Cyber Security in the Maritime Industry: A Systematic Survey of Recent Advances and Future Trends

: The paper presents a classiﬁcation of cyber attacks within the context of the state of the art in the maritime industry. A systematic categorization of vessel components has been conducted, complemented by an analysis of key services delivered within ports. The vulnerabilities of the Global Navigation Satellite System (GNSS) have been given particular consideration since it is a critical subcategory of many maritime infrastructures and, consequently, a target for cyber attacks. Recent research conﬁrms that the dramatic proliferation of cyber crimes is fueled by increased levels of integration of new enabling technologies, such as IoT and Big Data. The trend to greater systems integration is, however, compelling, yielding signiﬁcant business value by facilitating the operation of autonomous vessels, greater exploitation of smart ports, a reduction in the level of manpower and a marked improvement in fuel consumption and efﬁciency of services. Finally, practical challenges and future research trends have been highlighted.


Introduction
Maritime transportation is central to the economic sustainability of many regions throughout the world. The growth in global population, improvements in living standards and investment and elimination of trade barriers all contribute to driving an ever-increasing reliance on the industry. In geographies with navigable rivers or comprising a cluster of islands, maritime transportation is the spine to both domestic and international trading. Moreover, in markets that demand sustainable development, low cost, efficiency and, recently of growing importance, ecofriendly operations, the maritime sector is responsible for 90% of the transportation of all goods [1,2]. Recent developments in the Internet of Things (IoT), Big Data and Artificial Intelligence have enabled the migration to more digitalised maritime infrastructures and, consequently, have necessitated a renewed assessment of the cyber-security provision [3]. Furthermore, connectivity and reliance on intelligent devices play a pivotal role in motivating cyber criminality such as social engineering, identity theft and spam emails. The protection of the integrity of next generation maritime infrastructures is a pressing need [4][5][6][7].
Connectivity through navigation systems such as Automatic Identification System (AIS, see Abbreviations), Global Navigation Satellite System (GNSS) and Radio Detection and Ranging (RADAR) impacts negatively on the security level of infrastructures. Moreover, shipping companies have been subjected to highly complex and new classes of cyber attacks targeting in-port information systems and inflicting damage on on-vessel core equipment [8,9]. The reliance on the Internet, operating with unprotected computers, and the fact that crews do not receive appropriate security training increase further the probability of a successful cyber breach. There is clear evidence that the absence of structured security awareness training for employees across the supply chain is a major source of vulnerabilities; as a result, hackers can use classical approaches such as spam emails or Denial-of-Service (DoS) attacks to achieve successful breaches [10,11]. A security plan providing recommendations to protect the maritime supply chain and a co-coordinated strategy with international marine organizations is a near-term necessity [12]. The update of software through removable media increases the risk of stealing identities and in-port data and the sharing of information in real time using new technologies-such as IoT-exacerbates the risk due to insecure network services or weak authentication.
The paper presents a comprehensive review of cyber-security frameworks and provides a classification of cyber-attacks within the maritime industry. A description of onvessel equipment/functionalities and in-port services provides the reference against which a classification of the vulnerabilities in both operational environments is carried out, in turn informing on the optimum strategies to enhance existing cyber security protection. The remainder of the paper is organised as follows. Section 2 details the methodology applied to execute a review of the state of the art; Section 3 presents a summary of literature review of cyber security in the maritime industry. Section 4 provides a rigorous assessment of the vulnerabilities within on-vessel systems and in-port services while Section 5 classifies the spectrum of cyber-attacks. Section 6 focuses on the role and impact of the deployment of new technologies both on-ship and in-port. Section 7 elaborates on the evolution towards an extensively digitised maritime industry and the impact on cyber security provision. Conclusions are drawn in Section 8.

Methodology
The methodology by which the review has been executed is founded in reference to published literature enabling a mapping of the state-of-the-art methods and analysis, interpretation and implications of cyber security within the maritime industry.

Papers Selection
The review of the literature followed the guidance presented in [13][14][15] comprising the following phases:

1.
Review: The principal question underpinning the literature review was "what is the impact of cyber-crimes on maritime infrastructures"; 2.
Search: The search is based on journal papers, conference papers, official websites and published reports (Figure 1a). Table 1 shows a summary of significant recent survey papers on the maritime industry. Documents were selected depending on the number of citations and/or relevance, and the sources are the following scientific databases: Science Direct, Springer and IEEE. The keywords used in the search were as follows: • "Maritime"; • "Cyber-attack" + "Maritime"; • "Cyber-attack" + "Port." Figure 2 illustrates the growth in the number of published papers whilst Figure 1b shows that the bulk of the papers that met the selection criteria were published between 2015 and 2020. A classification of cyber-attacks reported on maritime infrastructures is presented in the next section to ease the evaluation of their impact(s). 3.
The report on key findings is segmented as follows: • Classification of on-vessel core equipment/systems; • In-port architectures and services; • Classification of cyber attacks; • The impact of new technologies. Table 1. Summary of significant recent survey papers on vessels/maritime industry.

Index Title
Year Comments Ref.

