The technological devices and navigation equipment used on ships can be exposed to cyber-attacks. These attacks pose significant risks to life and property safety and can cause substantial economic damage to maritime enterprises. The aim of this study is, in light of academic research and past cyber incidents, to reveal potential cyber threats to ships and to suggest safer navigation support systems in terms of cybersecurity. The Bayesian Networks method was employed in the cybersecurity assessment of the systems. In the Bayesian network, nodes contributing to cybersecurity risks and the relationships between these nodes have been identified. Based on the possible scenarios constructed through conditional probability tables, this study aims to provide an answer to the question of how an optimal cybersecurity system should be designed for ships. In this context, alongside the theoretically ideal system design, a proposal for a practically applicable optimal design has also been developed. The theoretical optimal system design is structured under ideal conditions, incorporating maximum security measures in every component (e.g. no internet connection, use of devices from different brands, robust network infrastructure, etc.), whereas the practical system is designed with consideration of the current technological infrastructure and applicability on ships. The study has shown a significant difference between the theoretically most cyber-secure and the most cyber-insecure scenarios. This highlights significant potential improvements for corrective and preventive actions. The findings also show that satellite or radio-based navigation systems such as Positioning System and AIS pose significant cyber risks. However, it has been revealed that the real risk lies in computer technologies and computer-based systems. The study provides useful outputs for industry stakeholders and other relevant parties involved in efforts to create cyber-secure ship systems.
KesslerGCShepardSD (eds). Maritime cybersecurity - a guide for leaders and managers. 2nd ed.Amazon, 2022.
2.
JoSD’agostiniEKangJ. From seafarers to E-farers: maritime cadets’ perceptions towards seafaring jobs in the industry 4.0. Sustainability2020; 12(19): 8077.
3.
CFCS. Threat assessment: the cyber threat against the maritime sector. Danish Defence Intelligence Service’s Centre for Cyber Security, 2017.
DaumO.Cyber security in the maritime sector. J. Mar. L. & Com2019; 50: 1.
12.
OrucAKavallieratosGGkioulosV, et al. Cyber risk assessment for SHips (CRASH). TransNav Int J Mar Navig Saf Sea Transp2024; 18: 115–124.
13.
OSM. Cyber security fleet protection. OSM Maritime Group, 2018.
14.
DadianiD.Cyber-security and marine insurance. World Maritime University Dissertations, 607, 63 s, 2018.
15.
SilgadoDM. Cyber-attacks: a digital threat reality affecting the maritime industry. World Maritime University, 2018.
16.
KesslerGC.Cybersecurity in the maritime domain. USCG Proc Marine Saf Secur Counc2019; 76(1): 34.
17.
TucciAE. Cyber risks in the marine transportation system. In: Cyber-physical security: Protecting critical infrastructure at the state and local level. New York, Springer International Publishing, 2016, pp. 113–131.
GrantAWilliamsPWardN, et al. GPS jamming and the impact on maritime navigation. J Navig2009; 62(2): 173–187.
20.
HassaniVCrastaNPascoalAM. Cyber security issues in navigation systems of marine vessels from a control perspective. 36th International Conference on Offshore Mechanics and Arctic Engineering, Trondheim, Norway, 2017.
21.
AndrojnaAPerkovičMPavicI, et al. AIS data vulnerability indicated by a spoofing case-study. Appl Sci2021; 11(11): 5015.
22.
KayişoğluGGüneşBBolatP.ECDIS cyber security dynamics analysis based on the fuzzy-FUCOM method. Trans Marit Sci2024; 13(1): 1–25.
23.
KayisogluGBolatPTamK.Evaluating SLIM-based human error probability for ECDIS cybersecurity in maritime. J Navig2022; 75(6): 1364–1388.
24.
ViskyGVaarandiRKatsikasS, et al. 2025, January). Statistical analysis-based feature selection for anomaly detection in AIS Dataset. In: 2025 IEEE 23rd world symposium on applied machine intelligence and informatics (SAMI), Stará Lesná, Slovakia, pp. 000159–000164. IEEE.
