Portfolio 3 – MMO5003-1 21H Modern Ship Design: Safety, Limitations and

Hazards

Date: 18 December 2021

Considerations related to autonomous

ships
Høgskulen på Vestlandet, HVL

Figure 1 - Picture from Kongsberg Group (Kongsberg, 2021)

Group members

Toyese Baderin

581022

Muhammad Jalal

602242

Nils Eivind Skaar

120172

Erlend Milje

227883

John Joseph

602255

Affaf Ali

602226
Jeg bekrefter at arbeidet er selvstendig utarbeidet, og at referanser/kildehenvisninger til alle

kilder som er brukt i arbeidet er oppgitt, jf. Forskrift om studium og eksamen ved Høgskulen på Vestlandet, § 12-1.

1
 Table of Contents

Introduction ................................................................................................................................ 3
Definition issues......................................................................................................................... 4
Absence of crew ......................................................................................................................... 6
Navigational rules ...................................................................................................................... 9
Seaworthiness and error in navigation ..................................................................................... 11
Cyber risks and Security .......................................................................................................... 14
Threats .................................................................................................................................. 15
Methods for Managing Cyber Security Risks ...................................................................... 16
Security architecture ............................................................................................................. 17
Liability and its limitations ...................................................................................................... 19
Conclusion ............................................................................................................................... 21
References ................................................................................................................................ 22

List of Figures
Figure 1 - Picture from Kongsberg Group ................................................................................. 1
Figure 2 - Degree of autonomy .................................................................................................. 6
Figure 3 - CPHA methodology flowchart ................................................................................ 16
Figure 4 - Illustration of Network logical modelling and security zones/architecture ............ 17

2
Introduction

Autonomy is a popular topic today. We hear about it quite often on the news, and in the various feeds
in our phones. There is news about technology that will provide us with autonomous aircrafts, cars,
vessels and robots. This technology might change our lives dramatically. Autonomous vehicles have
been available for quite some time, with governing legislation restricting the full use for them. And
quite recently on “November 18.11.2021. Yara Birkeland, the world’s first fully electric and
autonomous container vessel with zero emissions made her first and only voyage from Horten to
Oslo”. (Yara, 2021)

In this portfolio we will focus on considerations related to autonomous ships, and as seafarers we can
say that it is obvious that ships have different and more complex challenges than the automobile
industry. The portfolio will highlight the six different subtopics given from lecture 11 newest trends in
ship design:

1. Definition issues
2. Absence of crew issues
3. Issues of navigation rules
4. Issues of seaworthiness and error in navigation
5. Issue of cyber risks
6. Issues of liability and its limitations

We will also highlight cyber threats from hacking, how the cargo will be secure and what can be done
if the engines shutdown?

Today many processes are automated, many people are already used to cruise control, line assist and
even autopilot in their vehicles. Also, on vessels there are already automated processes, like adaptive
autopilot, integrated platform management system (IPMS). And autonomy is not necessarily the same
as the vessel will be operating without a crew. However, it gives the opportunity to have less people
onboard, in which case the vessel can carry more cargo etc.

Less people onboard will not necessarily mean that these people will lose their job, since the vessel
parameters must still be monitored. It will also give more job opportunities in other areas like
technicians and programmers.

What does the word autonomy mean? According to Merriam-Webster the “definition of autonomy is
the quality or state of being self-governing” (Merriam-Webster). For a vessel this will mean being
able to operate without being controlled by humans.

3
The International Maritime Organization (IMO) uses the term MASS (Maritime Autonomous Surface
Ship) for all vessels that have some degree of automation and is not under the current legislations.
(Rødseth, 2018).

It is also important to clarify that there is a difference between remote controlled and autonomous
vessels. Remote controlled vessels will have autonomous elements, however they are controlled from
a Control Center on Shore (Evensen, 2020, p 43). Smart remote-controlled ships will use a lot of
automation and systems, however the human will make the decisions, autonomous ships are operated
by machines and they will make their own decisions based on the preset parameters. (Evensen, 2020,
p 43)

Definition issues
From lecture 11 newest trends in ship design it was stated that there is no international definition of
what an autonomous or unmanned ship is, what the various levels of autonomy are. (Gudmestad 2020,
p4). However, IMO`s MSC 99 established four degrees of autonomy for MASS for the purpose of the
Committee’s scoping exercise:

• Ship with automated processes and decision support: Seafarers are on board to operate and
control shipboard systems and functions. Some operations may be automated.
• Remotely controlled ship with seafarers on board: The ship is controlled and operated from
another location, but seafarers are onboard.
• Remotely controlled ship without seafarers onboard: The ship is controlled and operated from
another location. There are no seafarers on board.
• Fully autonomous ship: The operating system of the ship is able to make decisions and
determine actions by itself. (IMO, 2018)

However, these definitions are preliminary and used as a frame to start the scoping exercise for
MASS. Therefore, this portfolio will also research if there are clear and better definitions available for
MASS.