1.
Collision-avoidance navigation systems for Maritime Autonomous Surface Ships: A state-of-the-art survey 2021 Overview of existing and future collision-avoidance navigation technologies.
The impact of COVID-19 pandemic: A review on maritime sectors in Malaysia 2021 This paper reviews the impact of COVID-19 pandemic on maritime sectors, specifically shipping, fisheries, maritime tourism and oil and gas sector. [17] 3.
C-Ports: A proposal for a comprehensive standardization and implementation plan of digital services offered by the "Port of the Future"

2022
A classification of C-Port services is proposed in the domains of vessel navigation, e-freight, mobility and sustainable growth strategies. [18]

4.
Ports' technical and operational measures to reduce greenhouse gas emission and improve energy efficiency: A review 2020 Review of port technical and operational measures to reduce GHG emissions. [19] 5. Decarbonisation of seaports: A review and directions for future research 2021 The paper provides a critical review of existing technologies and concepts that promote and contribute to the decarbonisation of seaports, including Smart Grids and Virtual Power Plants. [20] 6.
Evaluating cybersecurity risks in the maritime industry: a literature review 2019 This research paper identifies three maritime cyber threats, including the lack of training and experts, the use of outdated system and the risk of being hacker's target. [21] 7. Cybersecurity in ports: A conceptual approach 2017 The study is a conceptual analysis built upon a comprehensive literature review. The results show that regardless of the growing awareness of the issue, much work needs to be performed in order to mitigate cyberthreats in ports. [22] 8. Industry 4.0 in the port and maritime industry: A literature review 2020 The article reviews the state of the art on new emerging technologies, summarizing how ports and terminals are deploying specific projects in the new era of smart ports and Ports 4.0. [23] 9.
Cybersecurity in logistics and supply chain management: An overview and future research directions

2021
This paper reviews studies on measures that enhance cybersecurity in logistics and supply chain management. [24] 10. Cyber Risk Perception in the Maritime Domain: A Systematic Literature Review 2021 This paper aims to present an approach to investigate cyber risk perception with use of recognized psychological models and to provide an overview of state-of-the-art research within the field of cyber risk perception in general and in the context of the maritime domain. [25] 11. This paper reviews current events and introduces an exercise where participants at a NATO Centre of Excellency were shown scenarios involving maritime cyber incidents and evaluated cyber risk perception. [27] 13.
Big data and artificial intelligence in the maritime industry: a bibliometric review and future research directions 2020 This study provides a bibliometric review of 279 studies on the applications of Big data and artificial intelligence (AI) in the maritime industry. [28] 14.
Autonomous technologies in short sea shipping: trends, feasibility and implications 2019 This paper is a comprehensive literature review on the issues faced by the short sea shipping (SSS) industry. A model is developed to explore potential savings of removing crew and use of autonomous technologies. [29] 15. Innovation and maritime transport: A systematic review 2020 This paper performs a systematic review aiming to understand recent innovation studies in the maritime sector. [29]

A Conceptual Review of Cyber-Operations for the Royal Navy 2018
This paper discusses the nature of the threats faced by national-security institutions and the doctrinal factors that policy makers must consider. [30] 17. Internet of Ships: A Survey on Architectures, Emerging Applications, and Challenges 2020 A comprehensive survey of the IoS paradigm, its architecture, its key elements and its main characteristics. Furthermore, a review of the state of the art for its emerging applications is presented. [31] 18.

Marine Vision-Based Situational Awareness
Using Discriminative Deep Learning: A Survey

2021
The paper summarizes the progress made in four aspects of current research: full scene parsing of an image, target vessel re-identification, target vessel tracking and multimodal data fusion with data from visual sensors. [32] 19. The paper introduces a descriptive approach for understanding Maritime 4.0. [33] 20.
Cybersecurity and Safety Co-Engineering of Cyberphysical Systems-A Comprehensive Survey 2020 The paper provides a comprehensive survey of safety and cyber security co-engineering methods. [34]

Cyber-Attacks within the Maritime Industry
Reported cyber-attacks were collated and classified from published information and/or the declarations of stakeholders within the industry. Table 2 is a summary of cyber-attacks covering a period of ten years. Clearly evident is the increase in the number of cyber attacks and the lack of consistency in security practices across the sector. A statistical study-based on a system-of-system analysis between the period of October 2017 and February 2019-carried out by the Chatham House Cyber-Security Group [35] of the Royal Institute of International Affairs identified the essential systems both on-ship and in-port that require cyber-attack protection due to their respective vulnerabilities. The findings showed that the number of vulnerable components in-port is higher than on-ship. 3. Malware attack 10 April 2020 Mediterranean Shipping Company (MSC): For security issues servers of MSC were closed down to protect the data of the company, and, as a result, the website of the company was taken down. The attack disturbed only internal data processes. [38]

4.
Malware attack 8 July 2019 The attack targeted a U.S. vessel, causing critical credential mining. The Coast Guard and the FBI reported that the lack of security strategies on the vessel was the main reason for such an attack. It has been noticed that all crew on the vessel shared the same login and password of the vessel's computer. Moreover, the use of external devices facilitated the task of the hacker. Another critical mistake is the lack of antivirus. [39]

Aim and Objectives
The paper presents the consequences of cyber attacks within the maritime industry through a mapping of current cyber-security provisions on vessels and in ports. A classification of cyber attacks and a mapping of components and services with associated vulnerabilities both on vessel and in port are provided. The major contributions of the paper are as follows: 1.
Mapping of on-vessel core equipment/systems and in-port services; 2.
Evaluation of cyber attacks; 3.
Definition of solutions that mitigate the impact of cyber attacks; 4.
Future cyber-security trends.