25.
MrakovićIVojinovićR.Maritime cyber security analysis – how to reduce threats?Trans Marit Sci2019; 8(1): 132–139.
26.
AlcaideJILlaveRG.Critical infrastructures cybersecurity and the maritime sector. Transp Res Procedia2020; 45: 547–554.
27.
KanwalKShiWKontovasC, et al. Maritime cybersecurity: are onboard systems ready?Marit Pol Manage2024; 51(3): 484–502.
28.
ParkCKontovasCYangZ, et al. A BN driven FMEA approach to assess maritime cybersecurity risks. Ocean Coast Manag2023; 235: 106480.
29.
SönerÖKayisogluGBolatP, et al. Cybersecurity risk assessment of VDR. J Navig2023; 76(1): 20–37.
30.
KayisogluGDuzenliEBolatP, et al. Maritime cyber security: adopting a checklist based on IACS UR E26 standard. Turk J Marit Mar Sci2024; 10(1): 31–50.
31.
KayisogluGBolatPTamK.A novel application of the Coras framework for ensuring cyber hygiene on shipboard RADAR. J Mar Eng Technol2024; 23(2): 67–81.
32.
DüzenliEKayisogluGAcarerT, et al. A comprehensive analysis of maritime cyber security incidents: trends, Impacts, and countermeasures. Turk J Marit Mar Sci2024; 10(Özel Sayı: 1): 51–61.
33.
MohsendokhtMLiHKontovasC, et al. Decoding dependencies among the risk factors influencing maritime cybersecurity: lessons learned from historical incidents in the past two decades. Ocean Eng2024; 312: 119078.
34.
YousafAAmroAKwaPTH, et al. Cyber risk assessment of cyber-enabled autonomous cargo vessel. Int J Crit Infrastruct Prot2024; 46: 100695.
35.
IACS E26:2022. Cyber resilience of ships. International Association of Classification Societies.
36.
IACS E27:2022. Cyber resilience of on-board systems and equipment. International Association of Classification Societies.
37.
International Maritime Organization. Guidelines on maritime cyber risk management: MSC-FAL.1/Circ.3. IMO Publishing, 2017.
38.
International Electrotechnical Commission. IEC 62443: industrial communication networks - IT security for networks and systems. IEC, 2018.
39.
ISO/IEC 27001. Information security, cybersecurity and privacy protection - information security management systems - requirements, 2022.
40.
CaoYWangXWangY, et al. Analysis of factors affecting the severity of marine accidents using a data-driven Bayesian network. Ocean Eng2023; 269: 113563.
41.
SpravilJHemminghausCvon RechenbergM, et al. Detecting maritime GPS spoofing attacks based on NMEA sentence integrity monitoring. J Mar Sci Eng2023; 11(5): 928.
42.
AndrojnaAPerkovičM.Impact of spoofing of navigation systems on maritime situational awareness. Trans Marit Sci2021; 10(2): 361–373.
43.
WimpennyGŠafářJGrantA, et al. Securing the automatic identification system (AIS): using public key cryptography to prevent spoofing whilst retaining backwards compatibility. J Navig2022; 75(2): 333–345.
44.
MelnykOKuznichenkoSOnishchenkoO.Impact of AIS manipulation on shipping safety and strategic countermeasures. Lex Portus2024; 10: 31.
45.
LouartMSzkolnikJJBoudraaAO, et al. Detection of AIS messages falsifications and spoofing by checking messages compliance with TDMA protocol. Digit Signal Process2023; 136: 103983.
46.
SonerOKayisogluGBolatP, et al. An investigation of ransomware incidents in the maritime industry: exploring the key risk factors. Proc Inst Mech Eng O J Risk Reliab2025; 239(4): 659–678.
47.
AfenyoMCaesarLD.Maritime cybersecurity threats: gaps and directions for future research. Ocean Coast Manag2023; 236: 106493.
48.
PengPXieXClaramuntC, et al. Bibliometric analysis of maritime cybersecurity: research status, focus, and perspectives. Transp Res E Logist Transp Rev2025; 195: 103971.