When discussing degrees of autonomy, the aim should be to have a clear definition that is applicable
to a certain state or area. For example, for this area or this certain mission this degree of autonomy is
required and it includes the following bullet points to what the machine can and cannot do.
Definitions of various degrees of autonomy have been discussed over the years. However, there is not
much literature on a clear and precise definition. In an article from 2018 Ørnulf Jan Rødseth defines
ship autonomy by characteristic factors, one of these factors is the human (Rødseth, 2018).

Unless we operate with a fully autonomous concept the human factors and the human automation
interaction (HAI) must be taken into consideration, as human interaction with autonomous systems
will influence our workload, our situational awareness and our overall performance and therefore our
decision-making process (Rødseth, 2018). The degree of autonomy might also change how the
machine and the human interact as it can influence phenomena such as situational awareness and
complacency (Rødseth, 2018).

4
Therefore, it will be important to have clear definitions to the different degrees of automation, to
make the human aware of what the machine will do and what the human must do, like an explicit
coordination between the machine and the human. Much like humans do when they distribute tasks
and responsibilities. In many areas’ vessels are different compared to other machines, therefore
applying autonomy to a vessel will not be the same as having an autonomous car. For example,
vessels have the risks of creating environmental and health catastrophes on a larger scale, the duration
of maritime operations can last from a few hours to many months, and ship operations are quite
costly, both in investment and operations. Also, vessels travel between the different borders of flag
states to a much higher extent than cars do. Because of this the legislation will also be more complex.
Rødseth defines ship autonomy as a function of three main factors: operation complexity, degree of
automation and operator presence. (Rødseth, 2018)

The complexity of operations will vary and when evaluating them one should address the following
opportunities and constraints : “G: The geographic constraint, T: Other ship and vessel traffic
constraint, W: MetOcean condition and visibility, V: Vessel characteristics and capabilities, N:
Navigational infrastructure, aids to navigation, P: Port facilities and support, C: Communication
system facilities, M: Mission characteristics, R Minimum safety and performance requirements, O:
Other constraints” .(Rødseth, 2018). Also, one must take in consideration what types of tasks the
operator or the system shall execute, Rødseth defines these tasks as Dynamic Ship Tasks (DST).
When it is sorted out what types of tasks that will be performed, and how complex the operation is, a
fallback strategy must be in order. DNV GL`s safety philosophy states that there must be a:
“minimum risk conditions (MRC) outlined in the concept of operations (CONOPS) should be
detailed, and when applicable, structured into hierarchies with clear priorities and decision trees. The
same MRCs may be structured in different decision trees for different scenarios. The MRCs which
serve as the last resort indecision trees should be clearly indicated”. (DNV GL, 2018)

From the complexity of operations, DST, and MRC Rødseth defines 5 degrees of automation which
he claims to be sufficient for describing autonomous vessels:

1. DA0 - Operator controlled: The automation is limited and decision support is available, this is
like the current situation is. The operator is in control and aware of the situation at all times.
2. DA1 - Automatic: The human is not operating, but the operator must pay attention and handle
problems that are predefined.
3. DA2 - Partial autonomy: A higher automation degree than DA1, however, there are still limits
to the system's capabilities. The system will handle the predefined problems, but it will not
necessarily handle other problems. The human must still use judgment to the required
attention level.
4. DA3 - Constrained autonomy: The system is autonomous, however the capabilities are
constrained by defined limits. The system will notify the operator, and he or she will be given
a timeframe before action is needed.

5
 5. DA4 - Fully autonomous: Crew is not required at any time (Rødseth, 2018)

Figure 2 - Degree of autonomy.

(Rødseth, 2018)

After studying the topic, we have found that there are definitions of what an autonomous or unmanned
ship is, and what the various levels of autonomy are. IMO has their definitions for the scoping
exercises for MASS, Ørnulf Jan Rødseth from SINTEF has some clear and defined definitions, these
are quite similar to the ones the Norwegian Maritime Authority uses. These definitions will be
mentioned in the next section.

Absence of crew
UNCLOS defines that all ships must be “in the charge of a master and officers who possess
appropriate qualifications”. SOLAS, MARPOL, STCW and the Paris MoU as well as the EU directive
16/2009 on PSC all presume that the master will be present onboard.

Rules and regulations for unmanned, autonomous vessels are still on the drawing board and both
international organizations and countries are discussing how to best meet the new technology for the
maritime industry, and make proper, safe and effective regulations. We are still in the start of a new
era of the maritime industry. The maritime industry is ahead of governmental and international
legislations, and the technology is already at the doorstep. In the meantime, the industry is adapting to
already existing regulations and early guidelines, proposing new ones, and testing technology and
solutions to prepare for the new era as we see through the project with Yara Birkeland and ASKO
vessels in the Oslo fjord (Massterly, 2021).

