Maritime Cybersecurity

by: Gustavo García[1]*

Summary

I. Introduction. II. Definition and importance of Maritime Cybersecurity III. Scope and types of common threats/methods. IV. Organizations related to the subject. V. Brief review of cyberattacks reported in the maritime sector. VI. Regulation on the matter/The Mayflower Experiment (Artificial Intelligence). VII. Conclusions. Bibliographic References.

Keywords: Computer security, maritime cybersecurity, cyberattack, artificial intelligence, hackers, cybercrime, maritime sector, cyber risks.

I. Introduction

Since their remote origins back in the 60’s, Global data and information exchange, as well as communications management in general, are carried out through interconnected networks developed by connecting computers to each other.

The technological development achieved over the last thirty years, has led to the introduction and use of new communication platforms, with the Internet (Interconnected Networks) standing out as the largest interconnected network of computers worldwide. Through it, all kinds of information are shared under protocols called TCP/IP. This network, as explained by experts on the matter, should not be confused with the World Wide Web (WWW / the Web), which is a massive use protocol, whose function is to allow users to share and exchange certain types of information through the Internet.

Other services or protocols also make use of this globally interconnected network (transmission of other types of files, television, telephony, e-mail). Evidently, through this channel of network communications (Internet), millions of data are transmitted and exchanged for social, commercial, military and other purposes.

As a result, this virtual space or cyberspace is used by countless people, companies from different sectors (banking, transport, health, telecommunications, commerce) and governments to fulfill various purposes. One of the most important sectors, given its importance from the worldwide commercial standpoint, is the maritime sector.

In fact, cyberspace is exploited for various purposes and interests, often subject to the attack of intruders who seek to damage equipment or illegitimately obtain information.

In this article, we will elaborate on maritime cybersecurity, considering that for a wide range of actors of the sector, such as shipowners, port operators, insurance companies or P&I clubs and others, the use of cyberspace is crucial, and their activity remains exposed to different types of risks and attacks (such as those directed to the majority of users), particular cyberattacks for destruction purposes, or specific damages at an operational level or related to the protection of maritime transport or certain infrastructures.

Cybercrime is an antagonistic, growing reality that strengthens on the virtual space while affecting an ever increasing amount of users worldwide, every single day, in multiple ways; including companies or actors operating in the maritime sector.

In view of this, just like we remain on a permanent quest for security tools and protocols to prevent and counterattack traditional forms of crime in our ordinary lives; taking action and measures against this same phenomenon in cyberspace is of the essence.

Based on the above, we will elaborate further on the concept and importance of cybersecurity, placing particular emphasis on the maritime sector. We will discuss the scope and types of common threats, along with their corresponding risk identification. Last, a reference will be made to the International Maritime Organization (IMO) and other existing guidelines on the subject aimed to counteract cyber risks and attain the highest standards of safety and maritime security.

II.- Definition and importance of Maritime Cybersecurity

To establish a concept of maritime cybersecurity, let us first present the term in its primary or basic conception, taking into account the following definition:

«Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative».[2]

In this sense, cybersecurity, also called information technology security or computer security, aims to protect computer systems against unauthorized intervention or access, by applying «(…) technologies, processes and controls to protect systems, networks, programs, devices and data from cyber attacks».[3]

Technological progress breeds advantages and benefits to individuals and to business development. However, it also presents itself with risks and threats that are no longer part of science-fiction stories; they are real. Hence the importance of security for computer systems, considering that restoring information or reestablishing the conditions of a equipment or system, let alone the ordinary management of a company, regardless of the impact this may have in each case, is not always possible and implies -in many cases- an economic loss, very difficult to overcome most of the times.

Thus, protocols and systems devoted to computer security are not static and must be subject to constant development and update, considering that new forms or threats to deal with come to see the light on a constant basis.

In some cases, one of the consequences of computer crime is the affectation of the credibility or reputation of a business, which could lead to clients and users loss, or, by the very least, affect their confidence on their business operations. As an example, one of the biggest cyberattacks reported recently, was suffered by Yahoo in 2014, not so much because of the economic impact inflicted, but to the violation of sensitive information by hackers, who obtained access data to the accounts of at least five hundred million users (500,000,000). Evidently, this inflicted serious damage to the image of the company, which had to the deal with the loss of a number of users, who decided to opt out of its platform.

