In the recent years, the maritime industry is applying Industrial Internet of Things devices, data trending and high-speed satellite connections. While these advances in technology make business...Show moreIn the recent years, the maritime industry is applying Industrial Internet of Things devices, data trending and high-speed satellite connections. While these advances in technology make business easier for the industry, there are also drawbacks with these advances. In the past the maritime industry had an air-gap between the different systems. The probability of a cyber incident would be limited, let alone the probability of an incident propagating to a different system. Now, systems are interconnected and the risk of a cyber incident occurring is high, similar for the risk of an incident on one system propagating to another system. There are different academic studies, which have looked at maritime cyber threats as well as measures. However, there are not many qualitative studies in how the maritime industry is actually dealing with cyber threats. For this thesis, first a literature survey was conducted on cyber security onboard ships. The survey showed that most of the literature is focussed on navigation and communication systems, where there are more systems which can be attacked, such as propulsion control systems and engine control systems. The literature study also shows that the focus on measurements against attacks are solved mainly in the governance domain. The main driver that is mentioned in the literature is IMO resolution MSC.428(98). The role of the shipyards and suppliers are equipment and systems are not mentioned in the literature, as these actors are not in the scope of the resolution. Following the literature survey, semi-interviews were held with eight people working at different organisations in the maritime industry. The interviewees were selected using expert sampling and snowballing. The interviews took approximately 30-45 minutes and were held online via Teams. After the interviews were held, the interviews were transcribed and subjected to thematic analysis, where the interviews were coded and themed. The combination of the literature survey and the semi-structured interviews provided the answer to what the maritime industry is doing to deal with cyber security on board ships. The conclusion is that while the maritime industry is lagging behind other industries, it is improving. The maritime industry is realising that cyber security is an important aspect of their daily business. Due to the many different actors involved in the maritime industry, there is a need for clear requirements and responsibilities. From top down, this starts with international organisations and classification societies in combination with owners enforcing requirements during the life time of a ship to the shipyards and suppliers of equipment and systems. To ensure that all parties are complying with the rules and regulations and that the systems on board the vessel work as intended, it is recommended to put one party in charge of cyber security on board ships.Show less