UNCLOS defines that all ships must be in the charge of a master and officers who possess appropriate
qualifications (UN, 1982).

IMO’s Maritime Safety Committee has from 2017 to 2021 completed a regulatory scoping exercise to
analyze relevant ship safety treaties to assess how MASS (Maritime Autonomous Surface Ships) can
be regulated (IMO, 2021). They are specially discussing how to define the terms “master”, “crew” or
“responsible person”. The old regulations in UNCLOS, SOLAS, MARPOL, STCW etc. are all based
on yesterday's technology and how to operate ships. Through new analyses and discussions in IMO,
and also future experience, testing and knowledge, I’m sure new and more specific rules will be
6
defined for autonomous ships, and maybe we need different solutions for different types of ships or
operations depending on complexity, communication options, security etc.

Many are talking about different degrees or levels of autonomy. IMO uses four degrees (MSC, 2018).

1. Crewed ship with automated processes and decision support

2. Remotely controlled ship with seafarers on board
3. Remotely controlled ship without seafarers on board
4. Fully autonomous ship

Norwegian Maritime Authority divides the degree of autonomy into 5 stages (SDIR, 2020):

1. Decision support. Crew onboard but uses automated processes to help with the navigation.
E.g. Auto pilot, ARPA etc.
2. Self-steering. Under constantly supervision and ability to take control on board. E.g.
advanced auto track pilot. Parts of the voyage can be done automatically.
3. Periodically unmanned. Still crew onboard, but parts of the voyage can be done
autonomously. Operators can be alerted if difficult situations occur which the system cannot
handle.
4. Unmanned. Crew not onboard, but possibility of direct or indirect remote control from shore-
based control center to handle complex operations. A control room is constantly monitoring
the ship. Alarms will alert the operator if the system meets situations it cannot handle.
5. Fully autonomous. No crew on board, and no monitoring from land. Norwegian Maritime
Authority believes this is not likely solution for ships in international traffic, because of the
complexity, safety, but also due to the international demands for the ship to constantly being
under supervision of a responsible person, Master, at all times, and that the ship must be able
to be called upon of different coastal authorities and states.

We believe a lot of the problem so far is trust in the technology, autonomy and the new solutions.
Many of the existing autonomous ships today have crew on board, not that it is necessarily needed
everywhere, but as they might have the positions as supervisors and can intervene if required.
Kongsberg Group (KOG, personal communication during workshop, 1 Dec- 3 Dec 2021) explains
during workshop for autonomous vessels that many solutions are made to satisfy the customer
because they don’t fully rely on the autonomy yet. This might also be the case for authorities, and
those who will write the regulations. We will probably see that the technology matures over time, and
new solutions will be commonly accepted and trusted. It will be a huge step to remove all crew from a
vessel, and we will probably see it step by step and perhaps in many different versions depending on
the sailing areas for the vessels, complexity of the vessel’s operation etc. To transport cargo
containers through the fjords of Norway will be a totally different operation than transporting cargo
between continents, or even transport of people, like cruise liners. Transportation over large distances
will cause larger communication challenges. Redundancy for onboard equipment and machinery must
be evaluated at a different scale as transportation between to fjords in Norway for example.

To make a vessel autonomous you will need to have a safe action for equipment failure, or situations
that are not programmed. This could be algorithms bypassing the failure, redundancy of equipment,
7
remotely controlled repairs, or perhaps getting the vessel in a safe position, preplanned waypoint to
wait for further assistance. There are many solutions, but communication can always be a challenge,
especially if we are talking about worldwide operations. And how easy will it be to get on board if
needed? This will highly depend on the sailing pattern and distances for the different vessels.

As we see, every aspect of the vessel’s operation needs to be considered to evaluate if unmanned
vessel is impossible, or regulations might still require personnel on board, but I personally believe that
the industry will strive to get safe fully automated solutions for unmanned vessels, because of cost and
safety issues. Kongsberg Group explains during an autonomy workshop (KOG, personal
communication during workshop, 1 Dec- 3 Dec 2021) that just the classification of vessels
transporting personnel is at a totally different cost than autonomous vessels, because of all the extra
rules and regulations related to human safety, comfort and accommodations on board. A middle way
between manned and unmanned is remotely controlled. Different ships need different supervision, and
probably some kinds of vessels will need more time to adapt the autonomy.

In addition to the rules of master and continuous operator for navigation and the responsibility aspect,
there are many other issues that also need to be solved for unmanned vessels, and the industry must
come up with new solutions. Maintenance routines need to be revised. It will be more important to
prepare and check machinery, technical components, communication etc. before the vessel departs.
For autonomy, every aspect or possible situation we know of must be evaluated, and if something
happens that the system is not programmed to handle, a safe action must be the default order for the
ship.

