YYÜ GCRIS Basic veritabanının içerik oluşturulması ve kurulumu Research Ecosystems (https://www.researchecosystems.com) tarafından devam etmektedir. Bu süreçte gördüğünüz verilerde eksikler olabilir.

Browsing by Author "Bolat, Pelin"

Filter results by typing the first few letters
Now showing 1 - 3 of 3
  • Thumbnail Image
    Article
    Cybersecurity Risk Assessment of Vdr
    (Cambridge Univ Press, 2023) Soner, Omer; Kayisoglu, Gizem; Bolat, Pelin; Tam, Kimberly
    The voyage data recorder (VDR) is a data recording system that aims to provide all navigational, positional, communicational, sensor, control and command information for data-driven investigation of accidents onboard ships. Due to the increasing dependence on interconnected networks, cybersecurity threats are one of the most severe issues and critical problems when it comes to safeguarding sensitive information and assets. Cybersecurity issues are extremely important for the VDR, considering that modern VDRs may have internet connections for data transfer, network links to the ship's critical systems and the capacity to record potentially sensitive data. Thus, this research adopted failure modes and effects analysis (FMEA) to perform a cybersecurity risk assessment of a VDR in order to identify cyber vulnerabilities and specific cyberattacks that might be launched against the VDR. The findings of the study indicate certain cyberattacks (false information, command injection, viruses) as well as specific VDR components (data acquisition unit (DAU), remote access, playback software) that required special attention. Accordingly, preventative and control measures to improve VDR cybersecurity have been discussed in detail. This research makes a contribution significantly to the improvement of ship safety management systems, particularly in terms of cybersecurity.
  • Thumbnail Image
    Article
    An Investigation of Ransomware Incidents in the Maritime Industry: Exploring the Key Risk Factors
    (Sage Publications Ltd, 2024) Soner, Omer; Kayisoglu, Gizem; Bolat, Pelin; Tam, Kimberly
    Ransomware is a subset of malicious cyberattacks that aim to hold an organization's data or critical infrastructure at ransom, compromising or blocking access. If the attack is public or made public after the initial attack, it can also severely jeopardize an organization's reputation. Given the direct and immediate impact ransomware attacks can have and the lack of in-depth sharing, additional research is needed to analyze ransomware incidents in order to understand the underlying causes of incidents in addition to the detection and prevention methods. In this paper, 22 public ransomware incidents within the marine industry have been investigated to determine their causal factors and commonalities. To investigate causal factors, DEMATEL (Decision Making Trial and Evaluation Laboratory) and a fuzzy set are used in order to enable an organization to better adhere to operational requirements and cyber risk management strategies to increase cyber resilience against ransomware incidents. The study's findings highlight the fact that network layer cyber security mitigations, strategies for securely utilizing RDP (Remote Desktop Protocol) protocols, and investments in operating systems (OS) and software security are essential components of preventing future ransomware incidents. This study concludes by suggesting several suitable control and preventative measures to improve system safety.
  • Thumbnail Image
    Article
    Risk Sensitivity Analysis of Ais Cyber Security Through Maritime Cyber Regulatory Frameworks
    (Elsevier Sci Ltd, 2024) Soner, Omer; Kayisoglu, Gizem; Bolat, Pelin; Tam, Kimberly
    Given the increasing frequency and sophistication of methods and strategies employed in cyberattacks, cyber resilience has become a basic notion of cyber risk management. To be cyber-resilient against cyber risks, shipping companies must be proactive in establishing and implementing actions, constructing effective strategies, and adopting mitigation methods to strengthen their assets. However, shipping companies have only lately tended to fully recognize the necessity for a cybersecurity perspective to enable effective cyber risk management and mitigation of increasing cyberattacks. Aside from deficiencies in system design, integration, or maintenance, human factors are the prime weakness that potentially jeopardizes the ship's cybersecurity by simply making intentional or unintentional errors, revealing critical information, or generating entry points for attackers. Therefore, the current study aims to conduct a quantitative human risk assessment based on the SOHRA method, which is integrated with the NIST cybersecurity framework, to provide ships with the ability to be cyber resilient, and respond to and recover from cyber-attacks. The AIS has been considered for the research application not only because it is one of the most vulnerable systems on board a ship, but also because modifying and breaching the AIS data might have disastrous outcomes. The study results clearly indicate that the most likely error related to AIS cybersecurity risk occurs in the tasks defined under the "protect", "respond", "detect", "identify", and "recover" functions. Accordingly, suitable control and preventative measures have been developed to guarantee high-level cyber security for AIS and to provide cyber resilience and the structure for constructive decision-making by integrating various international standards, which include system security requirements and security levels for industrial communication networks, specifically with the IACS and NIST framework for the AIS cyber security.