transported globally (OECD 2021). Since its inception, eforts have been made by the stakeholders to make this mode of transport safer, more efcient and more cost efective. The introduction of advanced technologies along with the skills development of the workforce over the years has reportedly increased workplace safety in the maritime domain (Chauvin et al. 2013; Allianz 2020).

     Consequently, modern technologies such as Automatic Identifcation Systems (AIS), Global Navigation Satellite Systems (GNSS) and Electronic Chart Display and Information Systems (ECDIS) have contributed to safer navigation. The increased reliability and efciency of these technologies has resulted in their broader adoption in the shipping industry such that large ships are now being efciently operated by fewer crews (Lee and Sanquist 1996). The notion that it is possible to maintain navigational safety in the future even without any crew onboard has led to the discussion towards the adoption of autonomous shipping technology. Wróbel et al. (2017) stated that the introduction of Maritime Autonomous Surface Ships (MASS) could further reduce the likelihood of navigational accidents, such as collisions and groundings, as human error played a role in the majority of navigational accidents. However, the probability and consequences of non-navigational accidents such as fre and structural failure are likely to increase if no crew members are onboard (Wróbel et al. 2017).

Conclusions

     This study has presented an integrated approach to elicit cyber-security vulnerabilities in the context of future autonomous shipping utilizing a MCDM method. Our results suggest that navigational systems are the most vulnerable to cyber-threats, whereas propulsion control systems are the least. This necessitates communication devices and protocols used for the navigation of autonomous ships be redundant and cyber-safe. Other emerging new systems in the context of autonomous ships, such as the shore control centre and associated equipment, although opaque for the time being, are potentially vulnerable to multidimensional cyber-threats as described in this study. The unpredictable nature of cyber-security threats, along with inherent repercussions, calls for a multifaceted approach to safeguard the future of shipping. A pre-emptive approach should include not only technical guidelines but also policy and industrial ones and best practices in risk management, and in the behavioural and cultural aspects of shipping. In addition, experts concur that only compliancebased actions would not be sufcient to safeguard against cyber threats. Rather, an all-out comprehensive approach, considering the above aspects, would ensure a safe and secure adoption of autonomous shipping.