Literature Review
The role of the maritime industry in the transportation sector is currently receiving increased attention ( [52,53]) owing to its growing economic importance. However the quest to optimise the efficiencies of industry practices within the sector has motivated migration to increasing levels of digitilisation of operations and infrastructures which in turn has resulted in the proliferation of cyber security challenges ( [6,54,55]). There is clear evidence that a deep knowledge of skills, strategies and objectives of cyber criminals is a fundamental strand in the goal of establishing secure infrastructures; confidentiality, integrity and availability of sensitive data remain essential targets for hackers. The accepted framework that enables the identification and surfaces routes to the exploitation of system vulnerabilities harnesses attack vectors. A recent example is a model-based tool [56] observed as a three-dimensional matrix, decomposing the problem with different variables such as "attacker" and "target", identified and quantified maritime cyber-risks. The target application for the development was to facilitate increases in the levels of maritime-cyber awareness and informing the most appropriate decision making. Another example is the MAritime Threat INtelligence FRAMEwork (MAINFRAME) [57] established to aid the collection of threat intelligence and analysis in maritime ecosystems.
The identification of potential in-port cyber threats has also been the subject of significance driven by the interests of governments of the world. A study centered on Colombian ports [58] to identify cyber threats and to carry out a comparison with respect to International Maritime Organization (IMO) recommendations observed a lack of a security plan with enabled easy access to and unauthorized intrusions of on-vessel information systems. Another study [59] based on data collated during two industry workshops from two targeted groups in the sector (one in Europe and the second in Asia) revealed that cyber security is perceived differently between geographies. An insufficiency of protocol and associated tools for the identification of intrusions was demonstrated [60]. The Office of the Chief of Naval Operations (OPNAV), which provides security policies for the US Navy, proposed a limit to the use of portable storage devices and cellular phones to avoid potential cyber attacks [61]. A framework describing guidelines to determine the risk of infrastructure in order to improve security strategies following using IEC 63154 standard was reported in [62]. The framework is founded on scanning the shipboard Electronic Chart Display and Information System (ECDIS) using the data gathered from sensors. Results of tests on the Wärtsilä NaviSailor 4000 ECDIS revealed a relationship between the web server and medium vulnerabilities, reinforcing that obsolete versions of software represent a high risk, allowing hackers to execute DoS attacks. The study confirmed the importance of cyber testing within security policies. The classification of hackers by expertise (high, medium and low) or by skills and motivations based on NIST SP800-30 [63] was reported in [64][65][66][67]. A defence strategy using mathematical models that identify attacks and guide the selection of the most appropriate training method is detailed in [68].
The Cyber Security National Security Action Plan (CNAP) [69] describes the strategy of the US Government to reduce the risks of cyber crimes on critical infrastructures, comprising solutions to improve cyber protection in the transportation sector. The use of new technologies in Ship Information System (SIS) implementations [70][71][72][73][74]) such as the IoT, artificial intelligence and machine learning increases the scope of vulnerabilities and, as a result, entice hackers to invoke new attack classes. As a consequence, these evolving threats have stimulated the extensive development of mathematical models of ship architecture as a foundation for an accurate simulation environment that can predict cyber attacks [75]. Another consideration is the impact of global events on cyber security, and the most striking recent example brings the outbreak of the COVID-19 pandemic; a dramatic increase in cyber attacks on the maritime industry has been reported [76,77] since February 2020 with cyber criminals targeting home computers by using ransomware and phishing emails.

The Maritime Infrastructure
The maritime infrastructure can be represented by two essential platforms: on vessel and in port ( [78,79]). Descriptions of each platform, the connections between components and the relationship between services are presented in Figure 3.

On-Vessel Architectures and Services
New technologies and smart communication devices have and will continue to promote advances within the industry. Enhancing vessel design and functionality by using new technologies results in increases in operational efficiencies, the levels of safety and improves the quality of service to customers. As shown in Figure 4, on-vessel infrastructure can be segmented into two systems: electro-mechanical and communications. The former comprises elements related to the engines/power-the safety of which depends on human observation and preventive maintenance-whilst the latter enables exchange of information between port and vessel to facilitate the execution of critical stages of processes within the industry.

The Bridge
Alarm system Tank level measuring system  Table 3 presents a classification of on-vessel electro-mechanical and electronic components/systems segmented into three groups, power, security and control, and the latter ensures coordination between key function of the vessel.

A. Power Management System (PMS):
The primary function of the PMS is to automatically control the diesel generator ensuring optimal performance and power consumption ( [80,81]). The stability of on-vessel generators is implemented by using optimal equal load divisions based on real-time information from monitoring and analysis of the load, choosing the optimal operational settings under particular conditions [75]. B. Engine: The selection of the most appropriate engine depends on the size and the type of vessel. Diesel turbines are the most popular, transforming thermal into mechanical power [82], and other usages include wind, nuclear and solar energy [83] depending on the weather condition and the duration of available sunshine. Hybrid diesel/electric engines are used on some vessels, mostly adapted to large ships, providing high power and constant torque at the expense of complex and expensive installation. A recent trend, in an effort to ensure more security and safety, has been on remote engine control (autonomous vessels). C. Main Switchboard: The main switchboard maintains the total control of a vessel's functions, providing real-time data on the status of engines, key sensors and presents alarms. It is fundamental that the on-ship electrical systems, including the main switchboard, is earthed. D. Programmable Logic Controllers (PLCs): Generally, PLCs are used to automate a process and on-vessel PLCs are combined with the power management system, alarms and engines ( [84,85]). PLCs are integral to the control of the navigation system and to prevent defaults delivering high operational efficiency with low maintenance cost. Moreover, PLCs provide critical data such as temperature, engine status, pressures and electrical defaults, as well as information to execute the overall management of the vessel. E. Water Ingress Detection System (WIDS): Each vessel must be equipped with a WIDS-Based, a regulated requirement under SOLAS Chapter XII Reg.12. If a specific level of water is detected, an audible and visual alarm must be issued. WIDS systems must be powered by two different systems and an alarm is raised if the primary source fails. F.
Bow thrusters: The bow thrusters are used at low speed for efficient maneuvering.
Large vessels are equipped with tunnel thrusters driven by electric motors, regulating the ship's resistance through the water, which is critical to successful docking. G. Emergency Shut Down (ESD): The ESD is activated in an emergency such as fire detection and overfilling of tanks by executing a sequential shutdown of on-vessel pumps and valves to ensure safety and reduce damages. A rapid ESD response time is mandatory. H. Marine Heavy Fuel Oil (HFO) Treatment System: The HFO produces power from the energy extracted from the burning process and is used by most commercial ships [86]. The HFO is treated before use in the following stages: Firstly, HFO is heated to 50-60 • C and then connected to an inlet pump. The solution is subsequently heated to 80 • C and treated with a centrifugal purifier. The fuel is ready to be used after being processed with a centrifugal clarifier. I.