When it comes to accidents at sea, a lot is human related. There is a lot of research on this subject, and
there is also just as much criticism of the research of how accurate it is etc., and what is actually the
causes. However, we will not discuss this matter in the report, but we are discussing the weaknesses
of not having crew onboard, and safety issues related to this. If many accidents are related to human
failure or factors where humans have been involved, one can ask if it is possible that autonomous
ships instead will strengthen the safety in the maritime industry?

What are the critical aspects today? When something goes wrong, what are the priorities shaping the
actions for the crew? From experience as, maritime officer personnel´s safety will always be the most
important priority as long as we talk about civilian shipping or military peace-time operations.
Environmental and material damages will always have a second priority. When we then talk about
unmanned vessels we have removed the most valuable on board the ships, and we can prioritize
different when accidents happen. This is not necessarily a weakness from today's manned vessels.

Communication and hacking will be further discussed later on, but there have also been questions and
raised concerns about piracy and hijacking of unmanned vessels, and safety of the cargo. This is of
course an important issue to consider for using autonomy on vessels where this is a threat. But this is
still a major threat to manned vessels today, and will this be a larger threat to unmanned vessels? Will
it be easier to hijack autonomous vessels, and will they gain more benefits of hijacking these vessels?
I’m not quite sure. Think about it. The weakest link onboard a ship is the crew. Pirates will try to
8
threaten the crew pointing a gun to their heads and make them comply. The crew can be used to get
ransom from the shipping company etc. This is not that easy with autonomous ships.

As a security measure towards intruders and pirates the vessel can be complemented with “soft kill”
weapons, this means non-lethal weapons like sound cannons, water cannons, lasers, electrical fences,
physical barriers etc. The vessel will have sensors observing the environments around the ship, and
can have pre-defined autonomous actions for intruders. Other actions to make it difficult to board the
ship can be programmed, e.g. zig-zag maneuvering, increasing speed away from the threats etc. All
these measures can be part of risk mitigation and improving the security of the cargo even if the
vessel is unmanned. All measures must of course be a part of the vessel's risk evaluation and risk
process, which we will discuss later in the report.

The engines and propulsion system are also a critical part of the vessel. What if the engines shut down
and there is no crew onboard? Vessels today that have crews on board can also experience shut
downs, and not every situation is possible to solve for the crews on board either. The difference is that
unmanned vessels need more sensors to detect and possibly repair technical issues online. Knowledge
about the engines, rate of failure, and different problems that we know happens from time to time
must be evaluated in risk analyzes and the situations need to be considered, evaluated and possible
solutions proposed and installed/programmed during the design phase of the system.

Redundancy of the engines for example will be an important mitigation measure, but this must also be
seen in context of the type of vessel and the operation areas. If redundancy is not enough for the
situation, and a complete shutdown occurs, this must trigger alerts to the shore-based operator center,
or where the vessel is monitored. Remotely repairs or can be a solution, otherwise control center must
inform the correct instances which can get on board for repairs. This will of course demand
communication with the vessel at the time. If not, the vessel must be pre-programmed with mitigation
actions for the vessel to get into “safe condition”. This can send warnings, alerts, warn vessels around,
drop anchor if feasible, ensure communication with control stations in all possible manners, etc. We
always think man onboard will solve everything, but many situations can probably be solved in a
better way, either remotely online, or autonomous. The most important thing is to get the possible
critical issue into the risk management process.

Navigational rules
“It is expected that all ships will be capable of executing maneuvers and steering in accordance with
the basic rules of navigation as prescribed by the COLREGS.” (IMO, 1972)

The currently existing International maritime laws/ legal order is not yet prepared for the operation of
autonomous vessels (Dr Barbara Stępień, 2021) In the case of the maritime industry, which is
fragmented, there are no standardized ship bridges. For each vessel the bridge equipment and design
will be different with respect to the respective manufacturing companies. But in the current scenario
like in the aviation industry, following a standardized design, where sensors and other automatic
decision support equipment are integrated into the system by the product manufacturers by to
following the internationally accepted standards seem like a feasible solution for the design of
autonomous vessel, there should be a standardized procedure for the design of bridge equipment’s and

9
decision support equipment like sensors and camera, which has to be followed by the all autonomous
vessel manufacturing companies. Authorities should develop uniform training programs for people
onshore who will be controlling/monitoring the autonomous vessels. Topics discussed with our
teacher during lectures (Viet Dung Vu, personal communication, August 2021).

