Exploring CyberShip vulnerabilities through a Systems theoretic process approach

Daniel Alberto Sepúlveda Estay*, Rishikesh Sahay, Weizhi Meng, Christian D. Jensen, Michael Bruhn Barfod

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review


The widespread adoption of software-intensive IT systems in ships has brought huge benefits, yet it also has offered new avenues for malicious cyber attacks to potentially disrupt shipping operations. It follows that a focus on the security and resilience properties of IT-enabled ship systems (CyberShip) to understand cyber threats and their potential risks, can result in a system design that is better prepared to detect and react to these attacks. This paper explores the vulnerabilities that can be exploited, beyond component failure, by understanding the interaction between the components in a ship, through the use of the system theoretic process analysis (STPA) method, which considers both physical and cyber components. From this analysis, two main advantages of STPA are highlighted. First, STPA uncovers more hazardous situations at the design level. Second, STPA analysis results in design recommendations to secure shipping system against cyber attacks, and independent of the source of the attacks, by focusing on system structure.
Original languageEnglish
JournalInternational Journal of Reliability, Quality & Safety Engineering
Publication statusAccepted/In press - 2020

Bibliographical note

Submitted to the Journal of Reliability Engineering & System Safety, currently under review.

Cite this