SlideShare a Scribd company logo

Sikkerhet og tillit for samhandling mellom skip og land

K
Kjetil Nordby

Igjennom Forskingsråd-prosjektet CySiMS (Cyber Security in Merchant Shipping) er det utviklet en løsning der Public Key Infrastructure (PKI) implementeres for å håndtere sikkerhet og tillit i digital kommunikasjon og samhandling mellom skip og land. Dette inkluderer tekniske så vel som strukturelle løsningsforslag. Prosjektet videreføres i Forskningsråd-prosjektet CySiMS Service Evolution der en demonstrator implementeres med SD/KV som øverste autoritet. Dette med tanke på å utrede totalkostnader for en slik løsning. Dag Atle Nesheim

Engineering
1 of 23
SIKKERHET OG TILLIT FOR SAMHANDLING MELLOM SKIP OG LAND Dag Atle Nesheim, Forsker – SINTEF Ocean
Shipping blir mer og mer digitalisert • Mer integrasjon om bord • Mer datautveksling • Mer trafikkstyring fra land • Mot ubemannede skip Data Analytics MANAGEMENT HQ PERFORMANCE • TCI Efficiency • TCI Balance • TCI Degradation TeCoMan Ship Performance Registrations Report: Performance Assessment / Support SHIP Internet of Services at Sea Internet of Things at Sea Simulation and Optimization Robotics and Autonomy © SINTEF Ocean Augmented reality Shipping 4.0 Computation Cyber-physical systems Cyber Security Open system integration Engine Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative Infotainment Accomodation Energy management FW/GW ISC Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management ECDIS Integrated Ship Control (ISC)
… og mer følsomt for angrep Hackers Misfits/States Economic espionage/attacks Pirates Fraud "Container ship loading" by Stan Shebs. Smuggling
Det er mange digitale systemer på et skip RADAR Engine Cargo Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative FW/GW Infotainment Accomodation Energy management FW/GW Integrated Ship Control (ISC) Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management Owner Manager Charterer Authorities Systems FW/GW Land Internet ICS VHF Data Exchange System - VDES Kommersielt/person-sensitivt Sikkerhetsmessig sensitivt
… og mange angrepspunkter RADAR Engine Cargo Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative FW/GW Infotainment Accomodation Energy management FW/GW Integrated Ship Control (ISC) Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management Owner Manager Charterer Authorities Systems FW/GW Land Internet ICS VHF Data Exchange System - VDES
CySiMS: Cyber Security for Merchant Shipping 2016-2018 • Kongsberg Seatex AS (Prosjekteier) • Kongsberg Maritime AS • Kongsberg Defence and Aerospace AS • DNV GL AS • SINTEF Digital • SINTEF Ocean AS • Navtor AS • Kystverket • Sjøfartsdirektoratet
CySiMS: Cyber Security for Merchant Shipping RADAR Engine Cargo Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative FW/GW Infotainment Accomodation Energy management FW/GW Integrated Ship Control (ISC) Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management Owner Manager Charterer Authorities Systems FW/GW Land Internet ICS VHF Data Exchange System - VDES
To forskjellige kommunikasjonskanaler Ship Space segment Uplink Downlink Internet SCCEarth station Ship VDES data link Trunk VTS Shore station Ship VDES data link Ship
Viktig del er å kartlegge behov og finne "riktig" løsning …Cost versus Benefit…
Risikovurdering er komplisert Maritim Spesialist Sikkerhet (Security) Spesialist
Stereotype scenarios Scenario 1: Navigational Real Time Information to Ship Scenario 2: Nautical Documents Update to Ship Scenario 3: Ship reporting to VTS or similar Scenario 4: Mandatory ship documentation and reports to port Scenario 5: Nautical advice to ship Scenario 6: Nautical commands to ship Scenario 7: Remote control of tugs, etc. Scenario 8: Operational voyage instructions and reports Scenario 9: Telemedicine Scenario 10: Search and Rescue Scenario 11: Configuration of equipment or system Scenario 12: Network management
44.44% 11.11% 16.67% 5.56% 22.22% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Several times a day (n=8) Several times a week (n=2) Several times a month (n=3) Several times a year (n=1) Rarer (n=4) How often does this scenario occur (per ship) ? Scenario 1: Navigational real-time information to ship The ship receives updated navigational information from shore. Examples are weather or ice information and forecast, lists of aids to navigations that are not working, floating containers, whale observations, wrecks etc. Today this is typically maritime safety information (MSI) received by NAVTEX or Safety-Net. Wave, tide or virtual aids to navigation received over AIS. 33.33% 55.56% 5.56% 5.56% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Data changed (n=6) Data lost (n=10) Data overheard (n=1) Data not trusted (sender and receiver disagrees on data actually being sent or on the content of the message) (n=1) What communication fault is likely to cause a negative outcome?
Scenario 1: Navigational real-time information to ship The ship receives updated navigational information from shore. Examples are weather or ice information and forecast, lists of aids to navigations that are not working, floating containers, whale observations, wrecks etc. Today this is typically maritime safety information (MSI) received by NAVTEX or Safety-Net. Wave, tide or virtual aids to navigation received over AIS. 22.22% 38.89% 27.78% 11.11% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Individual Injury (n=4) Commercial (n=7) Environmental (n=5) Reputational (n=2) What type of outcome will you classify this to be of? 5.56% 5.56% 33.33% 38.89% 11.11% 5.56% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% None (n=1) Negligible (n=1) Moderate (n=6) High (n=7) Critical (n=2) Catastrophic (n=1) What severity has this outcome?