Fuel Oil System (FOS):
The FOS is a system that provides the fuel to the injection system and secondly an injection mechanism for receiving, storing and distributing to the tank. The FOS is composed of several essential parts: piping, stocking, distribution and the treatment of fuel oil. J.
Lubricating Oil System (LOS): LOS is a fundamental internal subsystem of the engine, ensuring the efficiency and a long operational lifetime of the machine. A number of lubrication oil systems were used, the most popular being Hydrodynamic Lubrication (HL). HL produces a layer of oil between the moving parts, e.g., a layer of oil is covered by the main bearing, ensuring the motion of the crankshaft' journal. K. Starting Air System (SAS): The SAS is composed of two air compressors and two reservoirs to generate the minimum 28 bars for the engine to start. For safety, valves are installed in the reservoirs to discharge the air in over-pressure cases. L. Gyro compass: The gyroscope is an essential tool used for navigation, providing an indication of the true north with deviations as a function of the direction and the speed of the vessel ( [87,88]). The most important feature of this component is the total ineffectiveness of external magnetic fields. M. Echo-sounder: The echo-sounder measures the depth of the sea. A sonar signal is transmitted and the 'echo' received, with the time between the two operations determining the depth. The information given by the sensor is used for a number of purposes. N. Electrical Crane Equipment: On-vessel cranes load or discharge goods and equipment. Therefore, their regular maintenance is mandatory as downtime can compromise ship operations. Visual inspection of the cranes for damage is carried out by the chief engineer and reported immediately for scheduling repairs( [89,90]). General maintenance is required to ensure uninterrupted operation with a particular focus on the protection of electrical systems against water ingress. O. Navigation Lights: Light signals are used to communicate dangerous actions, e.g., navigation lights in vessels play an essential role in preventing collisions as a visual signal has been proven to illicit rapid reactions, which is core to the prevention of critical events. P.
Loading and Stability Computer: The on-board loading computer provides standard functions and stability scenarios as, under specific circumstances, the captain needs to know the status of several components in order to inform the optimum plan of intervention to resolve an operational challenge.
Q. Fresh Water Generator (FWG): FWG produces freshwater from seawater, primarily for drinking but also for use by several other on-vessel components. The FWG consists of a condenser and evaporator, as the process is based on evaporating seawater using a heat source and decreasing atmospheric pressure by creating a vacuum in the evaporating compartment, and the decrease in temperature allows the transformation of vapour to cool water. R. Central Cooling Water System: A range of on-vessel equipment requires cooling to maintain their efficiency and reduce the loss of heat energy. Generally, two kinds of cooling systems are used on ships: a seawater cooling system, and the other using freshwater-the central cooling system-to control the temperature of the engine room. The central cooling system comprises three circuits: a seawater circuit in which the seawater cools freshwater; a low-temperature circuit used in low-temperature components of the machine; and a high-temperature circuit. S.
Waste Incinerator Plant: According to regulation 16 of MARPOL Annex VI [91], ships must install an incinerator to transform waste into flue gas and heat by burning. It must, however, be noted that the process outputs hazardous smoke that both pollutes the environment and causes several diseases such as cancer. T.
Sewage Treatment Plant: The treatment of sewage before discharging into the sea is mandated by regulations. A biological method based on anaerobic bacteria, in which the sewage is decomposed and generates H2S and methane gases, is the most popular technique. The alternative method, Sewage Treatment Plant (STP), relies on a screen filter to remove all solids, a biofilter decomposing organic substances by the aerobic micro-organisms and a pump. U. Air Condition Plant: The refrigeration or air-condition plant maintains a stable temperature of living quarters and the quality and protection of transported goods. Therefore, the refrigeration system must be regularly charged with refrigerant gas. V.
Stabilisers: Roll stabilization systems, classified as passive and active, are used to maintain the stability and reward motion caused by the sea. Bilge Keels are the most used passive systems, and their motion opposes rolling. Anti-Rolling Tanks are active systems based on tanks at the sides of the ship. W. Anchor and Mooring Winch Control System: Anchor and mooring systems operate automatically to control anchors and moorings by using actuators to keep a steady tension. The winch is equipped with a frequency converter and PLC controller to monitor the motor and to guarantee an ideal pulling speed.

