More than 90% of international trade is conducted via sea transportation, and hence the maritime freight-forwarding industry accounts for the largest portion of the shipping industry [1]. Most maritime navigation equipment and devices, including the engine machinery system mounted on a ship, is computerized. Such installations are mostly connected to the internet and tele-communication systems [2]. Merchant ships are used in a considerable proportion of the trade all over the world, and such vessels are designed and operated using computers and the Internet., making them vulnerable to cyberattacks. If a ship faces a cyber-attack when it is in close proximity to a coastal area or in harbor, the attack can result in serious problems throughout the area [3]. As an example, ports on the US West Coast were shut down owing to a labor stoppage during January2015 [4], which had a severe impact on the economy. A.P. Moller-Maersk, the world’s largest shipping company, reported that the NotPetya wiper malware attacks of late June 2017 would cost it hundreds of millions of U.S. dollars in losses. In its 2/4 earnings report, Maersk executives predicted losses between $200 and $300 million USD. They commented that this lost revenue was due to “significant business interruption” because the company was forced to temporarily close critical systems infected with the malware [5]. Equipment and devices exposed to cyber threats on a ship are AIS, LRIT, internet-connected IT system, DSC, man-in waters beacons, information-sharing among USB devices, and interworking (lack of separation) between communication devices. Additionally, the equipment exposed to cyber threats in the port is AIS, VTS, industrial control system, and IT office equipment connected to the Internet. ECDIS, GNDSS, electronic charts, and eLoran can also be detected [6]. Cyber-hacking incidents occurred in the shipping cargo operation system operated by Australia customs service and immigration (2012) [7]. Drug traffickers hacked the Antwerp port of Belgium to control ship locations and movement of containers [8]. North Korea used the Lori-mounted device to block GPS signals on the Korean coast for 16 days in early 2012 causing 1016 aircraft and 254 vessels to be confused [9]. According to the survey implemented by IHS Market and BIMCO in July 2016, 65 respondents of the total 300 stakeholders in the maritime industry have experienced a cyber security threat. Among these, 77% were attacked with malware, 57% with phishing, 25% with a theft of credentials, and 23% with spear phishing [10]. Such cyber-attack incidents are possible owing to an increasing use of computerbased navigation equipment and devices in bridge, machinery in engine room, and ignorance of seafarers about cyber security. Taking into account the recent cyber-attack incidents, the International Maritime Organization recommends referring to the shipping-related cyber security guidelines developed by BIMCO in April, 2016 [11]. In order to act in accordance with national cyber security guidelines, the maritime safety committee agreed to develop a new circular, MSC-FAL.1/Circ.3 Guidelines on maritime cyber risk management, in place of MSC.1/Circ.1526, which was developed on the guideline of BIMCO [12][13]. The BIMCO guideline recommends three guidelines to address the technical aspects on cyber security such as IEC 61162-450:2011, Maritime navigation device and radio communication equipment and systems - Digital interfaces - Part 450: Multiple talkers and multiple listeners - Ethernet interconnection, ISO/IEC 27001: 2016 standard (Information technology security techniques) and framework for improving critical infrastructure cybersecurity of NIST [11]. Pursuant to resolution MSC.428 (98), the DOC of a shipping company requires a cyber threat management system to be in the approved safety management system in order for the approval of the DOC in all annual surveys conducted after 1^st of January, 2020 [14]. The security in maritime field, however, deals with only pirates in SOLAS chapter XI-2, ISPS code (A/8.4, B/8, B/15), and the chapter of the STCW convention.

There are no requirements of competence of cyber security awareness for a seafarer and an employee of a shipping company in IMO provisions. This paper proposes to develop the competence of cyber security in the STCW convention.

While cyber threat is becoming a hot issue in the international maritime field, MSC 96 approved the interim guidelines on maritime cyber risk management (MSC.1/Circ.1526) and requested FAL 41 to review them [13]. In FAL 39, Canada proposed marine cyber security enforcement measures to be included in ISPS in the MSC regimes. However, the security review in terms of international trade promotion will be carried out by FAL [15].

In MSC 94, the United States and Canada proposed strengthening cyber security in a variety of maritime sectors including ports, maritime facilities, and shipping logistics systems [16].

In MSC 95, NGOs such as ICS and BIMCO introduced the development of the ship cyber security guideline in an urgent and industrially-oriented manner. Some countries (USA, Canada, and Korea, etc.) expressed opinions on the necessity of the integrated guideline on maritime security to be premature [17].

In FAL 40, Canada and the United States submitted documents on the measures to address vessel-cyber-related threats (FAL 40/9) and submitted draft MSC 96/4 guidelines on shipboard risk management at MSC 96[18]. MSC 96 approved the interim guidelines on maritime risk management on the assumption that it could be modified at FAL 41, and MSC and FAL jointly issued guidance on security aspects of international trade facilitation at FAL 41 [19].

In MSC 97, Iran submitted a document stating that the cyber risk management guidelines should be submitted, but it has been decided to discuss the draft guidelines currently approved by MSC 96 after reviewing them at FAL 41[19]. The document provides functional elements (identification, protection, detection, response, and recovery) for managing maritime cyber risk and provides reference a document * for an advanced case such as guidelines on cyber security on-board ships by BIMCO, ISO/IEC 27001 standard, and NIST Framework. It emphasizes that cyber risk management should be initiated by the senior management and absorbed by all organizations, and this guidance should be a high-level recommendation and not a mandatory one. The FAL 41 committee confirmed that the MSC 96 and 97 already reviewed MSC.1/Circ.1526 on the maritime cyber risk management manual containing security-related aspects in terms of trade facilitation and agreed to inform the outcome of the meeting to MSC 98 [19].

In MSC 98, a document was submitted to the Secretariat to request that the French Cyber Risk Management Manual be added as a best practice to Chapter 4 (Best Practices for Implementing Cyber Risk Management) of the Interim Guidelines on Maritime Cyber Risk Management (MSC.1/Circ.1526). The United States proposed that the risk management of a ship's cyber risk should be included with the management of the whole cyber-related risks in the safety management system of the ISM code. The application and definition of risk assessment is quite broad in regulation 1.2.2.1 of the ISM code and it is appropriate to include the concept of cyber risk management in it. In the ISM code, the purpose of the safety management of the workplace is to define the evaluation and the security measures for all identified risks to the ship, personnel, and environment [19]. It is possible to assess whether cyber risk management has been carried out properly when business sites conduct internal and external evaluations of ISM code. To integrate the parts of safety management system of the ISM code and cyber-related risk management, a standardized guidance should be developed through evaluation by relevant experts, and necessary evaluation methods and strategies should be developed. As a result of the discussion, it has been decided to include maritime cyber risk management as a functional requirement of the Safety Management System (SMS) of the ISM Code [20]. The 98th MSC Committee agreed to include maritime cyber management in the ISM Code, but decided to include it in the form of a non-mandatory recommendation, and encouraged to reflect this in the Resolution (MSC Resolution). In the MSC resolution, it has been decided to write the implementation date of marine cyber risk management at the time of issuance of the Safety Management Certificate (SMC) from January 2021 onwards. However, it is a mandatory issue at 98 MSC [20].

When a cyber-attack occurs, it is necessary to prepare an action plan for emergency situations in order to recover and protect the ship information and stop it from spreading. Ways and procedures to mitigate cyber threats should be reflected on ship management system in accordance with ISM code. The procedures should be developed by the feedback circle as shown in Figure 1.

Figure 1: 
Whole Scheme of Maritime Cyber Security Awareness [11]

Figure 1 shows how cyber security should be maintained and operated as identification threats, identification vulnerabilities, assessment risk exposure, development of protection and detection means, establishment of contingency plan, and action to cyber security incidents [11].

In the area of maritime transportation, cyber-attacks are of 5 categories such as safety navigation, radar, AIS, satellite, and cargo tracking system. Cyber technology threatened by hackers at sea consists of GPS spoofing, AIS and ECDIS.

Figure 2: 
Block diagram showing the relationship between sensors, actuators, and the ECDIS on an integrated bridge system [6]

3.2 GPS jamming and spoofing

GPS is an essential technology that provides valuable information related to safe navigation while sailing at sea. Spoofing is an attacking behavior that bypasses access control by accessing the system as if it were an authorized user, or by impersonating an authorized address on the network [6][11].