The Yahoo incident is only an instance of a well-known business, commercially and socially acclaimed as an e-mail and online service provider, stricken by this threat. However, at certain levels or scales, each sector, such as banking, telecommunications, healthcare, social network platforms such as twitter, or other sectors such as electricity, and of course, the maritime sector, also have related stories to tell that clearly expose the risks in this regard.

In contrast to others, widely-known cases of cyberattacks in the maritime sector there are not too many to count, probably due to protection measures taken for the sake image or reputation. Many companies, shipowners or other actors in maritime transport prefer not to disclose the facts or incidents they have become victims of, although every day there is a greater level of awareness and action in relation to this issue.

One of the most emblematic cyberattack events in the sector occurred in June 2017, when one of the largest, massive cyberattacks ever known in the industry was reported by Maerks, one of the biggest shipping companies worldwide, An event that affected thousands of companies and governments around the world, particularly in countries like the Netherlands, Spain, United Kingdom, France, Russia, Ukraine and others. It was ramsomware (which we will describe later), which encrypted or blocked machines, computers and other systems connected to the same network. The immediate action taken to unblock affected system, was to pay for a ransom in bitcoins.

One of the many victims of this attack -as previously referred – was Maerks, which was prevented from processing its orders related to dispatch, reception and logistics associated to thousands of containers, affecting its suppliers and consumers in a chain reaction. This caused, among other things, problems in several ports of discharge, to such an extent, that one day after the cyberattack (on June 28th, 2017), the company stated -as reported in several media- that: «Computer systems are off in several places and in different business units, we have contained the problem and are working on a recovery plan with key computer partners and global cybersecurity agencies».[4] (Free translation).

The most serious consequences of this attack, extended to Maerks, at least until the first two weeks of July of that year, due to the level of affectation to their volumes, which led to a loss estimation of a maximum amount of approximately two hundred and fifty six million euros (€-256,000,000.00) or about three hundred million dollars (USD-300,000,000.00)[5]. This example highlights, the importance of cybersecurity as a way of countering computer crime and its consequences.

To such end, and based on the Guidelines on Maritime Cyber Risks Management[6] issued by the International Maritime Organization (IMO), it is appropriate to state that maritime cybersecurity consists of the recent practice and handling of systems, procedures and/or computer tools, aiming to protect and minimize potential damage related to or derived from events (cybercrime) that may cause operational, security or safety failures or alterations to maritime transport, considering the digitalization, automation and integration of procedures and systems that serve this type of transport.

In particular, and according to the guidelines and instructions on the matter issued by the IMO and that will be discussed in detail later, maritime security would have as an objective; computer security related -among others- to: bridge systems, propulsion systems and management of machines and control, systems of verification and access control, services to passengers (cases of passenger ships and associated services), administrative systems and crew welfare, communication systems, handling and cargo systems (which, of course includes the ports, its handling, infrastructure control and associated services).

III. – Scope and types of common threats / methods

Computer security companies worldwide, as well as some government agencies, base their strategies on a list of the common categories or types of threats that orbit -in general- any type of user or sector that has some type of activity or presence in the cyberspace, including the maritime one. The following list serves as a reference of what kaspersky[7], a private cyber security company based in Russia and the United Kingdom, has listed in this regard:

1.- Malware: malicious software. It is one of the most common cyber threats. Malware is software developed with the aim of disrupting or causing damage to a legitimate user’s computer. It is transmitted through an unsolicited email attachment or otherwise apparently legitimate downloads. It is often used to demand amounts of money or for political purposes. The most common types of malware, include:

1.1.- Virus: a specific program intruding into clean files and spreading throughout the computer system, infecting those files with a certain malicious code.

1.2.- Trojans: a malware variant with the appearance of legitimate software, causing certain damage or collection data of possible interest to the cybercriminal once downloaded.

1.3.- Spyware: a program that secretly records user activity, without the user noticing it (at least for a while). It is generally aimed at capturing financial data (bank, credit card, transfer, among others).

1.4.- Ramsomware: this type of malware blocks user data, information and files, accompanied by threats of deletion, unless a ransom is paid. This is the type of malware referred to in section II of this paper, which affected the company Maerks in 2017, causing a loss close to three hundred million dollars (USD.- 300,000,000.00).

