Quantifying potential cyber-attack risks in maritime transportation under Dempster–Shafer theory FMECA and rule-based Bayesian network modelling

Uflaz E., Sezer S. I., Tunçel A. L., AYDIN M., Akyüz E., Arslan Ö.

Reliability Engineering and System Safety, vol.243, 2024 (SCI-Expanded) identifier

  • Publication Type: Article / Article
  • Volume: 243
  • Publication Date: 2024
  • Doi Number: 10.1016/j.ress.2023.109825
  • Journal Name: Reliability Engineering and System Safety
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, PASCAL, Aerospace Database, Communication Abstracts, Compendex, INSPEC, Metadex, zbMATH, Civil Engineering Abstracts
  • Keywords: Bayesian network, Cyber risk, Cyber-attack, Dempster–Shafer theory, FMECA, Ship navigation system
  • Istanbul Technical University Affiliated: Yes


Maritime cyber security is a growing concern in the shipping industry as reliance on technology increases. With the potential for cyber attacks to disrupt vessel operations, compromise sensitive information, and endanger crew and cargo, assessing the risks and developing effective risk management strategies is crucial. On the other hand, cyber risk assessments in maritime transportation have been limited, and there is a lack of probabilistic databases of cyber threats. To remedy this gap, this paper presents a probabilistic approach to estimate cyber threats, especially for the bridge navigational systems in the maritime sector, focusing on the Bayesian network model to evaluate cyber risks for integrated bridge navigational systems onboard, and marine security experts evaluate 32 threats with respect to FMECA (Failure modes, Effect and Criticality Analysis) parameters. Dempster-Shafer theory is utilised to consolidate expert opinions for cyber risk analysis. The findings of the research showed that AIS spoofing poses the highest risk. GPS jamming is the other significant threat to ship bridge navigational systems during cyber attacks. The research provides a basis for identifying cyber threats and risks, calculating the highest risk values and developing control actions to maintain effective risk management strategies for safe and secure maritime transportation.