Hovedutfordringer • Sikkerhet • Informasjon på avveie • Falsk mottaker • Avlytting • Manipulert informasjon • Falsk avsender (spoofing) • Manipulasjon av meldingsinnhold • Uteblitt informasjon (jamming) • Tillit • Hvem sendte hva og når? • Hva ble faktisk sendt/mottatt?
Verktøy for å analysere risiko 1/2 Stereotype Characteristics Data Lost Data manipulatedData stolen Data not trusted SC 1: Navigational real-time information to ship Received “real-time” safety information that can be critical to operations. Maritime Safety Information (MSI) Highly relevantHighly relevant Relevant Highly relevant SC2: Nautical document updates to ship Updates to documents that are required to be carried by the ship. Relevant Highly relevant Relevant Relevant SC3: Ship reporting to VTS, coastguard or similar Required short reports in VTS or ship reporting areas. Relevant Highly relevant Relevant Relevant SC4: Mandatory ship documentation and reports to port Documents from ship or agent to authorities that are mandatory, e.g. for calling in a port. Failure to provide correct documents can cause detentions, fines or other. Relevant Relevant Relevant Relevant SC5: Nautical advice to ship Advice that is the basis for new plans generated on ship based on received and other navigational information. Relevant Relevant Relevant Relevant SC6: Nautical commands to ship Real time commands to ship from VTS or other ships. Master can ignore, but at a penalty. Relevant Highly relevant Relevant Relevant SC7: Remote control of ship, tugs or other port operation Direct control of own ship or other, e.g. tug. Highly relevantHighly relevant Highly relevant SC8: Operational voyage instructions and reports Information to or from the ship with commercial and operational importance. Relevant Relevant Highly relevantRelevant SC9: Telemedicine. Critical exchange of personal information with shore experts. Highly relevantHighly relevant Relevant Highly relevant SC10: Search and Rescue (SAR) Critical coordination of search and rescue operations. Highly relevantHighly relevant Highly relevant SC11: Configuration Configuration of bridge equipment from shore or from other locations on ship. Relevant Highly relevant SC12: Network management Message exchanges used to coordinate use of network (mostly VDE). Relevant Relevant Relevant Relevant Loss Event Types
Verktøy for å analysere risiko 2/2 Scenario Main Unwanted Event Scenario 1: Navigational Real Time Information to Ship Data lost Catastrophic 5 Possible 3 Scenario 2: Nautical Documents Update to Ship Data lost Critical 4 Possible 3 Scenario 3: Ship reporting to VTS or similar Data changed High 3 Likely 4 Scenario 4: Mandatory ship documentation and reports to port Data lost High 3 Always 5 Scenario 5: Nautical advice to ship Data changed High 3 Possible 3 Scenario 6: Nautical commands to ship Data changed High 3 Likely 4 Scenario 7: Remote control of tugs, etc. Data changed Catastrophic 5 Possible 3 Scenario 8: Operational voyage instructions and reports Data changed High 3 Likely 4 Scenario 9: Telemedicine Data changed Critical 4 Likely 4 Scenario 10: SAR Data changed Critical 4 Always 5 Scenario 11: Configuration Data changed Catastrophic 5 Possible 3 Scenario 12: Network management Data changed High 3 Possible 3 Impact Frequency of Impact Standard Impact Level
SAT SHORE SHIP SHIP VDES + sikkerhet
Viktige utfordringer gjenstår • Maritime krav • Skalerbar: 80 000 skip, 171 stater, 110 000 havner • Internasjonal: Åpen teknologi, Internasjonal konsensus • Kostnadseffektiv: Skip, flaggstat, havnestat, kommunikasjon, systemer • Avklaringer • Hvem tar ansvar for hva? • Hva koster det? • Blir det enkelt nok?
CySiMS Service Evolution 2019/Q2-2021/Q1 • Kongsberg Seatex AS (Prosjekteier) • Kongsberg Defence and Aerospace AS • SINTEF Digital • SINTEF Ocean AS • Navtor AS • Kystverket • Sjøfartsdirektoratet
CySiMS Service Evolution Demonstrere og operasjonalisere en sikker kommunikasjonsløsning for maritim sektor, integrert med IT arkitektur ombord Implementere en PKI struktur, herunder hardware og software for sikker informasjonsutveksling mellom systemer på bro, bak bro og på land Målet er å tilby den første åpne, integrerte og kostnadseffektive løsningen for beskyttelse mot cyber angrep på kritisk sikkerthets- og operasjonell informasjon PK FW PK Cyber t
Hvordan gjør vi dette? • Ombord installasjon på 10 skip i Trondheimsfjorden testområde for autonome skip • Installasjon og operasjon ved Kystverket/Sjøfartsdirektoratet • Bruk i et utvalgt sett av Real Vessel Services (M2M rapportering, elektroniske skipssertifikater, automatisk utveksling av ruter og passage plans, etc.) • Opparbeide gode estimater på kostnad og fordeler ved utvikling, implementering og operasjon av løsningen • Økt oppmerksomhet rundt cyber risiko og hvordan denne kan håndteres på en kostnadseffektiv måte • Jobbe for internasjonal standardisering
IMO Shipowner Shipowner… Vessel Vessel… Flag State Flag State… VTS VTS… n
Teknologi for et bedre samfunn

Recommended

Embedding Risk in Everything we do
Embedding Risk in Everything we doEmbedding Risk in Everything we do
Embedding Risk in Everything we do
Risk Management Institution of Australasia
 
Mr Ganguly - Shipping Agency
Mr Ganguly - Shipping AgencyMr Ganguly - Shipping Agency
Mr Ganguly - Shipping Agency
Marexmedia
 
Maintenance guide checklist_(rev1)
Maintenance guide checklist_(rev1)Maintenance guide checklist_(rev1)
Maintenance guide checklist_(rev1)
diegocely700615
 
Presentation
PresentationPresentation
Presentation
Meredith Morgan
 
Trident warrior advancing future capabilities through fleet experimentation
Trident warrior advancing future capabilities through fleet experimentationTrident warrior advancing future capabilities through fleet experimentation
Trident warrior advancing future capabilities through fleet experimentation
Master Chief Petty Officer of the Navy
 
Survey and examination of ships' lifting appliances
Survey and examination of ships' lifting appliancesSurvey and examination of ships' lifting appliances
Survey and examination of ships' lifting appliances
tienbzeo
 
Imcam149 -issue_8
Imcam149 -issue_8Imcam149 -issue_8
Imcam149 -issue_8
Jossian Brito
 
2 classification societies
2 classification societies2 classification societies
2 classification societies
Olanrewaju O Sulaiman
 

Recommended

Embedding Risk in Everything we do
Embedding Risk in Everything we doEmbedding Risk in Everything we do
Embedding Risk in Everything we do
Risk Management Institution of Australasia
 
Mr Ganguly - Shipping Agency
Mr Ganguly - Shipping AgencyMr Ganguly - Shipping Agency
Mr Ganguly - Shipping Agency
Marexmedia
 
Maintenance guide checklist_(rev1)
Maintenance guide checklist_(rev1)Maintenance guide checklist_(rev1)
Maintenance guide checklist_(rev1)
diegocely700615
 
Presentation
PresentationPresentation
Presentation
Meredith Morgan
 
Trident warrior advancing future capabilities through fleet experimentation
Trident warrior advancing future capabilities through fleet experimentationTrident warrior advancing future capabilities through fleet experimentation
Trident warrior advancing future capabilities through fleet experimentation
Master Chief Petty Officer of the Navy
 
Survey and examination of ships' lifting appliances
Survey and examination of ships' lifting appliancesSurvey and examination of ships' lifting appliances
Survey and examination of ships' lifting appliances
tienbzeo
 
Imcam149 -issue_8
Imcam149 -issue_8Imcam149 -issue_8
Imcam149 -issue_8
Jossian Brito
 
2 classification societies
2 classification societies2 classification societies
2 classification societies
Olanrewaju O Sulaiman
 
Transocean offshore operation 3
Transocean offshore operation 3Transocean offshore operation 3
Transocean offshore operation 3
Steffones K
 
NATO Rapid Reaction Team Expert Training
NATO Rapid Reaction Team Expert TrainingNATO Rapid Reaction Team Expert Training
NATO Rapid Reaction Team Expert Training
Kevin Parrish
 
Psc pocket checklist
Psc pocket checklistPsc pocket checklist
Psc pocket checklist
Tevay Sayha
 
Set 1 certificates and survey
Set 1 certificates and surveySet 1 certificates and survey
Set 1 certificates and survey
Maanas Gopinath
 
PP_CERTIFICATES& DOCS List_Ver.056
PP_CERTIFICATES& DOCS List_Ver.056PP_CERTIFICATES& DOCS List_Ver.056
PP_CERTIFICATES& DOCS List_Ver.056
Stavrianidis Stavros
 
Vessel General Permit
Vessel General PermitVessel General Permit
Vessel General Permit
Bryan Wendleton
 
Surveys of Merchant Ships
Surveys of Merchant Ships Surveys of Merchant Ships
Surveys of Merchant Ships
Mohammud Hanif Dewan M.Phil.
 
Set 2 gmdss
Set 2 gmdssSet 2 gmdss
Set 2 gmdss
Maanas Gopinath
 
Guidelines for periodic servicing and maintenance of lifeboats
Guidelines for periodic servicing and maintenance of lifeboatsGuidelines for periodic servicing and maintenance of lifeboats
Guidelines for periodic servicing and maintenance of lifeboats
Ana Vicente
 
Session 42 Michael Baldauf
Session 42 Michael BaldaufSession 42 Michael Baldauf
Session 42 Michael Baldauf
Transportforum (VTI)
 
F010133036
F010133036F010133036
F010133036
IOSR Journals
 
Centralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor NetworksCentralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor Networks
IOSR Journals
 
20 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 201520 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 2015
delano chaves gurgel do amaral
 
ECDIS TEST
ECDIS TESTECDIS TEST
ECDIS TEST
MrisCrulis2
 
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
collinstr
 
presentations-amp_imo_presentation
presentations-amp_imo_presentationpresentations-amp_imo_presentation
presentations-amp_imo_presentation
Jeff Douglas
 
The swedish-club-navigational-claims-report-2014
The swedish-club-navigational-claims-report-2014The swedish-club-navigational-claims-report-2014
The swedish-club-navigational-claims-report-2014
Ashok Yadav
 
Sirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management SystemSirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management System
Gaetano Volpe
 
Ship detection with wireless sensor networks
Ship detection with wireless sensor networksShip detection with wireless sensor networks
Ship detection with wireless sensor networks
sudhakar5472
 
4th ShipIT Conference, Athens
4th ShipIT Conference, Athens 4th ShipIT Conference, Athens
4th ShipIT Conference, Athens
KostasGrivas1
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Marianne Molchan
 
Sirm15
Sirm15 Sirm15
Sirm15
Gaetano Volpe
 

More Related Content

What's hot

Transocean offshore operation 3
Transocean offshore operation 3Transocean offshore operation 3
Transocean offshore operation 3
Steffones K
 
NATO Rapid Reaction Team Expert Training
NATO Rapid Reaction Team Expert TrainingNATO Rapid Reaction Team Expert Training
NATO Rapid Reaction Team Expert Training
Kevin Parrish
 
Psc pocket checklist
Psc pocket checklistPsc pocket checklist
Psc pocket checklist
Tevay Sayha
 
Set 1 certificates and survey
Set 1 certificates and surveySet 1 certificates and survey
Set 1 certificates and survey
Maanas Gopinath
 
PP_CERTIFICATES& DOCS List_Ver.056
PP_CERTIFICATES& DOCS List_Ver.056PP_CERTIFICATES& DOCS List_Ver.056
PP_CERTIFICATES& DOCS List_Ver.056
Stavrianidis Stavros
 
Vessel General Permit
Vessel General PermitVessel General Permit
Vessel General Permit
Bryan Wendleton
 
Surveys of Merchant Ships
Surveys of Merchant Ships Surveys of Merchant Ships
Surveys of Merchant Ships
Mohammud Hanif Dewan M.Phil.
 
Set 2 gmdss
Set 2 gmdssSet 2 gmdss
Set 2 gmdss
Maanas Gopinath
 
Guidelines for periodic servicing and maintenance of lifeboats
Guidelines for periodic servicing and maintenance of lifeboatsGuidelines for periodic servicing and maintenance of lifeboats
Guidelines for periodic servicing and maintenance of lifeboats
Ana Vicente
 

What's hot (9)

Transocean offshore operation 3
Transocean offshore operation 3Transocean offshore operation 3
Transocean offshore operation 3
 
NATO Rapid Reaction Team Expert Training
NATO Rapid Reaction Team Expert TrainingNATO Rapid Reaction Team Expert Training
NATO Rapid Reaction Team Expert Training
 
Psc pocket checklist
Psc pocket checklistPsc pocket checklist
Psc pocket checklist
 
Set 1 certificates and survey
Set 1 certificates and surveySet 1 certificates and survey
Set 1 certificates and survey
 
PP_CERTIFICATES& DOCS List_Ver.056
PP_CERTIFICATES& DOCS List_Ver.056PP_CERTIFICATES& DOCS List_Ver.056
PP_CERTIFICATES& DOCS List_Ver.056
 
Vessel General Permit
Vessel General PermitVessel General Permit
Vessel General Permit
 
Surveys of Merchant Ships
Surveys of Merchant Ships Surveys of Merchant Ships
Surveys of Merchant Ships
 
Set 2 gmdss
Set 2 gmdssSet 2 gmdss
Set 2 gmdss
 
Guidelines for periodic servicing and maintenance of lifeboats
Guidelines for periodic servicing and maintenance of lifeboatsGuidelines for periodic servicing and maintenance of lifeboats
Guidelines for periodic servicing and maintenance of lifeboats
 

Similar to Sikkerhet og tillit for samhandling mellom skip og land

Session 42 Michael Baldauf
Session 42 Michael BaldaufSession 42 Michael Baldauf
Session 42 Michael Baldauf
Transportforum (VTI)
 
F010133036
F010133036F010133036
F010133036
IOSR Journals
 
Centralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor NetworksCentralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor Networks
IOSR Journals
 
20 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 201520 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 2015
delano chaves gurgel do amaral
 
ECDIS TEST
ECDIS TESTECDIS TEST
ECDIS TEST
MrisCrulis2
 
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
collinstr
 
presentations-amp_imo_presentation
presentations-amp_imo_presentationpresentations-amp_imo_presentation
presentations-amp_imo_presentation
Jeff Douglas
 
The swedish-club-navigational-claims-report-2014
The swedish-club-navigational-claims-report-2014The swedish-club-navigational-claims-report-2014
The swedish-club-navigational-claims-report-2014
Ashok Yadav
 
Sirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management SystemSirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management System
Gaetano Volpe
 
Ship detection with wireless sensor networks
Ship detection with wireless sensor networksShip detection with wireless sensor networks
Ship detection with wireless sensor networks
sudhakar5472
 
4th ShipIT Conference, Athens
4th ShipIT Conference, Athens 4th ShipIT Conference, Athens
4th ShipIT Conference, Athens
KostasGrivas1
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Marianne Molchan
 
Sirm15
Sirm15 Sirm15
Sirm15
Gaetano Volpe
 
Modern Race Navigation
Modern Race NavigationModern Race Navigation
Modern Race Navigation
Greg Brougham
 
Automatic-identification system gr1.pptx
Automatic-identification system gr1.pptxAutomatic-identification system gr1.pptx
Automatic-identification system gr1.pptx
MarkFrenlyLompot
 
75346996 a-is
75346996 a-is75346996 a-is
75346996 a-is
Dheeraj Kaushal
 
UiT Autonomous Ship Program, including recent research activities
UiT Autonomous Ship Program, including recent research activitiesUiT Autonomous Ship Program, including recent research activities
UiT Autonomous Ship Program, including recent research activities
Lokukaluge Prasad Perera
 
Vessel Traffic Management System
Vessel Traffic Management SystemVessel Traffic Management System
Vessel Traffic Management System
Rolta
 
DIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICSDIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICS
rohith30
 
Maritime Security Challenge - Thales
Maritime Security Challenge - Thales Maritime Security Challenge - Thales
Maritime Security Challenge - Thales
Digital Catapult
 

Similar to Sikkerhet og tillit for samhandling mellom skip og land (20)

Session 42 Michael Baldauf
Session 42 Michael BaldaufSession 42 Michael Baldauf
Session 42 Michael Baldauf
 
F010133036
F010133036F010133036
F010133036
 
Centralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor NetworksCentralized Fault Management of Docks in Marine Sensor Networks
Centralized Fault Management of Docks in Marine Sensor Networks
 
20 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 201520 slides canadá tecnologia portos 05 mai 2015
20 slides canadá tecnologia portos 05 mai 2015
 
ECDIS TEST
ECDIS TESTECDIS TEST
ECDIS TEST
 
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
Maritime Environmental and Operational Data Management useing Quantum\'s Mari...
 
