Facial reconstruction

Search LJMU Research Online

Browse Repository | Browse E-Theses


Park, C (2024) CYBERSECURITY RISK ASSESSMENT IN THE MARITIME INDUSTRY. Doctoral thesis, Liverpool John Moores University.

2024 Changki Park PhD.pdf - Published Version
Available under License Creative Commons Attribution Non-commercial.

Download (10MB) | Preview


Cybersecurity risks are becoming an increasingly significant concern within the maritime industry, particularly in light of the rapid advancement of digitised technologies and the emergence of autonomous shipping. Concurrently, the apprehension surrounding the potential for cybersecurity incidents in maritime settings has also heightened. In fact, the number of reported cases of cyber-attacks in the maritime sector has seen a substantial increase since 2010. Consequently, academic interest in researching maritime cybersecurity has grown, underscoring its importance for a thorough exploration of the subject.

Nevertheless, a scrutiny of existing literature reveals that current cybersecurity research predominantly underscores the necessity for improvement but lacks a specific focus on cyber threats and measures for risk mitigation. Notably, the maritime industry faces a scarcity of comprehensive investigations into cybersecurity risk assessment, and there is also a dearth of scholarly endeavours aimed at establishing a comprehensive framework for evaluating cybersecurity risks relevant to maritime operations.

This thesis aims to create a new framework for assessing cybersecurity risks, contributing to safety improvements in the maritime sector. The objective is to provide a visualised solution that assists stakeholders in understanding and refining their approaches to cybersecurity risk management. Through this innovative framework, the thesis seeks to enhance safety measures and promote effective risk mitigation strategies within the dynamic landscape of the maritime industry.

To attain the research aim, a literature review and bibliometric analysis were conducted to discern maritime cybersecurity guidelines from diverse maritime organisations. This purposed to assess the current state of academic research in the cybersecurity field specific to the maritime sector and address identified research gaps. Subsequently, a systematic literature review was employed to identify various maritime cybersecurity threats, and cybersecurity risks were assessed using a FMEA-Rule-based Bayesian Network (FMEA-RBN) model.

The next step involved the identification of cybersecurity mitigation measures and criteria through another systematic literature review. These measures were then ranked using the Fuzzy TOPSIS model, enabling the research team to prioritise them effectively. Additionally, the research sought to demonstrate how a bowtie diagram could be integrated into the cybersecurity assessment framework, providing a visual representation of its components. The collective pursuit of these research objectives is anticipated to yield a comprehensive understanding of maritime cybersecurity, contributing to the development of a more efficacious cybersecurity assessment framework tailored for the maritime sector.

Several significances of this research have been proposed. First and foremost, despite numerous studies addressing maritime risk, safety, and security, there remains a notable scarcity of research specifically dedicated to maritime cybersecurity. To bridge this gap, this research systematically identifies various cyber threats in the maritime sector and organises them into distinct groups. This categorisation serves to assist maritime managers in discerning the potential impact of different cyber threats on their cybersecurity management, enabling them to allocate limited budgets more effectively.

Secondly, in addition to the identification and assessment of cyber threats, this research puts forth seven risk control measures and six hierarchical criteria for evaluating maritime cybersecurity. This framework aids maritime managers in comprehending the significance of these measures and adapting their cybersecurity strategies to varying circumstances. For example, some companies may prioritise the reliability of measures, while others may place greater emphasis on economic affordability. The research also suggests diverse policies for stakeholders to enhance maritime cybersecurity. Thirdly, this research not only presents a framework for maritime cybersecurity but also conducts risk assessments and evaluates risk control measures using empirical data gathered from industry experts, rather than relying solely on secondary data. This approach provides real-world insights and reflects the current state of maritime cybersecurity. Lastly, the research introduces a bowtie framework for maritime cybersecurity risk management, demonstrating its application through the assessment of risks related to malware. The visual representation of the bowtie framework assists managers in comprehending maritime cyber threats, potential consequences, and the corresponding risk control measures to mitigate both threats and their consequences.

In conclusion, this thesis significantly contributes to maritime cybersecurity understanding and management, offering practical insights and recommendations for stakeholders to enhance their cybersecurity preparedness and safeguard their operations against cyber threats. The proposed framework and empirical approach ensure their relevance and applicability in the context of current maritime cybersecurity challenges.

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: Cybersecurity; Maritime; Risk assessment; Cybersecurity framework
Subjects: T Technology > T Technology (General)
T Technology > TA Engineering (General). Civil engineering (General)
Divisions: Engineering
SWORD Depositor: A Symplectic
Date Deposited: 07 Mar 2024 12:24
Last Modified: 07 Mar 2024 12:24
DOI or ID number: 10.24377/LJMU.t.00022728
Supervisors: Chang, C-H, Kontovas, C and Yang, Z
URI: https://researchonline.ljmu.ac.uk/id/eprint/22728
View Item View Item