Cybersecurity risk assessment of VDR

Söner Ö., Kayişoğlu G., Bolat P., Tam K.

Journal of Navigation, vol.76, no.1, pp.20-37, 2023 (SCI-Expanded) identifier identifier

  • Publication Type: Article / Article
  • Volume: 76 Issue: 1
  • Publication Date: 2023
  • Doi Number: 10.1017/s0373463322000595
  • Journal Name: Journal of Navigation
  • Journal Indexes: Science Citation Index Expanded (SCI-EXPANDED), Scopus, Academic Search Premier, Aerospace Database, Aquatic Science & Fisheries Abstracts (ASFA), Artic & Antarctic Regions, Communication Abstracts, Geobase, INSPEC, Metadex, DIALNET, Civil Engineering Abstracts
  • Page Numbers: pp.20-37
  • Keywords: maritime, cybersecurity, risk assessment, VDR, FMEA
  • Istanbul Technical University Affiliated: Yes


The voyage data recorder (VDR) is a data recording system that aims to provide all navigational, positional, communicational, sensor, control and command information for data-driven investigation of accidents onboard ships. Due to the increasing dependence on interconnected networks, cybersecurity threats are one of the most severe issues and critical problems when it comes to safeguarding sensitive information and assets. Cybersecurity issues are extremely important for the VDR, considering that modern VDRs may have internet connections for data transfer, network links to the ship's critical systems and the capacity to record potentially sensitive data. Thus, this research adopted failure modes and effects analysis (FMEA) to perform a cybersecurity risk assessment of a VDR in order to identify cyber vulnerabilities and specific cyberattacks that might be launched against the VDR. The findings of the study indicate certain cyberattacks (false information, command injection, viruses) as well as specific VDR components (data acquisition unit (DAU), remote access, playback software) that required special attention. Accordingly, preventative and control measures to improve VDR cybersecurity have been discussed in detail. This research makes a contribution significantly to the improvement of ship safety management systems, particularly in terms of cybersecurity.