Maritime Cyber Risk Management Process: Case for American Liquefied Gas Carrier

Abstract

The entwinement of shipboard traditional and cyber assets and the unique and potentially severe hazards of a liquefied gas carrier necessitate the need of the robust implementation of a shipboard cyber risk management process. Academic research on maritime cyber risk management lack an empirical research on a shipboard system in operation and a broader coverage of regulatory and commercial insights in formulating such process. This thesis aims to propose a shipboard cyber risk management process with broader technological, regulatory, and commercial perspectives in the maritime transportation of liquefied gas cargo. Case study methodology is applied to describe the formulation and implementation of a shipboard cyber risk management process. Interpretive data collection is conducted to identify and review key stakeholders on the cyber risk management of American liquefied gas carriers and their relevant resources. A baseline of references is proposed to formulate a shipboard cyber risk management process. For this purpose, the cyberspace and vulnerabilities of the maritime industry is reviewed to identify considerations originating from a cyber environment, the maritime industry, and a vessel. Case study was conducted by reviewing documents and observing a cargo handling system commissioned on a liquefied petroleum gas carrier in operation. Asset-based risk assessment is conducted to determine quantitative risk impact value of and cyber threats to critical equipment. The study demonstrates how the integration of traditional and cyber assets in a cargo handling system introduce cyber threats and aggravate physical threats. Results demonstrates how existing company and shipboard practices can be enhanced to improve shipboard cyber resilience.