The widespread use of software-intensive cyber systems in critical infrastructures such as ships (CyberShips) has brought huge benefits, yet it has also opened new avenues for cyber attacks to potentially disrupt operations. Cyber risk assessment plays a vital role in identifying cyber threats and vulnerabilities that can be exploited to compromise cyber systems. Understanding the nature of cyber threats and their potential risks and impact is essential to improve the security and resilience of cyber systems, and to build systems that are secure by design and better prepared to detect and mitigate cyber attacks. A number of methodologies have been proposed to carry out these analyses. This paper evaluates and compares the application of three risk assessment methodologies: system theoretic process analysis (STPA-Sec), STRIDE and CORAS for identifying threats and vulnerabilities in a CyberShip system. We specifically selected these three methodologies because they identify threats not only at the component level, but also threats or hazards caused due to the interaction between components, resulting in sets of threats identified with each methodology and relevant differences. Moreover, STPA-Sec, which is a variant of the STPA, is widely used for safety and security analysis of cyber physical systems (CPS); CORAS offers a framework to perform cyber risk assessment in a top-down approach that aligns with STPA-Sec; and STRIDE (Spoofing, Tampering, Repudiation,Information disclosure, Denial of Service, Elevation of Privilege) considers threat at the component level as well as during the interaction that is similar to STPA-Sec. As a result of this analysis, this paper highlights the pros and cons of these methodologies, illustrates areas of special applicability, and suggests that their complementary use as threats identified through STRIDE can be used as an input to CORAS and STPA-Sec to make these methods more structured.
Unmanned autonomous cargo ships may change the maritime industry, but there are issues regarding reliability and maintenance of machinery equipment that are yet to be solved. This article examines the applicability of the Reliability Centred Maintenance (RCM) method for assessing maintenance needs and reliability issues on unmanned cargo ships. The analysis shows that the RCM method is generally applicable to the examination of reliability and maintenance issues on unmanned ships, but there are also important limitations. The RCM method lacks a systematic process for evaluating the effects of preventive versus corrective maintenance measures. The method also lacks a procedure to ensure that the effect of the length of the unmanned voyage in the development of potential failures in machinery systems is included. Amendments to the RCM method are proposed to address these limitations, and the amended method is used to analyse a machinery system for two operational situations: one where the vessel is conventionally manned and one where it is unmanned. There are minor differences in the probability of failures between manned and unmanned operation, but the major challenge relating to risk and reliability of unmanned cargo ships is the severely restricted possibilities for performing corrective maintenance actions at sea.
A conceptual design framework for collision and grounding analysis is proposed to evaluate the crashworthiness of double-hull structures. This work attempts to simplify the input parameters needed for the analysis, which can be considered as a step towards a design-oriented procedure against collision and grounding. Four typical collision and grounding scenarios are considered: (1) side structure struck by a bulbous bow, (2) side structure struck by a straight bow, (3) bottom raking, (4) bottom stranding. The analyses of these scenarios are based on statistical data of striking ship dimensions, velocities, collision angles and locations, as well as seabed shapes and sizes, grounding depth and location. The evaluation of the damage extent considers the 50- and 90-percentile values from the statistics of collision and grounding accidents. The external dynamics and internal mechanics are combined to analyse systematically the ship structural damage and energy absorption under accidental loadings.
A conceptual design framework for collision and grounding analysis is proposed to evaluate the crashworthiness of double-hull structures. This work attempts to simplify the input parameters needed for the analysis, which can be considered as a step towards a design-oriented procedure against collision and grounding. Four typical collision and grounding scenarios are considered: (1) side structure struck by a bulbous bow, (2) side structure struck by a straight bow, (3) bottom raking, (4) bottom stranding. The analyses of these scenarios are based on statistical data of striking ship dimensions, velocities, collision angles and locations, as well as seabed shapes and sizes, grounding depth and location. The evaluation of the damage extent considers the 50- and 90-percentile values from the statistics of collision and grounding accidents. The external dynamics and internal mechanics are combined to analyse systematically the ship structural damage and energy absorption under accidental loadings.
Highly reliable situation awareness is a main driver to enhance safety via autonomous technology in the marine industry. Groundings, ship collisions and collisions with bridges illustrate the need for enhanced safety. Authority for a computer to suggest actions or to take command, would be able to avoid some accidents where human misjudgement was a core reason. Autonomous situation awareness need be conducted with extreme confidence to let a computer algorithm take command. The anticipation of how a situation can develop is by far the most difficult step in situation awareness, and anticipation is the subject of this article. The IMO International Regulations for Preventing Collisions
at Sea (COLREGS), describe the regulatory behaviours of marine vessels relative to each other, and correct interpretation of situations is instrumental to safe navigation. Based on a breakdown of COLREGS rules, this article presents a framework to represent manoeuvring behaviours that are expected when all vessels obey the rules. The article shows how nested finite automata can segregate situation assessment from decision making and provide a testable and repeatable algorithm. The suggested method makes it possible to anticipate own ship and other vessels’ manoeuvring in a multi-vessel scenario. The framework is validated using scenarios from a full-mission simulator.
Highly reliable situation awareness is a main driver to enhance safety via autonomous technology in the marine industry. Groundings, ship collisions and collisions with bridges illustrate the need for enhanced safety. Authority for a computer to suggest actions or to take command, would be able to avoid some accidents where human misjudgement was a core reason. Autonomous situation awareness need be conducted with extreme confidence to let a computer algorithm take command. The anticipation of how a situation can develop is by far the most difficult step in situation awareness, and anticipation is the subject of this article. The IMO International Regulations for Preventing Collisions
at Sea (COLREGS), describe the regulatory behaviours of marine vessels relative to each other, and correct interpretation of situations is instrumental to safe navigation. Based on a breakdown of COLREGS rules, this article presents a framework to represent manoeuvring behaviours that are expected when all vessels obey the rules. The article shows how nested finite automata can segregate situation assessment from decision making and provide a testable and repeatable algorithm. The suggested method makes it possible to anticipate own ship and other vessels’ manoeuvring in a multi-vessel scenario. The framework is validated using scenarios from a full-mission simulator.
The sea ice in the Arctic has shrunk significantly in the last decades. The transport pattern has as a result partly changed with more traffic in remote areas. This change may influence on the risk pattern. The critical factors are harsh weather, ice conditions, remoteness and vulnerability of nature. In this paper, we look into the risk of accidents in Atlantic Arctic based on previous ship accidents and the changes in maritime activity. The risk has to be assessed to ensure a proper level of emergency response. The consequences of incidents depend on the incident type, scale and location. As accidents are rare, there are limited statistics available for Arctic maritime accidents. Hence, this study offers a qualitative analysis and an expert-based risk assessment. Implications for the emergency preparedness system of the Arctic region are discussed.
Autonomous surface vessels comprise complex automated systems with advanced onboard sensors. These help establish situation awareness and perform many of the complex tasks required for safe navigation. However, situations occur that require assistance by a human proxy. If not physically present on board, information digestion and sharing between human and machine become crucial to maintain safe operation. This paper addresses the co-design of on-board systems and a Remote Control Centre (RCC). Using the international regulations on watch-keeping (STCW) as a basis, the paper discuss how an autonomous system is designed to meet the STCW requirements. It is discussed how the autonomous system is made aware of the state of the vessel, its surroundings, on-board defects or navigational challenges and shared with the RCC in a collaborating system perspective.
Autonomous systems strive to obtain salient features that include computer intelligence for obtaining situation awareness, decision support to a human navigator, or for facilitating autonomous decision-making in unmanned vehicles. This paper considers the case of autonomous marine surface vehicles, where high-quality decision support will be instrumental for obtaining a periodically unattended bridge and for approval of unmanned bridge operation with fallback through remote operation. The proposed design focuses on a sovereign-based architecture that facilitates safety, resilience and cyber-security. We address central elements of risk in the development and approval of autonomous systems; we analyze the challenges associated with testing, commissioning and maintenance of a highly complex cyber-physical system, and describe design principles for the sovereign agents architecture.
Ship collision with offshore installations is one of the key concerns in design and assess of platforms performance and safety. This paper presents an analysis on collision energy and structural damage in ship and offshore platform collisions for various collision scenarios. The platform or rig is treated as either rigid or flexible and its sensitivity on collision energy and structural damage is studied. An application example where an ice-strengthened supply vessel collides against a jack-up rig is analysed and the crushing resistance of the involved thin-walled structures is evaluated.