. Communications Systems
On-vessel communications deliver information exchanges between ship elements.
A. Internal communication : VHF communications plays an important role in the safety of the ship, for example, in requesting assistance and/or transmitting a distress message. Furthermore, hand-held VHF is also used for applications such as localization by authorities. The Global Maritime Distress and Safety System (GMDSS) uses satellite and terrestrial communication to connect with authorities ( [92,93]) throughout international voyages, which is a mandatory requirement. Digital Selective Calling (DSC) is another means of transmitting distress message transmission and the current position of the ship. B. Network: Networked systems within the maritime industry are designed with high levels of reliability due to business critical data generated by a suite of sensors and the necessity to manage communications. The networked information systems gather and process data from sensors and execute on the exchanges the information between equipment. Table 4 summarises that several types of network technologies used for information transport, for example, the U.S. Navy uses a fiber-optic infrastructure (SAFENET) [94]. C. Navigation: The GNSS is recognised as the most vulnerable infrastructure within the maritime industry with respect to potential cyber breaches [95]. F.

ECDIS:
The Electronic Chart Systems (ECS) ECDIS system is a mandatory real-time navigation tool providing essential on-ship information. Regulated by the International Maritime Organization (IMO) as a replacement for the more traditional approach using paper-based nautical charts, the system eases the planing of journeys considerably by reducing effort and in the optimisation of speed. The ECDIS is a real-time system that provides the location of the ship as it is connected to both the RADAR and AIS system. The ECDIS generates several chart, such as Electronic Navigational Charts (ENC) and Admiralty Raster Chart Service (ARCS) provided by hydro-graphic offices; updates of the ECDIS are vital using the Internet or e-mail ( [102,103]). The update is loaded into the planning station most readily by using a USB or e-mail, followed by the export of data and refresh of ECDIS status. AIS data are detailed in Figure 5; thus, the mappings of the architecture of the vessel and the transmitted signals are both essential to the identification of its vulnerabilities. A successful strategy to exploit vulnerabilities within AIS and to define attacks that an impact the vessel is based on the following:  Figure 5. AIS data.
The AIS architecture ( Figure 6) is essentially composed of the following: •

Time-division Multiple Access (TDMA): Communication between vessels
shares the same frequency, and the transmitted frame is divided into time slots, each one containing data such as location and the identity of the vessel. As presented in Figure 6, the duration of the frame is 60 s, and it is divided into 2250 time slots.

The Port Infrastructure
The port is the interface between the vessel and land. The management and efficient execution of transportation and tracking of goods and vessels are heavily reliant on in-port service quality. The port is the home of three important groups of services ( Figure 8): all services related to vessels, commercial transportation and tracing services and a set of facilities linked to security.

In-Port Safety
The following are several safety-enteric capabilities/services that target the delivery of the effective security of people and to safeguard life.
• Cargo X-ray Scanner: In port, the optimisation of the time to execute key tasks is essential. X-ray reduces the inspection time of containers and plays a fundamental role in the safety of the port by detecting suspicious goods.

In-Port Operational Equipment
• Cranes: The recent trend in the utilisation of new technologies in the quest to improve service delivery has also targeted next generation cranes. The use of micro-computer and wireless connectivity communication has implemented their remote control but this evolution has also created new vulnerabilities for hackers to assume control with malicious intent to create significant damage. • Tugboats: Tugboats are essential for maneuvering large-size vessels in port by towing large vessels through narrow water channels. Generally, a tugboat is equipped with diesel engines and firefighting equipment. • Dredging vessels: Dredging maintains the required in-port water depth by removing disposals such as sand and sediments. Dredge vessels can be mechanical or hydraulic.

The Port Community System (PCS)
PCS is a platform that provides port users with real-time information about the tracking of goods and managing the declarations of customs ( [121][122][123]). Ready access to the most relevant information at the right time at each stage of port operations minimises delays, reducing paperwork and enhancing the quality of services.

•
Core module: contains general services information such as the name and IMO number of each vessel. The interface presents user profiles, allowing changes of passwords and databases searches. For security, access to the system is allowed only to authorized users as, for example, confidential information such as the number of crew members and passengers details are at risk. • Cargo module: contains information related to cargo such as the type and quantity of goods, the date/time of arrival/departure and editing services. The user is allowed to verify certificates related to the cargo.
• Tracking and tracing module: These modules source information from the AIS system. The user is able to visualize the real-time trace of the vessel and can view the CCTV video stream. Interrogation on the departure and arrival of the vessel is also available. • Berth management module: organizes the berthing of a vessel by providing real-time information related to the operation. The user is able to generate the berthing plan automatically and accesses information such as loading/unloading times by using the interface. The user can also extract a graphical representation of the berth to guide the execution of a successful berthing by port workers. • Storage allocation module: provides a graphical representation of the warehouse to optimise the collection of particular goods. • Interface to other transport modes: provides services related to the link between the storage area and the next transportation mode. The interface facilitates the governance of goods and provides real-time statuses of shipments. • Billing module: creates and manages all invoices. The interface provides berthing data and collects all information related to energy and water consumption. • Statistics module: provides periodic updates and creates statistical reports concerning previous operations and generates alerts on specific anomalies related to port services.

Single Window (SW) Environment
The SW facilitates communications between ports by standardizing services related to international goods transportation and unifying rules between governments ( [124,125]). All documents, including authorizations and certifications, are submitted once through one input for all users yielding a considerable gain in time and cost as all government authorities have adopted the same governance with respect to marine transportation. SW optimises international maritime trade by obviating differences between nations in terms of governance and information systems and is a formal system for tracking the transportation of illegal products and limiting suspicious relationships.