49.
DemirelSBodurS.Application of Bayes theorem in genetic counseling. Erciyes Med J2004; 26(2): 81.
50.
BonsallSBonsallSWangJ.Fuzzy rule-based Bayesian reasoning approach for prioritization of failures in FMEA. IEEE Trans Reliab2008; 57(3): 517–528.
51.
TruccoPCagnoERuggeriF, et al. A Bayesian belief network modelling of organisational factors in risk analysis: a case study in maritime transportation. Reliab Eng Syst Saf2008; 93(6): 845–856.
52.
LoughneySWangJ.Bayesian network modelling of an offshore electrical generation system for applications within an asset integrity case for normally unattended offshore installations. Proc Inst Mech Eng M J Eng Marit Environ2018; 232(4): 402–420.
53.
RajakarunakaranSManiram KumarAArumuga PrabhuV.Applications of fuzzy faulty tree analysis and expert elicitation for evaluation of risks in LPG refuelling station. J Loss Prev Process Ind2015; 33: 109–123.
UğurluÖKartalŞEGündoğanO, et al. A statistical analysis-based Bayesian network model for assessment of mobbing acts on ships. Marit Pol Manage2023; 50(6): 750–775.
56.
HsuHMChenCT.Aggregation of fuzzy opinions under group decision making. Fuzzy Sets Syst1996; 79(3): 279–285.
57.
LavasaniSMZendeganiACelikM.An extension to Fuzzy Fault Tree Analysis (FFTA) application in petrochemical process industry. Process Saf Environ Prot2015; 93: 75–88.
58.
BayramHUğurAFDanışmanK.FPGA (field programmable gate array) Tabanlı Bulanık Kontrolör Tasarımı ve Bir Uygulama, ELECO, 2002.
59.
SugenoM.Industrial applications of fuzzy control. Elsevier Science Inc, 1985.
60.
UğurluFYıldızSBoranM, et al. Analysis of fishing vessel accidents with Bayesian network and chi-square methods. Ocean Eng2020; 198: 106956.
61.
UğurluÖYıldızSLoughneyS, et al. Analyzing collision, grounding, and sinking accidents occurring in the Black sea utilizing HFACS and Bayesian networks. Risk Anal2020; 40(12): 2610–2638.
62.
SallehNHMRiahiRYangZ, et al. Predicting a containership’s arrival punctuality in liner operations by using a fuzzy rule-based Bayesian network (FRBBN). Asian J Shipping Logist2017; 33(2): 95–104.
63.
JonesBJenkinsonIWangJ.Methodology of using delay-time analysis for a manufacturing industry. Reliab Eng Syst Saf2009; 94(1): 111–124.
64.
PristromSYangZWangJ, et al. A novel flexible model for piracy and robbery assessment of merchant ship operations. Reliab Eng Syst Saf2016; 155: 196–211.
65.
JohnAYangZRiahiR, et al. A risk assessment approach to improve the resilience of a seaport system using Bayesian networks. Ocean Eng2016; 111: 136–147.
ZhengYZhengFYangC, et al. Analyses of GLONASS and GPS+GLONASS precise positioning performance in different latitude regions. Remote Sens2022; 14(18): 4640.
68.
MelandPHBernsmedKWilleE, et al. A retrospective analysis of maritime cyber security incidents. 2021.
69.
IBM. IBM security services 2014 cyber security intelligence index. 2014.
70.
BolatPKayişoğluG.Antecedents and consequences of cybersecurity awareness: a case study for Turkish maritime sector. J ETA Marit Sci2019; 7(4): 344–360.
71.
Harvard Business Review. Dijital Dönüşüm Siber Güvenlik, Optimist Yayın Grubu, İstanbul. 2020.
72.
AkpanFBendiabGShiaelesS, et al. Cybersecurity challenges in the maritime sector. Netw2022; 2(1): 123–138.
73.
Jones WalkerLLP. Maritime security survey. Jones Walker LLP, 2018.