According to the COLREGS Rule 5 Look out: "Every vessel shall at all times maintain a proper
lookout by sight and hearing as well as by all available means appropriate in the prevailing
circumstances and conditions so as to make a full appraisal of the situation and of the risks of
collision." (IMO, 1972)

However autonomous vessels can be manned or unmanned. In the case of unmanned vessels there
won’t be any people to perform the tasks mentioned in rule 5. However, the existing legal order will
most likely accept the remotely operated vessels mainly because of the presence of a person in charge
of operating the vessel from a bridge on shore, this means that the bridge is never unattended but the
ship's bridge will be connected to the ship remotely by making use of available technology. And for
remotely operated vessels, people operating the vessel can possibly perform the watch by the help of
sensors and cameras used for the purpose of situational awareness. However, this equipment used for
situational awareness around the vessel must be at least as reliable as a person onboard. (Yoshida,
Shimizu, Sugomori, & Umeda, 2020)

According to the COLREG rule 6 regarding the safe speed, every vessel needs to be aware of its
surroundings. Especially looking for obstacles and other vessels and small fishing vessels and during
the worst weather conditions the radar may not be able to identify the obstacles and vessels nearby.
(IMO, 1972) So it might increase the risk of collision of the unmanned autonomous vessels because
the people operating the vessel from the control room on shore can only rely on the equipment on
board for decision making, and that equipment may not perform well as it was expected to be, when
the climate condition changes (raining or snowing). These radars may not be able to detect the
obstacles, if the obstacles are at a position which is below the attitude level which the detection waves
of radar travel through. However, a fully autonomous vessel will not have to rely on the human factor,
given a suitable MRC and clearly defined DST it could possibly increase safety.

As per article 94, duties of flag state, each ship must be under the direction of a properly qualified
master, in particular in navigation, communication and marine engineering. As this United Nations
law of the sea. (UN, 2019) The autonomous vessels cannot be left unmanned. Or we can use night
vision cameras / infrared cameras/ thermal signature sensors for better vision during night times, and
people performing watch on onshore control stations can rely on the situational awareness provided
by these night vision cameras and sensors equipped on the remotely operated autonomous vessels.

COLREG rule 2 covers the responsibility of the master, owner and crew. Rule 8 covers actions to be
taken to avoid collision, and rule 18 is regarding the responsibilities between vessels. (IMO, 1972)
Autonomous vessels can follow the major part of these rules, especially the autonomous vessels can
meet the current COLREG collision avoidance rules. Rolls Royce’s MAXCMAS project in
partnership with Lloyd's register developed an algorithm which supports the autonomous navigation
system in taking optimum measures to avoid collision. (LR, 2016)

10
As per SOLAS, Regulation IV/16 all vessels must carry people who are qualified for distress and
safety radio communication purposes to the satisfaction of the administration, as per this
recommendation no vessel if it’s a passenger vessel or a cargo ship can never be left unmanned. In the
case of passenger vessels, normally people won't like giving the control of the ship entirely to an
autonomous system. And in case of medical emergency there is need for qualified personnel onboard
to assist the passengers and people in distress. (Mehnazd, 2021)

As per now there are opportunities in the current legislation, to start scoping autonomous vessels.
However, it is quite possible that rules and legislations will be updated as we get more experience
with remote controlled, and autonomous vessels.

Seaworthiness and error in navigation

Due to recent and current technological advancements, the Autonomous Unmanned Vessels is
becoming the reality and further developments are on the way in the near future to make it feasible in
every aspect. It is anticipated that the Autonomous vessels will boost economic and social
sustainability to ensure safe and eco-friendly operations. A recent example is Yara Birkeland, the
navigation of Unmanned Autonomous ships without human involvement is technologically possible
in the current era. After the emergence of Autonomous vessels technology, the seaworthiness of
Autonomous ships is becoming the main focus of discussion.

Seaworthiness is the ability of a ship to sail on the sea and to be more specific the adequacy and
sufficiency of a ship to face the perils of the marine adventure, but from the perspective of maritime
law, there is no unique definition that fits all the voyage such that it is not an absolute condition that
fits all type of ship also it is not just the physical fitness of ship but also includes other factors, in
which the principal factor is the Human element onboard.

William Tetley defines seaworthiness as “the state of the vessel in such a condition, with such
equipment, and manned by such a master and crew, that normally the cargo will be loaded, carried,
cared for and discharged properly and safely on the contemplated voyage” (Tetley, 1988). Historically
seaworthiness started as cargo interest to keep the vessel seaworthy and then gradually become an
obligation upon the shipowner to keep the vessel seaworthy, looking to the history the term seaworthy
is not static but constantly developed so it could be arguable that laws can be modified according to
the current technology changes. Also, it is understandable that an important aspect of seaworthiness is
the manning of the vessel.

The legal obstructions have appeared in the carriers implied seaworthiness common laws and
international rule such that Hague Visby rule, Rotterdam rule, charter parties, and ISM code as well as
STCW, these are considered to be the legal frameworks suggests that the crew onboard are
Prerequisite to qualify a vessel as seaworthy but due to lack of crew onboard in Autonomous
Unmanned vessels, as a result, they deemed it unseaworthy.
11
The classification of a ship plays a crucial role to define the seaworthiness of the ship. Before the
analysis, it is important to first identify whether the unmanned autonomous vessels are classified and
come in the legal term of the ship. Autonomous unmanned ships are different from conventional
manned vessels and the fundamental difference is the absence of crew on board. Therefore, it is
important to find out whether the human on board is an important element or not to classify any object
as a ship. If it is the fundamental element to declare any object as “Ship “then unmanned autonomous
vessels cannot be classified as ships and it contradicts the rule regulation and international law of
conventional Manned Ships.

But there is not any common definition of a ship in the International Maritime law conventions.
Different criteria are adopted in the classification of an object as a Ship in the national legislation. For
example: According to the UK criterion is that any vessel is considered to be a ship if it is used for
navigation (Mandaraka-Sheppard, 2014), In the US criterion the defining factor is the use of the
vessel for transport (Schoenbaum, 2004), In Greek, the defining criteria is the capacity of the vessel
with the self-propulsion movement (Kampantais, 2016) while in Dutch legislation the determinative
criterion is that any floating construction is ship other than aircraft (Kampantais, 2016).

From the above definition it is clear the in any international Maritime law conventional and national
legislation the determinative factor is not the human element to define any object is a ship, so the
Unmanned autonomous vessels and conventional manned vessels come in the same category and
there is nothing that put out the autonomous vessels from the scope of ship definition. However, the
legislation, law, and convention need to be modified to define the seaworthiness of Autonomous
ships. The obligation in-laws and issues with the international rules of seaworthiness for the
Autonomous vessels:

The concept and provision of seaworthiness under the Hauge Visby Rule is “ the carrier shall be
bound before and at the beginning of the voyage to exercise due diligence to (a) make the ship
seaworthy (b) properly man, equip and supply the ship” according to this rule the carrier is bound to
exercise due diligence to ensure seaworthy ship before the voyage and the ship is considered to be
seaworthy only if she is properly equipped with manned (crew). Furthermore, the adequacy and
competency of manning including master and crew are judged onboard the vessel. Whereas due to
lack of crew onboard in the case of an autonomous unmanned vessel deemed it unseaworthy.
(Kampantais, 2016)

The Rotterdam rule is similar to Hague-Visby rule as the carrier is under the obligation to exercise the
due diligence to properly manned the ship and keep it for the entire voyage. But the fact is this rule is
not yet ratified no case law has been prescribed that suggests that the master and crew need to be on
board so it could be an opportunity to make an amendment in such a way that it includes an
Autonomous ship in seaworthiness provisions. (Kampantais, 2016)

The Hamburg rule is different from all the other rule of convention it replaces all the provision of the
Hague Visby Rule regarding seaworthiness and state that “The carrier is liable for loss unless the
carrier proves that he, his servants or agents took all measures that could reasonably be required to
12
avoid the occurrence and its consequences.” It is clear that for a ship to be seaworthy no obligation
for the carrier to provide a manned ship is required. As a result, the seaworthiness regulation is
capable of encompassing the autonomous shipping context and no issues are anticipated.
(Kampantais, 2016)

In charter parties, the concept of seaworthiness is also clear. In the time charter, the owner is obligated
to provide a seaworthy ship. In the voyage charter, the shipowner is under the obligation to exercise
due to the personal want of negligence to provide a seaworthy ship. And one of the principal limbs of
the seaworthy ship is the adequacy and competency of the master and crew on board. So, the
Autonomous Unmanned ship is considered to be unseaworthy due to the lack of crew and master
onboard (Kampantais, 2016).

International Safety Management (ISM) Code and the international convention on the standard of
training, certification, and watchkeeping for seafarers (STCW). According to the ISM code, the
shipowners and ship manager must develop, maintain and implement the safety management system
to ensure safe operation of the ship as well as the flag state issue the Document of Compliance (DOC)
to ensure the safety management in compliance with ISM code.

According to ISM wording of the provision regarding human elements is that each shipping company
has to ensure that the ship is “manned with qualified, certified and medically fit seafarers in
accordance with the national and international standard” (IMO, 2013). It suggests that the ship is to
comply with the ISM code and should be properly manned. From the above statement, the
relationship between ISM code and Seaworthiness is clear, ISM code has set the international
standard for safe and eco-friendly operations and in case the absence of a safety Management system
and Document of compliance onboard a vessel declares the vessel unseaworthy. And failure with the
ISM code is considered as a failure to comply with seaworthiness obligation under the Hague-Visby
Rule and other similar rules. From the above discussion, it is clear that the Autonomous Unmanned
vessel is prima facie unseaworthy not in compliance with the ISM code and the STCW convention.

In conclusion, the absence and presence of crew onboard play a crucial role in the seaworthiness of
ship, More specifically in the conventional manned ship the crew and master onboard can be replaced
with the crew and master onshore site accordingly the sufficiency and competence have to be the
judge of the shore personnel, still, it is difficult to prove the degree of similarity between the
conventional manned ship master and crew in comparison with the master of the shore.