The Maritime Transport Life Cycle
The port/container terminal is an intermediate environment in the transport of goods, a temporary storage area allowing the preparation of containers before the vessel's loading phase. Consequently, the management of the terminal is vital to efficient container transportation. The terminal comprises four subsystems ( [126,127]):

1.
Ship-to-shore: carried out by quay cranes (QR) to load or discharge the ship, conducted with references to a specific plan executed by the operator.

2.
Transfer: transferring the container from the QR to the storage area using crewed or automated vehicles.

3.
Storage: serves as a buffer, necessary to optimize the waiting time, due to the lack of synchronization between loading and unloading phases.

4.
Delivery and receipt: The container is transferred by means of a port's internal vehicle to the trains or barges for onward delivery to the final destination. The time taken to execute this final port phase depends on the location of the container. Table 5 presents a classification of cyber attacks and their associated vulnerabilities as a function of key equipment and systems.

AIS attack:
The flowchart presented in Figure 9 maps the signal processing steps for Automated Indicator Sharing (AIS), providing the framework to examine vulnerabilities and to capture the behaviour of the hacker. The identification of the data is carried out by calculating the Frame Check Sequence (FCS); the 6-bit ITU-T Cyclic Redundancy Check (CRC) polynomial equation is also presented in the flowchart. The transmission of a message by the hacker in the appropriate radio channel of the AIS receiver utilising a FCS similar to the calculated FCS of the target AIS decoder executes a successful spoofing attack, potentially resulting in a collision between ships. The hacker could perform the following ( [128][129][130]): • Change the localisation: latitude, longitude and altitude; • Inject a false message.
The model of the transmitted on-ship AIS signal is provided by the following ( [131][132][133]): with the following.
nT ≤ t ≤ (n + 1)T, I k = ±1 and q(t): Gaussian wave form given by the following: with and the following obtains.
At the satellite receiver, the AIS signal is provided by the following. 2.

Global Navigation Satellite Systems (GNSS): GPS (US), GLONASS (Russia), Galileo (EU) and BeiDou (China) all fall under the Global Navigation Satellite Systems (GNSS)
umbrella. Cyber attacks on GNSS have been-facilitated by the lack of authentication and encryption-rendering the system vulnerable to breaches [134,135]. Fake position information significantly increases the probability of collisions, and the most striking exemplars occur in the Black Sea. Equation (7) and Figure 10 presents the GPS method to determine position. A GNSS spoofing attack is carried out in two steps: synchronization with the satellite's signal followed by increases in the power of the transmitted signal. As shown in Figure 10, the position (x,y,z) of GPS receiver is the intersection of d 0 , d 1 , d 2 and d 3 with the following: The local time is given by the following: with t n being the transmitted time, x n ,y n and z n are the positions of satellite n and c is the speed of light. The highest levels of protection of location data are mandatory for the successful operation of a fleet of autonomous vessels. Therefore, a significant body of research on GNSS spoofing attack detection has been undertaken [134,[136][137][138].
In [139], spatial processing methods are used to determine sources of the signal. Recently, a GNSS detection method based on deciphered Ring Alert (IRA) messages transmitted by the IRIDIUM satellite has been reported [134]. The proposed method maintains an acceptable receiver complexity and satellite signal availability.

Reception of AIS signal
Oversampling the signal (five times the data rate) Conversion to "0" and "1"

Synchronization of the HDLC packet
Research of the start of training sequence Down sampling the data (by 5)

Location of the Data and FCS fields
If FCScalculated=FCSreceived Reject the data Data extracted and translated to NMEA0813 standard No Yes

In-Port Cyber-Attacks
A. Spear-phishing: Spear-phishing, created by e-mails containing suspicious links to obtain unauthorized access, is one of the most common attacks ( [140][141][142]). After accessing the information system, the hacker installs key-loggers to capture logins/passwords and determines the identity of the individual workers, building a precise mapping of the status of the port. Although a substantial number of spearphishing attacks occur, due to the sensitivity of the maritime sector, port managers prefer to keep reporting to a minimum as breaches affect not only confidentiality of individual but also economic relationships between nations. B. Distributed Denial of Service (DDoS): Distributed Denial of Service (DDoS) attacks are criminal acts. The port information system is compromised by flooding the network with excessive traffic levels and denying access to its sites ( [143,144]). As a result, maritime services and the ability to track goods are compromised. The impact of DDoS attacks on cyber-physical maritime systems is evaluated in [145] by using simulation. The model comprises a vessel, controller and a gate with the simulated attack targeting communication between these different elements, and performing this exceeds the time safety limit. C. Port Scanning: Attackers verify the most vulnerable network ports by using the classic technique of scanning. The goal is to discover the status of services, define the optimum strategy to access databases and identify which users monitor services. At the highest level, the attacker uses IP fragmentation to confuse the firewall, and, as a result, the packet filters are bypassed. Another technique is based on interrogating an open User Data-gram Protocol port-the fourth layer of OSI model layer (Transport Layer)-to scan IP addresses by testing several protocols and other ports. The testmodels used by a hacker are randomly generated [146]. TCP-wrappers are preferred in order to mitigate such attacks, empowering the network manager to allow or block server access depending on the IP address. D. Supply chain: Supply chain attacks center on creating damage through the most vulnerable part of the end-to-end network ( [64,147]). International shipping from origin to final destination relies on key processes and stakeholders for container tracking, assurance and international authorizations.The most easily understandable example of a damaging outcome of an attack is changing the destination of a container, which requires knowledge of the supply chain and the vulnerabilities therein, to modify critical information. E. Social Engineering: Generally, social engineering attacks depend on the exploitation of human curiosity or compunction to execute a malicious act ( [148,149]). The study of human behaviour is core to a successful attack, and in this respect, social media or instant messaging usage patterns are a means for hackers to gather information on in-port network activity. As an example, the hacker can obtain critical information by creating a false identity through Facebook/Instagram. Other classes of social engineering attacks are Baiting and Quid Pro Quo. Software updates by security managers through a USB is often the means to install malware, a file used by the hacker to obtain access to the system. Protection based on strictly applied security policies is the only method to mitigate such attacks. F.
Malware/Ransomware/Trojans: Generally, the aim of these classes of attacks is to damage the information system or server by targeting the networked computers ( [150][151][152][153][154]). On the 8 July 2019, an attack targeted a US vessel causing critical credential mining. The Coast Guard and the FBI reported that the lack of security strategies on the vessel was the main reason for enabling such an attack; all of the crew on the vessel shared the same login and password of the vessel's computer. Furthermore, the use of external devices and the absence of antivirus software protection facilitated the task of the hacker. The second example is the attack of the 27 June 2017, named Petya, that affected computer servers in both Europe and India. The encrypted malware targeted all services of the Maersk shipping company, affecting 17 terminals and inflicting damages in excess of USD 200 million. The attack destroyed the computer operating system by infecting its master boot record (MBR).