1.5.- Adware: advertising software, used as a means to spread or infect various types of malware.

1.6.- Botnets: refers to a group or networks of already infected computers belonging to a user, used by cybercriminals to carry out online tasks, for different purposes without the user’s permission.

2.- SQL code injection: an injection of this type of code (Structured Query Language) takes control of databases, commonly in the search for confidential information.

3.- Phishing: this could be considered a classic. It consists of attacking and sending potential victims e-mails with a legitimate appearance associated with companies, banks or others; requiring confidential information. If the user is successfully induced to share the required data, he becomes a victim of the crime, facing the consequences that cybercriminals may cause by obtaining and disposing of his data and information.

4.- “Man in the middle” attack: this is a technique for intercepting communication between two people or a user connected to the network and stealing their data. Usually, the cybercriminal achieves this when one or both users make use of “non-secure” wifi networks, as is common in airports or other spaces open to the general public.

5.- Denial of service attack: consists of preventing a computer system from responding to the requests or orders of a legitimate user, normally by overloading certain networks and/or servers. This can prevent an entity or organization from fulfilling its functions or activities, regardless the sector.

As already stated, the above represents a list of threats that cuts across all types of users, companies or other actors that make use of the cyberspace, work in networks, have remote access for the management and exchange of information, etc. There are other types of threats, risks and methods developed by cybercriminals, as evidenced by the latest events in this regard from December, 2019 to July, 2020 to financial, government and social network platforms, or those arising from the use of confinement, quarantine and teleworking measures as a result of COVID19 worldwide. However, for the purposes of this paper, and with the exception of other relevant references in the maritime sector, which will be presented below, we consider that the above list illustrates the overall picture of risks and methods used for harmful purposes in this context.

IV.- Organizations related to the subject

The awareness and need to take up the challenges of cybersecurity at at global level are growing. As a reference, the World Economic Forum -at its recent meetings- has identified cybercrime as one of the main risks and threats to the world economy. This has motivated countries to participate and share information related to threats in this area, and to contribute jointly to the fight and programming of cybersecurity standards.

The following government agencies and organizations are among the ones that are benchmark in this area and that have formulated standards and recommendations applicable across different types of sectors: (i) The National Institute of Standards and Technology (NIST), attached to the Department of Commerce of the United States of America; (ii) The National Cyber Security Centre (NCSC), of the Government of the United Kingdom; (iii) The Australian Cyber Security Centre (ACSC), which to date and since June, 2020 has been fighting a strong wave of cyberattacks on companies and entities of the Australian Government, presumably coming from and supported by another country, which they have not yet publicly pointed out, while they are carrying out their investigations; (iv) The European Network and Information Security Agency – ENISA, of the European Union; among others.

As far as the maritime sector is concerned, the International Maritime Organization (IMO), has also issued some guidelines on cybersecurity (as we will elaborate on later), aimed mainly at the actors involved in the sector, supporting on other organizations such as the Baltic and International Maritime Council (BIMCO); INTERTANKO and INTERCARGO.

Finally, as a reference in the following map, referred by the International Telecommunications Union (ITU), it is possible to observe the levels of commitment and progress by countries in cybersecurity (as of 2018 and without major changes at present); expressed in a range of colors from light blue (maximum commitment) to dark blue (low commitment). Venezuela could be considered at an intermediate level of commitment:

Imagen que contiene exterior, nieve, esquiando, hombre Descripción generada automáticamente

Source: International Telecommunication Union (ITU).[8]

V.- Brief review of reported cyberattacks in the maritime sector

Generally speaking, known cyberattacks have been directed at certain shipping companies or shipowners, port operators and ships / platforms. Some of these actions, have affected trade on a relevant scale (such as the case of Maerks -2017- referred to in chapter II of this article, which also affected third parties). Cases that could affect the environment, or safety and human life at sea, could also be identified or materialized.

