The maritime industry stands at a critical juncture, where the imperative for technological advancement intersects with the pressing need for robust cybersecurity measures. Maritime cybersecurity refers to the protection of computer systems and digital assests within the maritime industry, as well as the broader network of interconnected components that make up the maritime ecosystem. In this survey, we aim to identify the significant domains of maritime cybersecurity and measure their effectiveness. We have provided an in-depth analysis of threats in key maritime systems, including AIS, GNSS, ECDIS, VDR, RADAR, VSAT, and GMDSS, while exploring real-world cyber incidents that have impacted the sector. A multi-dimensional taxonomy of maritime cyber attacks is presented, offering insights into threat actors, motivations, and impacts. We have also evaluated various security solutions, from integrated solutions to component specific solutions. Finally, we have shared open challenges and future solutions. In the supplementary section, we have presented definitions and vulnerabilities of vessel components that have discussed in this survey. By addressing all these critical issues with key interconnected aspects, this review aims to foster a more resilient maritime ecosystem.
翻译:海事行业正处于一个关键节点,技术进步的需求与强化网络安全措施的迫切性在此交汇。海事网络安全是指保护海事行业内的计算机系统和数字资产,以及构成海事生态系统的更广泛的互联组件网络。本综述旨在识别海事网络安全的重要领域并评估其有效性。我们对关键海事系统(包括AIS、GNSS、ECDIS、VDR、RADAR、VSAT和GMDSS)面临的威胁进行了深入分析,同时探讨了影响该领域的真实网络事件。本文提出了一个多维度的海事网络攻击分类法,深入剖析了威胁行为者、动机和影响。我们还评估了从集成解决方案到组件专用解决方案在内的多种安全措施。最后,我们分享了当前面临的开放性挑战与未来解决方案。在补充材料部分,我们提供了本综述所讨论的船舶组件的定义与脆弱性分析。通过从关键互联维度系统探讨这些核心问题,本综述旨在推动构建更具韧性的海事生态系统。