Internet of Things in Maritime Industry
The IMO created the International Safety Management Code (ISM) and International Ship and Port Facilities Security Codes (ISPS), and they are the standards that are followed to ensure safe shipping and harbour operations, also encompassing the safety operational codes of personnel both on shore and on vessel [155]. The industry has recently adopted new technologies with the goal of optimising evolution to digitalisation. One route has deployed Internet of Things (IoT), a technology platform that interconnects 'objects' through the Internet to exchange data [156]; within the maritime industry, the 'things' connected are predominately sensors monitoring operational equipment and environment. A suite of appropriate sensors has been deployed in on-vessel ships and in-port operations to reduce the risk of vital component failures due to negligence as well as increasing the efficiencies of key practices ( [157,158]). More extensive monitoring provides real-time information such as cargo temperature, gas emissions and other vital data that can inform the optimisation of operations, thereby lowering the cost of maintenance and increasing the safety of the entire ecosystem [155]. However, the growing reliance on data and complex network connectivity has gated a proliferation of new vulnerabilities that cyber attackers are leveraging to launch attacks.

The Role and Impact of IoT On-Vessel and In-Port
Sahay et al. [159] provided a detailed insight on the on-vessel role that sensors and actuators are playing in ship automated systems, becoming an integral part of the physical components of the bridge, engine and propulsion control systems. The generated data are central to on-ship key systems, most notably the Integrated Bridge Control and Autonomous Engine Monitoring Controller. Visualisation and analysis enabled by the multiple streams of data inform on entire on-vessel operations, a full view of the critical system components and associated IoT devices with their inter-connectivity. However, the resultant increase in levels of automation creates new security vulnerabilities [160]. The components integral to the bridge, engine and propulsion control have been largely discussed in Section 4.1; thus, this subsection is devoted to a mapping of reported IoT-enabled cyber attacks both on vessel and in port.

Data and IoT
The use of data gathered using IoT to derive meaning has recently gathered pace [161]. There is a body of evidence on the benefits of the use of Industrial Internet of Things (IIoT) in safety-critical industrial applications. Big Data Analytic (BAD) tools have now been proven to enhance productivity within the maritime industry. The ability to have access to more information practical methods of acquiring large volumes of data has enabled the control of physical resources, processes and environments. Al-Gumaei et al. [162] have explored the inter-relationship between IIoT and the beneficial business benefits from data.
The use of Big Data in maritime traffic data analysis has been categorised under tow regimes: on-vessel traffic and external information such as in wind, sea and tidal wave in [163]. For example, an estimate of real fuel consumption function for speed optimisation has been achieved using archived weather data in [164]. Brouer et al. in [165] provided insights into the future of integrating predictive Big Data analysis in solving large scale optimisation. Nita and Mihailescu in [166] and Mirovic et al. [167] reported the use and applications of IIoT in real-time decision support.

Attack Surfaces in IoT Devices in Ships and Ports
The type of IoT-associated cyber attacks depends largely on IoT technology implementation-architectural design and components modus operandi and the protocol and application areas [168]. Furthermore, the vulnerability exposure of IoT can only be deciphered by having knowledge on component inter-dependencies, strengths and weaknesses.
IoT attack surfaces are all the areas of the system an attacker can exploit so as to achieve authorised access in order to change the originally designed behaviour; steal or compromise data [168]; obtain essential a priori knowledge that helps identify the potential types of attack the system is vulnerable to; and, in turn, inform the optimum countermeasure. Examples of attack surfaces are as follows: Network Link by leveraging on any network-layer protocol vulnerabilities; Application Link through application-layer protocol vulnerabilities; network design flaws; and weak password key management [169].
IoT has inherent security challenges owing to bi-directional data storage and retrieval methods from the cloud [170]. Once this access and retrieval line of action is compromised, the entire system is compromised. One example of IoT-based attacks is LogicLocker (a selfspreading ransomware worm) [169,171], whichi s enabled through Programmable Logic Circuits (PLCs). Another example includes attacks on IoT-enabled field devices such as an Automated Tank Gauge (ATG) and small-scale SCADA systems that monitor fuel tank inventory levels and raise alarms, for instance, when a fuel spill is detected [169].