In this respect, and on the basis of some research carried out, among others, by Crawford Crawford[9], it is possible to point out that, based on the technology involved, it has been detected:

(i) The violation of the navigation chart system -called ECDIS– which replaces the nautical charts that were once available on paper;

(ii) Remote interception of AIS, which is one of the communication systems from one ship or vessel to another, for the purpose of exchanging position-related data in order to avoid collisions. In this case, the practices carried out by safety companies have been highlighted, in order to demonstrate that it is possible at the level of -systems- to create “ghost ships” with a certain location, in order to be recognised as real and eventually cause other ships to change course;

(iii) GNSS / GPS navigation systems – global positioning, can also be subject to cyberattacks, and put at risk maritime transport and human life at sea, by affecting -among other things- the ship’s positioning system and data associated with electronic cartography. Some actual cases known in the industry, and also reported by Crawford [10] and other news or professional sources associated with the industry, are the following:

White Rose of Drax: although a test, in 2013, researchers from the University of Texas – Austin; demonstrated the possibility of taking control of a ship, remotely manipulating its GPS. The yacht White Rose of Drax, was sailing in the Mediterranean when, in a period of 30 minutes, false signals were transmitted from a GPS for civilian use, until they mastered the real signals of the GPS and the navigation system of the yacht. The captain and the crew on board tried to take some corrective actions, finally following by mistake the course set by the GPS by command of the hackers.

Maerks: We have referred in other sections of this article, the attack and damage caused to this shipping company by mid 2017, product of a global Ramsonware cyberattack. In addition, it should be noted that according to information shared by the Maerks Presidency in relation to this event, the company had to replace a total of forty-five thousand (45,000) computers and four thousand (4,000) servers.

IRISL: the largest shipping company in Iran, suffered a cyberattack in August, 2011. Cybercriminals managed to access the company’s servers remotely, affecting data related to rates, delivery dates and locations of thousands of containers, even causing the wrong delivery of cargo to the wrong destinations and ports.

Oil platforms: several incidents and events are known to have interrupted the operation and/or transfer of oil platforms from one point to another, such as the case in 2010 of a platform that was being transferred from South Korea to Brazil, and suffered at a certain point a strong inclination ordered by the “platform control systems” that were being remotely intervened. Those who were investigating the event, noticed this after nineteen (19) days of navigation.

Another computer attack, occurred to an oil platform during its construction process in 2012, and that suffered a heel of 17º, producing an accident that affected 89 workers and the support structure of the platform, producing important damages to the shipyard. This damage was the result of the control of the bombing systems by hackers.

Countries such as Australia and Spain, among others, have reported cyberattacks on their ports. Regarding the latter, an episode was reported by the Port Authority of Barcelona in September 2018, where the alteration of the schedule of delivery and reception of goods was notified, as a result of the intervention and action of computer criminals.

VI. – Regulation on the matter / Mayflower experience (Artificial Intelligence)

The safety of sea voyages and of maritime transport in general, is one of the commitments made by the International Maritime Organization (IMO). In this sense, and as expressed by Gabaldon:

«IMO conventions on maritime safety include a series of rules that, for the most part, are of technical nature, are very extensive and are generally arranged as Annexes (…). As a whole, they form a fairly precise and uniform set of international safety and pollution prevention regulations, which considerably facilitates the handling of inspections and controls at the global level».[11] (Free Translation).

In this respect, professor Gabaldon states that, due to their eminently detailed and technical nature, the rules contained in these agreements are subject to permanent updating and revision, as a result -among other things- of the conclusions of the investigation of accidents, as well as the continuous advance of science and technology[12]. (Free translation).

Thus, the International Convention for the Safety of Life at Sea (SOLAS/74/88), which originated as a result of the sinking of the Titanic in April, 1912, is considered, along with its corresponding amendments and updates, to be the most important international instrument or treaty in the field of maritime safety. It is a highly technical convention and includes requirements related to the construction, operation or associated equipment to ensure the safety of operations and human life at sea. In (1994), through the SOLAS amendment process, Chapter IX was incorporated as a mandatory part of the so-called International Safety Management (ISM) Code, which has the general objective of ensuring the safe operation and management of ships, as well as preventing pollution.

On the basis and purposes of the aforementioned ISM Code, the IMO Maritime Safety Committee (MSC), adopted Resolution MSC.428 (98) on June 16th, 2017; entitled Maritime Cyber Risk Management in Safety Management Systems, which, together with MSC-FAL.1/Circ.3, Guidelines on Maritime Cyber-Risk Management, constitutes guidelines for the management, prevention and definition of actions aimed at protecting maritime transport against the new cyber or computer threats that challenge the sector.

In effect, these instruments call on Governments, operators and owners of ships, shipping agents, equipment manufacturers, service providers, ports and port facilities, among other actors in the maritime sector, to work and speed up arrangements to safeguard maritime transport from current and emerging threats, to technological assets that could produce operational, security or safety failures in maritime transport by putting information or systems at risk.

In particular, the Guidelines on Maritime Cyber-Risk Management, do not limit the practice of cybersecurity that each entity or actor can implement to the IMO regulations themselves. On the contrary, it urges them to refer to any requirements that may be defined by the flag State administrations, and to any other standards or practices additional to those of the industry, which will enable them to implement or assume the risk management procedures they deem relevant.

The aim is therefore, to complement the classic safety and security management established by the IMO, considering that many of the vulnerable systems are interconnected or associated with a cybernetic network. The list -which serves as reference only – highlights as vulnerable systems, as we had anticipated: bridge systems, cargo handling and management systems, propulsion and machinery management and power control systems, access control systems, passenger service and management systems, passenger facing public networks, administrative and crew welfare systems; and communication systems.[13] This being said, on the basis of these guidelines and for the purposes of their guidelines:

«(…) cyber risk management means the process of identifying, analysing, assessing, and communicating a cyber-related risk and accepting, avoiding, transferring or mitigating it to an acceptable level, considering costs and benefits of actions taken to stakeholders».[14]

This instrument -IMO MSC-FAL.1/Circ.3- inspired or partly based on some guidelines contained in the critical infrastructure cybersecurity standards, issued by the United States National Institute of Standards and Technology (NIST), mentioned in Chapter IV of this paper; establishes the framework of main actions for risk management but adapted to the sector, namely:

«1. Identify: define personnel roles and responsibilities for cyber risk management and identify the systems, assets, data and capabilities that, when disrupted, pose risks to ship operations.
2. Protect: implement risk control processes and measures, and contingency planning to protect against a cyber event and ensure continuity of shipping operations.
3. Detect: Develop and implement activities to detect a cyber-event in a timely manner.
4. Respond: Develop and implement activities and plans to provide and restore systems necessary for shipping operations or services impaired due to a cyber-event.
5. Recover. Identify measures to back-up and restore cyber systems necessary for shipping operations impacted by a cyber-event»[15]

These guidelines should be expanded and developed by much more detailed measures, some of which may become confidential for obvious reasons. Thus, MSC-FAL.1/Circ.3 states that among the additional rules and guidelines to be followed are:

(i) The Guidelines on Cybersecurity Onboard Ships, produced and supported by: BIMCO, the Cruise Lines International Association (CLIA); ICS, INTERCARGO, INTERTANKO, OCIMF, IUMI;

(ii) Standard ISO/IEC 27001: Information technology – Security techniques – Information security management systems – Requirements, published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is important to note that this ISO standard has been constantly updated and improved since 2017, so the recommendation is to check the applicable version when consulting or having it as a working tool. The verification of the current versions of the instruments suggested by the IMO is also supported by these guidelines.

(iii) And the NIST Cybersecurity Framework of the National Institute of Standards and Technology (NIST) of the United States, already referred.

Finally, it is essential to point out that, based on Point 2 of Resolution MSC.428 (98), the first annual verification that will be carried out to validate compliance with the guidelines and standards referring to cyber risk management, on a mandatory basis, will be as of January 1st, 2021.

The Mayflower Experiment:

The management of the risks in the maritime sector has been historically centered in operations of material or physical contour, nevertheless, we have evidenced that the automation, digitalization and integration of systems handled in network and interconnected between them and/or handled or controlled through protocols that make total or partial use of the cyberspace, is every day greater, which justifies the necessity to implement efficient measures of cybersecurity in the maritime sector.

To illustrate such reality, the efforts made by the IMO and some private companies -especially- during the last two 2 years to evaluate, define and determine everything related to the navigation of vessels or unmanned ships, among which the so-called “Autonomous Ships” or MASS (Marine Autonomous Surface Ship) stand out, conceived basically to navigate without depending on human interaction (or otherwise diminished to the maximum level), controlled by programs and systems of artificial intelligence that manage through previously established algorithms any action to take, including incidents or eventualities produced during a voyage or trip.

In this respect, and not being the objective of this essay to extend the related to this topic, let’s consider -at least- that there is a classification or degree of greater or lesser autonomy for navigation, which will decrease in a certain scale, the participation and interaction of crew or human presence on board. What is relevant is to highlight the leading role of technology and the intervention of cybernetic processes that could be violated in these cases, with serious consequences.

In this context, although at the risk of suspending or modifying the date, due to the global situation resulting from the COVID19; it is scheduled for September, 2020 that the first ship, without a human crew and controlled by Artificial Intelligence (AI), will cross the Atlantic, on a route that will evoke the four hundredth anniversary of the legendary voyage of the ancient Mayflower, which in 1620 transported, from the Port of Plymouth, United Kingdom, the first British to arrive on the coast of Massachusetts, in the United States of America.

That mythical journey lasted sixty (60) days. The new Mayflower, captained and directed -as we refer- by a system of Artificial Intelligence, would make this same route in about twelve (12) days and at a maximum speed of 20 knots (36 kilometers) per hour. In fact, this is an experimental project developed by engineers from IBM and a marine research organization, called ProMare, who have set out to use AI and cloud related technology, as well as others associated with networks, to achieve the highest possible degree of autonomy, overcoming the limits and functions of autonomous ships, which today depend -still- to a large extent on human controls.

It is clear that this experimental journey will help understand further the development of Artificial Intelligence in real navigation situations, which could include, depending on the circumstances, potential or real dangers on which a set of decisions will have to be taken. Sometimes, the system on board will not have any type of satellite connection and will depend exclusively on data, programming or decisions that AI manages to make or decipher, in its condition of “captain” (although this is a concept to be defined and regulated in greater detail, in this context).

The relevance of this experiment, for the purposes of this article, is to point out that -in addition to the tasks and other experiments that the Mayflower will carry out- related to marine pollution, the operation of AI in these environments, the handling of the ship’s critical systems, among others; this trip will be used to install some modules and protocols of maritime cybersecurity (of which, no further details are known), which will test the character of inviolability or reduction of cyber risks, which could represent a danger for the safety of the ship in these cases. This will, of course, result in the improvement of existing cybersecurity measures in the sector.

VII. – Conclusions

  • The advancement of technology in recent years has facilitated communication and development of our lives in different areas, including government, business, among others.
  • The use of virtual space or cyberspace and/or any other system of interconnected networks, which contain features for the transmission of data, information, orders or other processes, are constantly under risk and cyber threats, which -annually- materialize in effective cyberattacks, which cause significant economic losses, damage to the image or reputation, and other types of damage to governments and businesses in different sectors.
  • Some actors in the maritime sector, have been victims of serious cybercrimes at the global level and are permanently exposed.
  • Important organizations specialized in cyber security, both public and private, are improving and developing new action frameworks and protocols to reduce potential cyberattacks.
  • The International Maritime Organization (IMO); has developed in recent years, guidelines and directives related to the management of cyber risks applicable to different actors of the maritime sector. As of January 1st, 2021, it will begin the verification phase of mandatory compliance with these guidelines.
  • The guidelines issued by the IMO must be extended by the cybersecurity protocols of the flag States themselves, and by the regulations issued by BIMCO, CLIA, ICS, OCIMF, IUMI, INTERCARGO, INTERTANKO and by the Framework for Improving Critical Infrastructure Cybersecurity by the National Institute of Standards and Technology (NIST), attached to the Department of Commerce of the United States of America.
  • The knowledge, preparation and awareness at different levels on cybersecurity, is the first step for the protection of processes, data, information and actions that we exercise daily, individually and collective, in different contexts. Every day, we will be facing greater challenges in this silent but powerful battle, and we must be prepared to counter it.

Bibliographic References

Publication in the printed media:

Gabaldón, J., (2012). Derecho Marítimo Internacional público y privado y contratos internacionales. Madrid, Spain: Marcial Pons.

Publications in Electronic Media:

Crawford, J. Ciberataque al Transporte Marítimo, [Online Document], Available on: https://revistamarina.cl/revistas/2019/3/jcrawfordc.pdf [Consulted: July 21st, 2020].