Spoofing uses a medium consisting of a port, an access control address, an Internet Protocol (IP) address, and an e-mail (e-mail) address for disguising the identity purposely for intentional actions.

The Jamming is the act of disrupting or disturbing the communication system by detecting the propagation and frequency of the ship. In other words, it refers to electronic or mechanical interference that interferes with the display of radar and radio communications. The ship tracking system with autopilot equipment is shown in Figure 3 [6].

Figure 3: 
Ship tracking system with an autopilot system

Ship dynamics formulation is defined by NOMOTO model,

Tr˙+r=Kδ+rb

(1)

where T is the time constant of the ship, K is the rudder gain (1/s), δ is the rudder angle (rad), r is the ship’s turning rate (rad/s), and rb is parameters of environment disturbances (rad/s).

The kinematics equation of the ship is defined as

φ˙=r

(2)

x˙=Ucosφ+dx

(3)

y˙=Usinφ+dy

(4)

where U is speed of ship against water velocity, x and y are the north and east directions respectively of the ship heading. d_x&d_y are environmental errors due to currents and wind (m/s), φ is radian of heading of the ship. The environment errors are defined as Gauss Markov process with the following formula,

d˙x=-1Tddx+vx

(5)

d˙y=-1Tddy+vy

(6)

whereT_dis time constant of the environment error, v_x and v_y are additional white Gaussian noise.

Ship control law is given as

δt=Ki∫0tφd-φτdτ+Kpφd-φt-Kdrt

(7)

K_p, K_i&K_dare P, I and D gains, respectively.

Spoofer control law is given by the following equations.

Hackers can produce a new spoofing GPS signal (e_m with real position of the ship( e) by b and a. The spoofing error is described by e_s as,

es=e-em

(8)

The modulated velocity and acceleration of modulated error is shown by the following equations

e˙mt≤vmax

(9)

e¨mt≤vmax

(10)

e_m(t)is end up hacker’s goal

min⁡uttf

(11)

e¨mt=ut

(12)

em0=0,e˙m0=0

(13)

emtf=e-,e˙mtf=0

(14)

This paper is only regarding the competence of cyber security for seafarers on-board a ship and does not deal with cyber risk management with a focus on training program. Hence, in order to implement cyber related regulations, the definition of cyber security is included in regulation 2.1.4.1 of 2 definition of Part A of ISPS code. This definition says: “Cybersecurity” is one of the tool, practices, policy, safety concept, technologies, and process designing for protecting network system, computers, programs and its data from intended or unintended attack, damage, contaminated program, or unauthorized use, access, or modulation [27].

This paper proposes the competence of cyber security for all seafarers as familiarization training in Section A-Ⅵ/6 of STCW convention. Seafarers should be sufficiently qualified in their capacity on board ship for cyber security before assigning the duties.

The following contents should be included in,

• 1. Type and principle of cyber threat
• 2. Kind of a cyber attack
• 3. Technology of target system, networks and equipment
• 4. Assessment of a cyber risk
• 5.Way to reduce a cyber risk
• 6. Development of contingency plan: and
• 7. Best practices with actual accident

Considering that most international trade is conducted via maritime transportation, maritime shipping trade has a significant impact on the global economy. There is a saying that transport is meat and drink to cyber criminals. That means it is very vulnerable to cyber-attack. Seafarers are unable to fathom the extent of damage that a cyber security attack can cause to a ship. Currently, the International Maritime Organization does not consider measures for cyber security. SOLAS, STCW, and ISPS provide guidelines only for physical security threats such as pirates. However, in accordance with resolution MSC.428 (98), the DOC of a shipping company requires cyber threat management systems to be included in the approved safety management system from 1st of January, 2020. As of now, security in the maritime field is defined only in terms of security measures for dealing with pirates, as given in SOLAS chapter XI-2, ISPS code (A/8.4, B/8, B/15), and a chapter of STCW convention.

In section 3, this paper described essential cyber security measures that should be undertaken on a ship. It explored how a ship navigation facility interconnects, and, as an example of a cyber threat, how hackers fabricate GPS signals.

In addition, this paper reviewed contemporary maritime cyber security training courses, referred to development of cyber security programs, and proposed a way forward to improve cyber security awareness in maritime transport with an introduction of the definition of cyber security into the ISPS code for changes in security concepts on-board ship, as described in section 6.