presentations-amp_imo_presentation
presentations-amp_imo_presentationpresentations-amp_imo_presentation
presentations-amp_imo_presentation
 
The swedish-club-navigational-claims-report-2014
The swedish-club-navigational-claims-report-2014The swedish-club-navigational-claims-report-2014
The swedish-club-navigational-claims-report-2014
 
Sirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management SystemSirm15 A new concept of Fleet Management System
Sirm15 A new concept of Fleet Management System
 
Ship detection with wireless sensor networks
Ship detection with wireless sensor networksShip detection with wireless sensor networks
Ship detection with wireless sensor networks
 
4th ShipIT Conference, Athens
4th ShipIT Conference, Athens 4th ShipIT Conference, Athens
4th ShipIT Conference, Athens
 
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLYMaritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
Maritime Surveillance PG24 MTR Sept 15 ARTICLE ONLY
 
Sirm15
Sirm15 Sirm15
Sirm15
 
Modern Race Navigation
Modern Race NavigationModern Race Navigation
Modern Race Navigation
 
Automatic-identification system gr1.pptx
Automatic-identification system gr1.pptxAutomatic-identification system gr1.pptx
Automatic-identification system gr1.pptx
 
75346996 a-is
75346996 a-is75346996 a-is
75346996 a-is
 
UiT Autonomous Ship Program, including recent research activities
UiT Autonomous Ship Program, including recent research activitiesUiT Autonomous Ship Program, including recent research activities
UiT Autonomous Ship Program, including recent research activities
 
Vessel Traffic Management System
Vessel Traffic Management SystemVessel Traffic Management System
Vessel Traffic Management System
 
DIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICSDIGITALISATION IN SHIPPING & LOGISTICS
DIGITALISATION IN SHIPPING & LOGISTICS
 
Maritime Security Challenge - Thales
Maritime Security Challenge - Thales Maritime Security Challenge - Thales
Maritime Security Challenge - Thales
 

More from Kjetil Nordby

DMD 2019 - Grafisk design og typografi for maritim kontekst
DMD 2019 - Grafisk design og typografi for maritim kontekstDMD 2019 - Grafisk design og typografi for maritim kontekst
DMD 2019 - Grafisk design og typografi for maritim kontekst
Kjetil Nordby
 
DMD 2019 - Bridge Work Environment Design and Approval
DMD 2019 - Bridge Work Environment Design and ApprovalDMD 2019 - Bridge Work Environment Design and Approval
DMD 2019 - Bridge Work Environment Design and Approval
Kjetil Nordby
 
Distribuert og åpen datahåndtering for skip og land
Distribuert og åpen datahåndtering for skip og landDistribuert og åpen datahåndtering for skip og land
Distribuert og åpen datahåndtering for skip og land
Kjetil Nordby
 
DMD 2019 - Prototyping augmented reality interfaces in the field
DMD 2019 - Prototyping augmented reality interfaces in the fieldDMD 2019 - Prototyping augmented reality interfaces in the field
DMD 2019 - Prototyping augmented reality interfaces in the field
Kjetil Nordby
 
DMD 2019 - Samskapende skipsdesign
DMD 2019 - Samskapende skipsdesignDMD 2019 - Samskapende skipsdesign
DMD 2019 - Samskapende skipsdesign
Kjetil Nordby
 
DMD 2019 - Design for maritime augmented reality
DMD 2019 - Design for maritime augmented reality DMD 2019 - Design for maritime augmented reality
DMD 2019 - Design for maritime augmented reality
Kjetil Nordby
 
DMD 2019 - OpenBridge Design System
DMD 2019 - OpenBridge Design SystemDMD 2019 - OpenBridge Design System
DMD 2019 - OpenBridge Design System
Kjetil Nordby
 
DMD 2019 - Introduksjon
DMD 2019 - IntroduksjonDMD 2019 - Introduksjon
DMD 2019 - Introduksjon
Kjetil Nordby
 

More from Kjetil Nordby (8)

DMD 2019 - Grafisk design og typografi for maritim kontekst
DMD 2019 - Grafisk design og typografi for maritim kontekstDMD 2019 - Grafisk design og typografi for maritim kontekst
DMD 2019 - Grafisk design og typografi for maritim kontekst
 
DMD 2019 - Bridge Work Environment Design and Approval
DMD 2019 - Bridge Work Environment Design and ApprovalDMD 2019 - Bridge Work Environment Design and Approval
DMD 2019 - Bridge Work Environment Design and Approval
 
Distribuert og åpen datahåndtering for skip og land
Distribuert og åpen datahåndtering for skip og landDistribuert og åpen datahåndtering for skip og land
Distribuert og åpen datahåndtering for skip og land
 
DMD 2019 - Prototyping augmented reality interfaces in the field
DMD 2019 - Prototyping augmented reality interfaces in the fieldDMD 2019 - Prototyping augmented reality interfaces in the field
DMD 2019 - Prototyping augmented reality interfaces in the field
 
DMD 2019 - Samskapende skipsdesign
DMD 2019 - Samskapende skipsdesignDMD 2019 - Samskapende skipsdesign
DMD 2019 - Samskapende skipsdesign
 
DMD 2019 - Design for maritime augmented reality
DMD 2019 - Design for maritime augmented reality DMD 2019 - Design for maritime augmented reality
DMD 2019 - Design for maritime augmented reality
 
DMD 2019 - OpenBridge Design System
DMD 2019 - OpenBridge Design SystemDMD 2019 - OpenBridge Design System
DMD 2019 - OpenBridge Design System
 
DMD 2019 - Introduksjon
DMD 2019 - IntroduksjonDMD 2019 - Introduksjon
DMD 2019 - Introduksjon
 

