ECDIS Cyber Security Dynamics Analysis based on the Fuzzy-FUCOM Method

Abstract

ECDIS is one of the most important pieces of navigational and information equipment on board ships, as well as a vital component of the ship's cyberspace. ECDIS has cyber vulnerabilities because of its connections to external systems like RADAR or GPS, sensors via serial (IEC61162-1/2), analogue, and digital interfaces, as well as onboard Wi-Fi, internet, and LAN technologies. This study identifies and ranks the cyber risks that cause ECDIS control loss, as well as the barriers that can be put in place to stop them, the potential consequences if they are not stopped, and the mitigations that can be utilised to avoid them. Due to a lack of historical data and research on identifying and prioritising ECDIS cyber security dynamics in the literature and the fact that this field necessitates specialised knowledge in terms of computer science and operational maritime navigation, the Fuzzy Triangular Full Consistency Method (FUCOM-F), based on expert opinion, is used in this study. Then, a bow-tie framework is employed to visualize the dynamics of ECDIS cyber security and their hierarchical classification from the analysis as a cyber-architecture. The results indicate that the primary cyber threat for ECDIS is "malware infection via the internet and intranet (M1)." The primary potential consequence, in the event that these cyber threats targeting ECDIS cannot be prevented, is the unavailability of the system (O1). The most efficient barriers against M1 attacks are “up-to-date virus protection” and “scanning software," while the most crucial measure to prevent the impact of O1 is "network segregation." Consequently, in addition to its strong methodological foundation, this research offers significant benefits to maritime professionals and cybersecurity experts by providing valuable insights on preventing cyber-attacks on bridge system infrastructure, particularly ECDIS.