Future of Maritime
This section focuses on cyber-security concerns with regard to advancements in maritime industry. This is performed by looking at the concept of autonomous or unmanned vessels and the possible attack surfaces that exist therein for the research community in cyber security. This concern is raised by taking a cue from already existing unmanned systems and their various existing attack surfaces that attackers exploit to cause harm by gaining authorised access resulting in stolen data and information and system compromise.

Autonomous Vessels
Two classes of autonomous vessels-in this context defined as a self-driven vessels piloted by artificial intelligence-have been the subject of significant research and development: remotely monitored and operated vessel by shore-side operators and independently operated vessel [172]. The industry goal is to create an independently operated vessel with an on-vessel decision support system undertaking all operational decisions. The evolution to autonomy will be phased, and initial implementation is a remotely operated before operating a complete independently operated vessel [172,173]. The adoption of autonomous vessels has a number of challenges at the operational, safety and ultimately regulatory levels, and the solutions need to be validated [172].

Remotely Operated Vessels
A remotely controlled vessel-similar to its completely unmanned vessel counterpartcomprise a large network of many sensors and is largely driven by algorithms that interpret data acquired to implement accurate navigation across international waterways. The extensive levels of inter-connectivity will, in turn, expose a large number of new attack surfaces in sensor networks, remote controls and communication links between remote on-shore operators and the vessel [173]. The requisite bi-directional links transporting streams of data is a source of concern with regard to data security.

Autonomously Operated Vessel
While autonomous vessels may not be susceptible to more traditional cyber attacks as a consequence of a human-in-the-control loop, e.g., crew members held hostage, increases in GPS spoofing by exploiting the communication link's attack surface are inevitable [173]. Concerns of an increase in cyber attacks that result in collisions with its attendant loss of life, environmental damages and hazards are related to leveraging numerous new attack surfaces owing the highly interconnected devices such as weak key management, bidirectional point of storage and retrieval of data from the cloud.

Digitalisation
There are undoubted benefits of migration to ever-increasing levels of digitalisation in the maritime industry, as shown in Figure 11. The business benefits derived from by data-driven applications include the following: transforming largely analogue operations that usually rely on traditional methods into more streamlined practices that optimise cargo handling; and improving maritime procurement and logistics processes mirrors trends in many other sectors. Moreover, it provides the basis for enhanced efficiencies, growth, innovation, safety and competitive advantage whilst minimising the negative impact of the environment [174]. The implementation of digitalisation relies on technologies such as blockchain and Big Data, real-time control, artificial intelligence, autonomous vehicles and robotics, network connectivity, communications, virtual reality and Internet of Things (IoT) [175]. What is essential to accelerating adoption is sharing knowledge and experiences between stakeholders across the industry so as to inculcate new methods of working, optimising customer engagement interfaces and service delivery.
Three phase are envisaged to reach this goal, optimisation, extension and transformation [176], with associated challenges including securing funding and managing concomitant cyber-security overheads. A review and future research directions in using Big Data and artificial intelligence technologies in the maritime industry segmented the path to digitalisation as follows: firstly, maritime transport, port community systems and innovation in maritime transport; secondly, on the applications of Big Data from Automatic Identification System (AIS) as it relates to surveillance, environmental and economic sustainability; thirdly, on optimising energy usage focusing on speed optimisation, route and crane planning; and finally, on predictive analytics as it relates to vessel performance, visual surveillance and other application areas. Lind-Olsen in [177] agreed that Big data and AI offer viable solutions to the digitalisation challenges of the industry, stressing further that the adoption of IoT will continue to provide improved shipping and fleet operations, while that of artificial intelligence will help in optimising decision making and safety. The more widespread application of robotics will facilitate the execution of operations in complex environments and will be integral to the emergence of unmanned vessels. Anomaly detection system Autonomous operation Figure 11. Digitalisation of maritime industry.

Conclusions
A review of current components, systems and services within the maritime industry, segmented as in-port and on-vessel, is presented as the foundation for the determination of future exposures of a critical global-wide infrastructure to cyber crimes. Cyber attacks reported to date are classified, and their impact is quantified in each core sub-infrastructure within the context of the state-of-the-art techniques. The sector migration to ever-increasing levels of smart in-port services and autonomous vessels necessitates the establishment of new cyber-security protocols and enhanced protection practices. Clear evidence exists that every port or vessel is at risk of cyber-attacks if key information systems are not adequately protected. The challenge is further exacerbated by the proliferation in the deployment of new technologies with concomitant increases in the scope of vulnerabilities within the most operation-critical infrastructures. As a result, the exposure to a significant risk of unauthorized access and new classes of cyber-attacks is heightened.
An important strand in achieving more robust cyber protection is improvement in cyber-security awareness across the community. In support of awareness, a legal framework and updated insurance methodologies should be established to further strengthen solutions to cyber threats. Moreover, all cyber security issues should be made transparent within stakeholders in order to increase understanding and, in turn, catalyse the development of practices collectively; the details and impact of new cyber-attacks should be communicated for information throughout the supply chain. The integration of acceptable governance practices in ports, together with the adoption of a universal security protocol, will reduce further the probability of successful cyber attacks and inform effective protection strategies.
In the future, among the many challenges that remain, the development of a plan to the standardization of digital services for autonomous vessels is the most pressing. Furthermore, a new security standard that reduces the number and scope of cyber-attacks for autonomous vessels and smart ports has to be defined for the economic sustainability of the sector. Data Availability Statement: Not applicable, the study does not report any data.

Conflicts of Interest:
The authors declare no conflict of interest.

Abbreviations
The following abbreviations are used in this manuscript: