How do we create security and trust in our common infrastructure?
Sea Traffic Management (STM) aims at creating a safer, more efficient and environmentally friendly maritime sector. While introducing new functionalities by STM services, such as ship-to-ship route exchange, we also need to consider cyber security risks. Such security-related questions include, for example, how to ensure the service user is allowed to use the service. Or how to ensure that messages or data have been received by the intended receiver… and nobody else!
Throughout the maritime sector, we note a shift from paper or voice-based communication to digital-automated information exchange. In line with this digitalization process, authorities, such as IMO, have responded by issuing recommendations regarding cyber security on various levels. These include IMO´s recent guidelines on high-level maritime cyber risk management or the guidelines on cyber security on board ships from BIMCO, CLIA, ICS, INTERCARGO and INTERTANKO. Furthermore, ISO/IEC 27001 requirements regarding, for example, information security management systems and EU law relating to information security require consideration.
The common digital infrastructure SeaSWIM – including the MCP (Maritime Connectivity Platform) – is a communications framework that enables efficient, secure, reliable and seamless electronic information exchange among all authorised maritime stakeholders. The MCP framework is currently under development in a collaborative venture among different projects – STM validation project (EU), EfficienSea2 (EU) and the SMART Navigation project (Korea). As a partner in the EfficienSea2 project, IALA is participating in efforts to refine MCP in order to assess its potential as the generic communications framework for e-Navigation at large.
In line with this, various initiatives – led by different partners – are in progress to ensure common infrastructure security. A study named Robust Registers, is looking at cyber security for the STM infrastructure and more generally at various mechanisms to distribute central/shared resources. Dr. Anders Dalén, who is involved in the development of the infrastructure and in Robust Registers, outlines that security requirements have to be included in the design from the start, which is why the Robust Registers project studies different architectural archetypes to evaluate their potential strengths and weaknesses in terms of semantic interoperability, cyber security and business support. Another study focusing on MCP security is planned by the SMART Navigation project, led by KRISO/Korea.
Essential aspects of security, such as authentication mechanisms, certificates or encryption were also discussed during the STM Work Camp in September 2017, together with experts from Frequentis AG, the Danish Maritime Authority and CIMNE, working on the MCP and SeaSWIM. A mapping of EU legislation was brought forward by the project partner University of Southampton. Together, these initiatives aim to outline the approach to achieving a trustworthy and resilient common maritime infrastructure.