Guidelines on Maritime Cyber Risk Management (2017), MSC-FAL.1/Circ.3. International Maritime Organization (IMO), [Online Document], Available at:http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Documents/MSC-FAL.1-Circ.3%20-%20Guidelines%20On%20Maritime%20Cyber%20Risk%20Management%20(Secretariat).pdf [Consulted: July 17th, 2020].

Maritime Cyber Risk Management in Safety Management Systems (2017), Resolution MSC.428(98). International Maritime Organization (IMO), [Document Online], Available at: http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Documents/Resolution%20MSC.428(98).pdf [Consulted: July 17th, 2020].

Global Cybersecurity Index (2018). International Telecommunication Union (ITU), [Online Transcript], Available at: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf [Consulted: July 21st, 2020].

La naviera danesa Maersk contínua afectada de forma parcial por el ciberataque (2017). Agencia EFE. [Online artile], Available on en:https://www.efe.com/efe/espana/portada/la-naviera-danesa-m-rsk-continua-afectada-de-forma-parcial-por-el-ciberataque/10010-3310015 [Consulted: July 23rd, 2020].

Maersk calcula que el ciberataque le costó entre 171 y 256 millones de euros (2017). El País. [Online], Available on:https://elpais.com/economia/2017/08/16/actualidad/1502901718_899223.html [Consulted: July 23rd, 2020].

What is Cybersecurity, [Online Transcript], Available on: https://latam.kaspersky.com/resource-center/definitions/what-is-cyber-security [Consulted: July 22nd, 2020].

What is Cybersecurity? Definition and Best Practices, [Online Transcript], Available on: https://www.itgovernance.co.uk/what-is-cybersecurity [Consulted: July 20th, 2020].

What is Cybersecurity? [Online Transcript], available on: https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html [Consulted: July 20th, 2020].

  1. * Attorney-at-law, specialized in International Maritime & Commercial Law. Partner of SOV Consultores S.C., Caracas – Venezuela / August 3rd, 2020.

  2. What is Cybersecurity?, [Online Transcription], Available on: https://www.cisco.com/c/en/us/products/security/what-is-cybersecurity.html

  3. What is Cybersecurity? Definition and Best Practices, [Online Transcription], Available on: https://www.itgovernance.co.uk/what-is-cybersecurity

  4. La naviera danesa Maersk contínúa afectada de forma parcial por el ciberataque (June 28th, 2017). Agencia EFE. [Online Transcription], Available on: https://www.efe.com/efe/espana/portada/la-naviera-danesa-m-rsk-continua-afectada-de-forma-parcial-por-el-ciberataque/10010-3310015

  5. Maersk calcula que el ciberataque le costó entre 171 y 256 millones de euros (August, 16th, 2017). El País. [Online Transcription], Available on:https://elpais.com/economia/2017/08/16/actualidad/1502901718_899223.html

  6. Guidelines on Maritime Cyber Risks Management, MSC-FAL.1/Circ.3. International Maritime Organization (IMO), [Online Document], Available on: http://www.imo.org/es/OurWork/Security/Guide_to_Maritime_Security/Documents/MSC-FAL.1-Circ.3%20-%20Directrices%20Sobre%20La%20Gestión%20De%20.pdf

  7. ¿Qué es la ciberseguridad?, [Online Transcription], Available on: https://latam.kaspersky.com/resource-center/definitions/what-is-cyber-security

  8. Global Cybersecurity Index (2018). International Telecommunication Union (ITU), [Online Transcription], Available on: https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2018-PDF-E.pdf

  9. Crawford, J. Ciberataque al Transporte Marítimo (…), 17-18, [Online Transcription], Available on: https://revistamarina.cl/revistas/2019/3/jcrawfordc.pdf

  10. Ibidem, 19,20.

  11. Gabaldón, J., (2012). Derecho Marítimo Internacional público y privado y contratos marítimos internacionales, 116. Madrid, Spain: Marcial Pons.

  12. Idem.

  13. Guidelines on Maritime Cyber Risk Management, MSC-FAL.1/Circ.3. Referred document, 2.1.1

  14. Ibidem, 3.1.

  15. Ibidem, 3.5.