CYBERSECURITY ASSESSMENT IN MARITIME SHIPPING BASED ON INTERNATIONAL STANDARDS
DOI:
https://doi.org/10.32782/mathematical-modelling/2026-9-1-11Keywords:
cyber incident, cybersecurity of ship systems, security standards, information technology, operational technology, human factor, TRL analysisAbstract
The maritime sector is facing a growing number of cyber threats that challenge the operational safety of vessels and ports. This study analyses cyber incident detection operations and standards, examines current challenges in maritime cybersecurity, and based on this analysis, proposes a new approach to the development of a cyber incident response plan. The implementation of international cybersecurity standards ISO/IEC 27001, NIST CSF, IEC 62443, as well as the guidelines of the International Maritime Organization (IMO), has become mandatory in modern maritime cybersecurity practice. However, a detailed analysis of regulatory documents, scientific publications, and the conducted preliminary study indicates that the effectiveness of these standards is limited due to incomplete coverage of the system life cycle, technical challenges related to the integration of information and operational technologies, and inadequate attention to the impact of the human factor on ensuring sustainable and secure maritime operations. Therefore, the development of a methodological approach to creating an adaptive cyber incident response plan for different vessel types, considering international standards and the specifics of shipboard operational technologies, remains a relevant and urgent task. The aim of this study is to substantiate and develop an integrated approach to assessment and recommendations for the application of international cybersecurity standards under real vessel operating conditions. The proposed approach combines multicriteria analysis of standards, technological, organizational, and human factors, and considers modern cyber threats specific to the maritime industry. To reduce the impact of the human factor and to validate the proposed model, the next step involves implementing the project within the educational system of the relevant specialization and its practical application during cadets’ sea training. Further application is envisaged for operational training of ship crew members onboard vessels. The practical significance of the study lies in the possibility of using the obtained results by shipping companies, port authorities, and for personnel training in accordance with international standard requirements. According to a report by Thetius, CyberOwl, and HFW, in 2024 alone, one in five shipping companies experienced some form of cyberattack [1]. Survey results indicate that 93 % of crew members admitted they do not feel capable of solving cybersecurity-related tasks, while 70 % believe that proper training and timely exercises would significantly improve their preparedness.
References
Новини про дослідження Thetius/CyberOwl/HFW. Центр транспортних стратегій. 2025. URL: https://cfts.org.ua/news/2025/03/13/u_2024_rotsi_kozhna_pyata_sudnoplavna_kompaniya_zaznala_kiberataki_doslidzhennya_82248 (дата звернення 10.01.2026).
Skladannyi P., Kostiuk Y., Zhyltsov O., Savchenko Y., Antypin Y. Intelligent modelling of personalized learning in cybersecurity training. (In Proceedings of CPITS-II 2025. CEUR Workshop Proceedings) 2025. Vol. 4145. P. 95–119. URL: https://ceur-ws.org/Vol-4145/
Oruc A., Bauk S., Zhou J. A National Maritime Cyber Security Operations Centre (M-SOC) Concept. Marine Science and Engineering. 2025. Vol. 14(1). P. 17–29. doi: https://doi.org/10.3390/jmse14010017
Akpan F., Bendiab G., Shiaeles S., Karamperidis S., Michaloliakos M. Cybersecurity Challenges in the Maritime Sector. Network. 2022. Vol. 2(1). P. 123–138. doi: https://doi.org/10.3390/network2010009.
Alcaide J. I., Llave R. G. Critical infrastructures cybersecurity and the maritime sector. Transportation Research Procedia. 2020. Vol. 45. P. 547–554. doi: https://doi.org/10.1016/j.trpro.2020.03.058
Kessler, G., & Shepard, S. (2020). Maritime cybersecurity: A guide for leaders and managers. Independently published, 2022. 270 p.
Karas A. Maritime industry cybersecurity: A review of contemporary threats. European Research Studies Journal. 2023. Vol. 26. P. 921–935. doi: https://ersj.eu/journal/3336
Čelić J., Vukšić M., Baždarić R., Cuculić A. The Challenges of Cyber Resilience in the Maritime Sector: Addressing the Weak Awareness of the Dangers Caused by Cyber Threats. J. Mar. Sci. Eng. 2025. Vol. 13(4). P. 762. doi: https://doi.org/10.3390/jmse13040762
Androjna A., Brcko T., Pavic I., Greidanus H. Assessing cyber challenges of maritime navigation. Journal of Marine Science and Engineering. 2020. Vol. 8(10). P. 776. doi: https://doi.org/10.3390/jmse8100776
Bolbot V., Kulkarni K., Brunou P., Banda O., Musharraf M. Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis. International Journal of Critical Infrastructure Protection. 2020. Vol. 39. P. 100571. doi: https://doi.org/10.1016/j.ijcip.2022.100571
Кочерєв О. Система дипломування судноводіїв у галузі морського, зокрема річкового, судноплавства України. Південноукраїнський правничий часопис. 2021. № 3(1). C. 77–81. https://doi.org/10.32850/sulj.2021.3.1.13
Корнієнко О. Тренди цифрових технологій в морегосподарюванні. Економіка та управління національним господарством. 2023. № 81, C. 51–56. https://doi.org/10.32782/2521-666X/2023-81-6
Вавіленкова А. Процес управління кіберінцидентами як необхідний етап в організації кібербезпеки підприємства. Інформаційна безпека людини, суспільства, держави. 2025. № 1(38), C. 64–71. URL: https://journals.uran.ua/ispss/article/view/340022 (дата звернення 21.12.2025).
Зайцева Т., Безбах О., Камінська Н. Кібербезпека в морській галузі: загрози, реагування та управління інцидентами. Прикладні питання математичного моделювання. 2025. № 8(1). C. 65–78. doi: https://doi.org/10.32782/mathematical-modelling/2025-8-1-6
International Electrotechnical Commission. IEC 62443-1-1:2021 – Security for industrial automation and control systems. 2021. URL: https://www.iec.ch/homepage (дата звернення 20.01.2026).
International Maritime Organization. Resolution MSC.428(98): Maritime cyber risk management in safety management systems. 2017. URL: https://www.imo.org/ (дата звернення 27.02.2026).
International Organization for Standardization. ISO/IEC 27001:2022 – Information security, cybersecurity and privacy protection. 2022. URL: https://www.iso.org/standard/27001 (дата звернення 12.01.2026).
National Institute of Standards and Technology. Cybersecurity framework profile guidance (NIST CSWP 29). 2024. URL: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf (дата звернення 26.01.2026). doi: https://doi.org/10.6028/NIST.CSWP.29
International Organization for Standardization. ISO 16290:2013 – Space systems: Definition of the technology readiness levels (TRLs) and their criteria of assessment. 2013. URL: https://www.iso.org/home.html (дата звернення 05.02.2026).
Martínez F., Sánchez L., Santos-Olmo A., Rosado D., Fernández-Medina E. Poseidon: An integrated cybersecurity framework for maritime systems with empirical validation. Research Square. 2025. URL: https://www.researchsquare.com/article/rs-7490210/v1 (дата звернення 14.01.2026). doi: https://doi.org/10.21203/rs.3.rs-7490210/v1
Saaty T. Decision making with the analytic hierarchy process. International Journal of Services Sciences. 2008. Vol. 1(1). P. 83–98.