Recently uploaded

CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
jpsjournal1
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
Rahul
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
VICTOR MAESTRE RAMIREZ
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
Aditya Rajan Patra
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
IJECEIAES
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
ihlasbinance2003
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Christina Lin
 
Recycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part IIRecycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part II
Aditya Rajan Patra
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
NidhalKahouli2
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
bijceesjournal
 
Engine Lubrication performance System.pdf
Engine Lubrication performance System.pdfEngine Lubrication performance System.pdf
Engine Lubrication performance System.pdf
mamamaam477
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
Yasser Mahgoub
 
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptxML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
JamalHussainArman
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
SUTEJAS
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Sinan KOZAK
 
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
171ticu
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
Hitesh Mohapatra
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
Madan Karki
 
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMTIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
HODECEDSIET
 
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
enizeyimana36
 

Recently uploaded (20)

CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTCHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECT
 
ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024ACEP Magazine edition 4th launched on 05.06.2024
ACEP Magazine edition 4th launched on 05.06.2024
 
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student MemberIEEE Aerospace and Electronic Systems Society as a Graduate Student Member
IEEE Aerospace and Electronic Systems Society as a Graduate Student Member
 
Recycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part IIIRecycled Concrete Aggregate in Construction Part III
Recycled Concrete Aggregate in Construction Part III
 
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...
 
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
5214-1693458878915-Unit 6 2023 to 2024 academic year assignment (AutoRecovere...
 
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming PipelinesHarnessing WebAssembly for Real-time Stateless Streaming Pipelines
Harnessing WebAssembly for Real-time Stateless Streaming Pipelines
 
Recycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part IIRecycled Concrete Aggregate in Construction Part II
Recycled Concrete Aggregate in Construction Part II
 
basic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdfbasic-wireline-operations-course-mahmoud-f-radwan.pdf
basic-wireline-operations-course-mahmoud-f-radwan.pdf
 
Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...Comparative analysis between traditional aquaponics and reconstructed aquapon...
Comparative analysis between traditional aquaponics and reconstructed aquapon...
 
Engine Lubrication performance System.pdf
Engine Lubrication performance System.pdfEngine Lubrication performance System.pdf
Engine Lubrication performance System.pdf
 
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
2008 BUILDING CONSTRUCTION Illustrated - Ching Chapter 02 The Building.pdf
 
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptxML Based Model for NIDS MSc Updated Presentation.v2.pptx
ML Based Model for NIDS MSc Updated Presentation.v2.pptx
 
Understanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine LearningUnderstanding Inductive Bias in Machine Learning
Understanding Inductive Bias in Machine Learning
 
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
Optimizing Gradle Builds - Gradle DPE Tour Berlin 2024
 
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样官方认证美国密歇根州立大学毕业证学位证书原版一模一样
官方认证美国密歇根州立大学毕业证学位证书原版一模一样
 
Generative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of contentGenerative AI leverages algorithms to create various forms of content
Generative AI leverages algorithms to create various forms of content
 
Manufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptxManufacturing Process of molasses based distillery ppt.pptx
Manufacturing Process of molasses based distillery ppt.pptx
 
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEMTIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
TIME DIVISION MULTIPLEXING TECHNIQUE FOR COMMUNICATION SYSTEM
 
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball playEric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
Eric Nizeyimana's document 2006 from gicumbi to ttc nyamata handball play
 