Ship navigation is the maneuvering or movement of vessels from one point to another point by
controlling the position and following the planned route. There are a few problems with the
navigation of autonomous vessels Autonomous vessels are still under consideration and have not been
legalized in international laws so in case of the collision who will be responsible for the losses i.e.
according to which rules and regulation these losses will be covered and another very important issue
with the Autonomous vessels technology is that it is just at the initial stage, it has to navigate with
conventional Manned vessel following COLREGs whereas these rules are not modified yet for the
Autonomous Vessels, two different types of vessels has to be navigation in the same water flow. Most

13
importantly during the crossing of vessels how the conventional manned vessels will know about the
intentions of Autonomous vessels to avoid the collision.

Also, the COLREGs have been developed based on different possible real scenarios for the manned
ship while implementing the rule on autonomous vessels there is a chance that these scenarios can be
interpreted quite differently by software programmers in the form of coding to autonomous systems.

Another challenge in navigation is related to the importance of watchkeeping of master and crew in
conventional manned vessels. The master utilizes the cognitive capabilities to decide related to the
situation whereas on the other hand the autonomous vessels will decide only relying on the sensor
data and algorithms. (Rivkin, 2021)

Error in navigation equipment is also a big challenge for autonomous vessels during operation. Global
navigation satellite system (GNSS) with heading devices are essential for the navigational system. In
addition, it is the major source of communication for autonomous vessels operation. It is expected that
the GNSS receiver will be the primary source of position information for the autonomous ship. It is a
very reliable and accurate positioning system, however, the problem of threats to its correct operation
is currently being raised. Such as spoofing, interference, cyber-attacks, environmental issues as well
as GNSS band congestion. (Felski, & Zwolak, 2020)

In conclusion, the transparency and intention of autonomous ships should be predictable to master and
crew of Manned vessels, complying with SOLAS all the ship should communicate their position and
direction to allow the other vessels to track and define the route, and all the documents include
COLREGs rule, international law, and IMO code should be modified according to the need to ensure
the safe navigation of vessels. As well as regarding the GNSS-related issues specifically band
congestion and interference many people have demanded the land base radio navigation system.
Enhanced Loran (eLoran) is already operational in the UK, USA, and Korea. It is a high-power radio
navigation system signal that can be an alternative to GNSS. (Felski, & Zwolak, 2020)

Cyber risks and Security

When large ships and operational technology onboard will merge with information technology and
cyber systems this will enforce the need for security measures. A lot of old technology is used in the
maritime industry today, and many new solutions and equipment are needed to ensure safe and secure
systems for Cyber-Enabled ships. The systems must be rigid and resistant enough to withstand
hackings, intruders and possible cyber-attacks.

The term "cyber-enabled ship"(C-ES) refers to both remotely operated and autonomous ships. The C-
ES is a cyber physical ecosystem made up of the vessel, a Shore Control Center (SCC) that manages
and maintains the C-ES, communication lines between the vessel and the SCC, and other ships in the
area. (Kavallieratos & Katsikas, 2020, p. 1)

14
The vessels and control centers need to be prepared for security breaches and attacks and must have
systems to detect this. Autonomous ships will need to have much more sophisticated security
measures than we have yet seen used on cars (Brooks, 2016).

Sophisticated security systems can be difficult and costly to break into and need persons with good
knowledge about the theme. Cyber-enabled ships must have sufficient enough security measures to
deny hacking as a real option. Large companies and institutions like banks, power plants, Defence
departments etc. have had many similar difficulties entering into the “cyber-era”. There will always
be a risk when connected online, but designers and security engineers can make it very difficult.
Many of the large-scale hackings we have seen in Norway last years have been conducted by other
large governments or intelligence agencies (PST, 2021). These will often have both money and
competence to fulfill an act like this, and it will be difficult for companies to compete with them, but
one must also ask the question if these actors have the will or need to do hackings or steal ships or
cargo. Probably not, at least not during peacetime when actions like this can have an impact on stocks
and economy, however hacking into control centers to gain intelligence advantages will be much
more likely.

On the other hand, these very secure systems are not onboard vessels today, and the maritime industry
has not been the front runner in implementing sophisticated security measures. All new solutions will
have a cost. How much is enough? How safe must it be, and what are the threats?

Threats
Risk is defined as “the effect of uncertainty on objectives” (ISO, 2018a, p 8)

Bolbot, V., Theotokatos, G., Boulougouris, E., and Vassalos, D. have done research on assessing the
security risks of autonomous ships, or what they call Cyber-Enabled Ships. They have highlighted
some threats that must be considered when designing security systems for autonomous ships. (Bolbot,
Theotokatos, Boulougouris & Vassalos, 2019)

• Social engineering, e.g. scam on e-mails. (Flaus, 2019).