Sikkerhet og tillit for samhandling mellom skip og land

  • 1. SIKKERHET OG TILLIT FOR SAMHANDLING MELLOM SKIP OG LAND Dag Atle Nesheim, Forsker – SINTEF Ocean
  • 2. Shipping blir mer og mer digitalisert • Mer integrasjon om bord • Mer datautveksling • Mer trafikkstyring fra land • Mot ubemannede skip Data Analytics MANAGEMENT HQ PERFORMANCE • TCI Efficiency • TCI Balance • TCI Degradation TeCoMan Ship Performance Registrations Report: Performance Assessment / Support SHIP Internet of Services at Sea Internet of Things at Sea Simulation and Optimization Robotics and Autonomy © SINTEF Ocean Augmented reality Shipping 4.0 Computation Cyber-physical systems Cyber Security Open system integration Engine Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative Infotainment Accomodation Energy management FW/GW ISC Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management ECDIS Integrated Ship Control (ISC)
  • 3. … og mer følsomt for angrep Hackers Misfits/States Economic espionage/attacks Pirates Fraud "Container ship loading" by Stan Shebs. Smuggling
  • 4. Det er mange digitale systemer på et skip RADAR Engine Cargo Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative FW/GW Infotainment Accomodation Energy management FW/GW Integrated Ship Control (ISC) Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management Owner Manager Charterer Authorities Systems FW/GW Land Internet ICS VHF Data Exchange System - VDES Kommersielt/person-sensitivt Sikkerhetsmessig sensitivt
  • 5. … og mange angrepspunkter RADAR Engine Cargo Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative FW/GW Infotainment Accomodation Energy management FW/GW Integrated Ship Control (ISC) Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management Owner Manager Charterer Authorities Systems FW/GW Land Internet ICS VHF Data Exchange System - VDES
  • 6. CySiMS: Cyber Security for Merchant Shipping 2016-2018 • Kongsberg Seatex AS (Prosjekteier) • Kongsberg Maritime AS • Kongsberg Defence and Aerospace AS • DNV GL AS • SINTEF Digital • SINTEF Ocean AS • Navtor AS • Kystverket • Sjøfartsdirektoratet
  • 7. CySiMS: Cyber Security for Merchant Shipping RADAR Engine Cargo Cargo Reporting FW/GW Process Layer Administrative Layer AutomationNavigation Administrative FW/GW Infotainment Accomodation Energy management FW/GW Integrated Ship Control (ISC) Layer Crewing Performance monitoring INS FW/GW FW/GW Fire alarm Safety FW/GW Instrument Layer Safety Management Owner Manager Charterer Authorities Systems FW/GW Land Internet ICS VHF Data Exchange System - VDES
  • 8. To forskjellige kommunikasjonskanaler Ship Space segment Uplink Downlink Internet SCCEarth station Ship VDES data link Trunk VTS Shore station Ship VDES data link Ship
  • 9. Viktig del er å kartlegge behov og finne "riktig" løsning …Cost versus Benefit…
  • 11. Stereotype scenarios Scenario 1: Navigational Real Time Information to Ship Scenario 2: Nautical Documents Update to Ship Scenario 3: Ship reporting to VTS or similar Scenario 4: Mandatory ship documentation and reports to port Scenario 5: Nautical advice to ship Scenario 6: Nautical commands to ship Scenario 7: Remote control of tugs, etc. Scenario 8: Operational voyage instructions and reports Scenario 9: Telemedicine Scenario 10: Search and Rescue Scenario 11: Configuration of equipment or system Scenario 12: Network management
  • 12. 44.44% 11.11% 16.67% 5.56% 22.22% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Several times a day (n=8) Several times a week (n=2) Several times a month (n=3) Several times a year (n=1) Rarer (n=4) How often does this scenario occur (per ship) ? Scenario 1: Navigational real-time information to ship The ship receives updated navigational information from shore. Examples are weather or ice information and forecast, lists of aids to navigations that are not working, floating containers, whale observations, wrecks etc. Today this is typically maritime safety information (MSI) received by NAVTEX or Safety-Net. Wave, tide or virtual aids to navigation received over AIS. 33.33% 55.56% 5.56% 5.56% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Data changed (n=6) Data lost (n=10) Data overheard (n=1) Data not trusted (sender and receiver disagrees on data actually being sent or on the content of the message) (n=1) What communication fault is likely to cause a negative outcome?
  • 13. Scenario 1: Navigational real-time information to ship The ship receives updated navigational information from shore. Examples are weather or ice information and forecast, lists of aids to navigations that are not working, floating containers, whale observations, wrecks etc. Today this is typically maritime safety information (MSI) received by NAVTEX or Safety-Net. Wave, tide or virtual aids to navigation received over AIS. 22.22% 38.89% 27.78% 11.11% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% Individual Injury (n=4) Commercial (n=7) Environmental (n=5) Reputational (n=2) What type of outcome will you classify this to be of? 5.56% 5.56% 33.33% 38.89% 11.11% 5.56% 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% None (n=1) Negligible (n=1) Moderate (n=6) High (n=7) Critical (n=2) Catastrophic (n=1) What severity has this outcome?
  • 14. Hovedutfordringer • Sikkerhet • Informasjon på avveie • Falsk mottaker • Avlytting • Manipulert informasjon • Falsk avsender (spoofing) • Manipulasjon av meldingsinnhold • Uteblitt informasjon (jamming) • Tillit • Hvem sendte hva og når? • Hva ble faktisk sendt/mottatt?
  • 15. Verktøy for å analysere risiko 1/2 Stereotype Characteristics Data Lost Data manipulatedData stolen Data not trusted SC 1: Navigational real-time information to ship Received “real-time” safety information that can be critical to operations. Maritime Safety Information (MSI) Highly relevantHighly relevant Relevant Highly relevant SC2: Nautical document updates to ship Updates to documents that are required to be carried by the ship. Relevant Highly relevant Relevant Relevant SC3: Ship reporting to VTS, coastguard or similar Required short reports in VTS or ship reporting areas. Relevant Highly relevant Relevant Relevant SC4: Mandatory ship documentation and reports to port Documents from ship or agent to authorities that are mandatory, e.g. for calling in a port. Failure to provide correct documents can cause detentions, fines or other. Relevant Relevant Relevant Relevant SC5: Nautical advice to ship Advice that is the basis for new plans generated on ship based on received and other navigational information. Relevant Relevant Relevant Relevant SC6: Nautical commands to ship Real time commands to ship from VTS or other ships. Master can ignore, but at a penalty. Relevant Highly relevant Relevant Relevant SC7: Remote control of ship, tugs or other port operation Direct control of own ship or other, e.g. tug. Highly relevantHighly relevant Highly relevant SC8: Operational voyage instructions and reports Information to or from the ship with commercial and operational importance. Relevant Relevant Highly relevantRelevant SC9: Telemedicine. Critical exchange of personal information with shore experts. Highly relevantHighly relevant Relevant Highly relevant SC10: Search and Rescue (SAR) Critical coordination of search and rescue operations. Highly relevantHighly relevant Highly relevant SC11: Configuration Configuration of bridge equipment from shore or from other locations on ship. Relevant Highly relevant SC12: Network management Message exchanges used to coordinate use of network (mostly VDE). Relevant Relevant Relevant Relevant Loss Event Types
  • 16. Verktøy for å analysere risiko 2/2 Scenario Main Unwanted Event Scenario 1: Navigational Real Time Information to Ship Data lost Catastrophic 5 Possible 3 Scenario 2: Nautical Documents Update to Ship Data lost Critical 4 Possible 3 Scenario 3: Ship reporting to VTS or similar Data changed High 3 Likely 4 Scenario 4: Mandatory ship documentation and reports to port Data lost High 3 Always 5 Scenario 5: Nautical advice to ship Data changed High 3 Possible 3 Scenario 6: Nautical commands to ship Data changed High 3 Likely 4 Scenario 7: Remote control of tugs, etc. Data changed Catastrophic 5 Possible 3 Scenario 8: Operational voyage instructions and reports Data changed High 3 Likely 4 Scenario 9: Telemedicine Data changed Critical 4 Likely 4 Scenario 10: SAR Data changed Critical 4 Always 5 Scenario 11: Configuration Data changed Catastrophic 5 Possible 3 Scenario 12: Network management Data changed High 3 Possible 3 Impact Frequency of Impact Standard Impact Level
  • 18. Viktige utfordringer gjenstår • Maritime krav • Skalerbar: 80 000 skip, 171 stater, 110 000 havner • Internasjonal: Åpen teknologi, Internasjonal konsensus • Kostnadseffektiv: Skip, flaggstat, havnestat, kommunikasjon, systemer • Avklaringer • Hvem tar ansvar for hva? • Hva koster det? • Blir det enkelt nok?
  • 19. CySiMS Service Evolution 2019/Q2-2021/Q1 • Kongsberg Seatex AS (Prosjekteier) • Kongsberg Defence and Aerospace AS • SINTEF Digital • SINTEF Ocean AS • Navtor AS • Kystverket • Sjøfartsdirektoratet
  • 20. CySiMS Service Evolution Demonstrere og operasjonalisere en sikker kommunikasjonsløsning for maritim sektor, integrert med IT arkitektur ombord Implementere en PKI struktur, herunder hardware og software for sikker informasjonsutveksling mellom systemer på bro, bak bro og på land Målet er å tilby den første åpne, integrerte og kostnadseffektive løsningen for beskyttelse mot cyber angrep på kritisk sikkerthets- og operasjonell informasjon PK FW PK Cyber t
  • 21. Hvordan gjør vi dette? • Ombord installasjon på 10 skip i Trondheimsfjorden testområde for autonome skip • Installasjon og operasjon ved Kystverket/Sjøfartsdirektoratet • Bruk i et utvalgt sett av Real Vessel Services (M2M rapportering, elektroniske skipssertifikater, automatisk utveksling av ruter og passage plans, etc.) • Opparbeide gode estimater på kostnad og fordeler ved utvikling, implementering og operasjon av løsningen • Økt oppmerksomhet rundt cyber risiko og hvordan denne kan håndteres på en kostnadseffektiv måte • Jobbe for internasjonal standardisering
  • 22. IMO Shipowner Shipowner… Vessel Vessel… Flag State Flag State… VTS VTS… n
  • 23. Teknologi for et bedre samfunn

Editor's Notes

  1. Dette har me jo også høyrd om allerede i dag, og skal sikkert høyre meir om seinare
  2. Både på innsida og i linken mot verden utanfor
  3. CySiMS hadde hovedfokus på meldingssikkerheit End to end på "meldinger" – uavhengig av transport Elektronisk signering / kryptering
  4. Satellitt og VDES (datautveksling via VHF) Kommunikasjon mellom skip og lang og mellom skip og skip
  5. Unngå at vinninga går opp i spinninga – det finns nok av eksempler her på at kostnaden ved tiltak ikkje kan forsvares gjennom effekten av tiltaket. Det er kanskje fleir enn meg som er lei av å måtte ha gjennomsiktig toalettmappe på reise..? Me må sikra at løysingane er basert på eit reelt behov og at dei er hensiktsmessige å gjennomføre
  6. Både med tanke på dei ulike aktørane som må vera involverte MEN også med tanke på muligheita til å definere sannsynligheit og konsekvens Korleis kan me konvertere redusert sannsynlighet for uønska hendelsar til kroner og øre? -Kva er eit menneskeliv verdt? Det finns tal på dette men å bruke tala er ikkje særlig politisk korrekt. Er for eksempel ein frå Filipinane mindre verdt enn ein frå USA..? For det er det tabellane seier -Kommersielle kostnader knytta til cyber-angrep er noko lettare, for eksempel Maersk og no i det siste, Hydro Korleis definere kostnadsbildet når kostnaden må fordeles over fleire aktører? Og tilslutt: Korleis håndtere at visse aktører må håndtere kostnaden mens andre aktører er dei som sitt igjen med fordelane?
  7. Scenarioene representerer ei blanding av timing (real time, direkte og indirekte kommunikasjon), innhold og aktørar
  8. Vi definerte ein spørreundersøkelse i norsk maritim industri der vi tok for oss kvart scenario og stilte følgande spørsmål
  9. Løysinga vi kom opp med i CySiMS knytter seg til ein Public Key Infrastruktur (PKI) Målet er å legge til rette for sikker, håndterbar og effektiv distribusjon av public keys gjennom digitale sertifikater. Ein PKI omfatter hardware, software, policies og prosedyrer som håndterer opprettelse, håndtering, lagring, distribuering og tilbakekalling av digitale sertifikater basert på Public Key Kryptografi Public Key Kryptografi brukes for å håndtere autentisering, data integritet og dokumentasjon på meldingsutvekslinga KLIKK Her brukes to nøkler: Ein privat nøkkel som er skjult og ein offentlig nøkkel som kan deles. Sammen brukes dette nøkkelparet til å kryptere og dekryptere data samt signere og validere digitale signaturer. Ein stor fordel her at ein kan bruke samme nøkkelpar til å kommunisere med mange, heller enn å måtte lage spesifikke nøkler per relasjon. Dette simplifiserer håndteringa av nøklene når ein skal opprette sikre kommunikasjonsøkter mellom parter som ikkje nødvendigvis kjenner kvarandre på fohånd
  10. Med utgangspunkt i ein foreslått struktur med IMO som internasjonal autoritet (dei som utsteder og håndterer sertifikatene), er målet å demonstrere eit sub-sett der Norge som flaggstat, tar rollen som utsteder og eigar av PKI-løysinga. Ved å få besvart sentrale spørsmål knytta til kostnader, kompleksitet og gjennomførbarheit, er målet å gi input til IMO, nettopp med tanke på internasjonal implementering.