• Flash media, malware installations (Lund, Hareide, & Jøsok, 2018).
• 4G protocol, vulnerable to attacks (Hussain, Chowdhury, Mehnaz & Bertino, 2018).
• Ship’s satellite communications systems, vulnerable to hacking (Munro, 2017).
• Vulnerabilities in Virtual Privat Networks, e.g. obsolete communication protocols, passwords,
firewall configurations etc. (DNV GL, 2016; Flaus, 2019; Munro, 2017; Oates, Roberts &
Twomey, 2017).
• Physical assaults - intruders, or components can be installed at harbor with malware. Patching
of software. Tamper the sensors, or sensor readings, giving false alerts or warnings (Flaus,
2019; Oates et al., 2017; Shinohara & Namerikawa, 2017).
• SQL injections – attack of navigation equipment (DNV GL, 2016; Flaus, 2019; Wingrove,
2018).
• GPS Signal – weak and can be blocked, faked (Borio, Driscoll, & Fortuny, 2012; Boyes &
Isbell, 2017; Farid, Ahmad, Ahmed, & Rahim, 2018; Goward, 2017).
• AIS – no encryption on VHF channel, with vital information (Maritime Affairs Directorate of
France, 2016).

15
 • LiDAR sensors – signals can be faked (Brooks, 2016).
• Cameras – can be fooled or faked. Fake controllers can carry out attacks. (Alguliyev,
Imamverdiyev, & Sukhostat, 2018; Brooks, 2016; Bozdal, Samie, & Jennions, 2018; Kang,
Song, Jeong, & Kim, 2018).

Methods for Managing Cyber Security Risks

There are many different methodologies for risk
assessments. Bolbot, V., Theotokatos, G.,
Boulougouris, E., and Vassalos, D. have
explained in detail the Cyber Preliminary Hazard
Analysis, CPHA (Flaus, 2019), which is a well-
known method for safety assessment (is one that
Kavallieratos and Katsikas describes like this:
“characterizes important hazardous situations by
integrating the prospective assault type and the
Figure 3 - CPHA methodology flowchart.
(Bolbot et al., 2019)
related hazardous effects” (Kavallieratos &
Katsikas, 2020).

Kavallieratos and Katsikas have conducted research to secure cyber-enabled ships, and they have
defined threats, equipment and situations for the cyber physical systems, and through different
methodology like STRIDE and DREAD together with risk assessments they have defined a basis of
security measures, and a proposed security structure of C-ES instances (Kavallieratos & Katsikas,
2020).

STRIDE is an acronym formed by the initials of six security threats: Spoofing, Tampering,
Repudiation, Information disclosure, Denial of Service, and Elevation of privileges. A method by
Loren Kohnfelder and Praerit Garg in 1999, and described in detail by A. Shostack (Shostack, 2014,
p. 61-86).

DREAD is by Microsoft explained as an acronym from: Damage, Reproducibility, Exploitability,

Affected users/systems, and Discoverability (Microsoft, 2010)

Bolbot et al. have made a risk matrix of 48 situations related to security measures, and proposed
mitigation actions to increase the security for the systems. The figure shows a small example of their
work. This is one method of important work that needs to be done for autonomous vessels. The
situations or systems mentioned can vary for ship to ship, and areas of operation. This will help to
map what solutions are needed, and help focusing on the parts that need the most security attention.

For Cyber-enabled ships the risk assessment is a continuous process, with sensors, communication,
processing and evaluation. The system must build up a situational awareness, and continuously
evaluate the situations to be able to act upon threats or avoid getting into dangerous situations for the
system.

16
ISO 31000 defines the risk management process with 5 sub processes as follows (ISO, 2018b):

1. The external and internal environment for cyber security risk management should be defined,
which includes identifying the fundamental criteria for cyber security risk management,
defining the scope and bounds, and putting in place an appropriate organization to handle
cyber security risk management.
2. Risks should be assessed, that is, recognized, quantified, or qualitatively characterized, and
prioritized against the organization's risk evaluation criteria and objectives.
3. A risk treatment strategy should be created, as well as controls to minimize, maintain, avoid,
or share the risks.
4. Risk information should be disclosed and/or shared between the decision-makers and other
stakeholders
5. Risks and their components should be monitored and analyzed on a regular basis to spot any
changes early on and keep a clear image of the overall risk picture. As shown in Figure 1, the
cyber security risk management process for risk assessment and/or risk treatment activities
can be iterative.

Security architecture
Kavallieratos and Katsikas explain that understanding, analyzing, and managing the cyber risks that
an ecosystem confronts is the first step in strengthening its cyber security posture. This will eventually
lead to the creation of a security architecture that includes suitable cyber security controls that will
mitigate the risks. (Kavallieratos & Katsikas, 2020)

Figure 4 - Illustration of Network logical modelling and security zones/architecture. (Bolbot et al., 2019)

The figure shows an illustration of a security architecture from Bolbot, Theotokatos, Bujorianu,
Boulougouris and Vassalos in how to divide the whole system into different security zones with
different needs of protection and security measures. The architecture will be a result of the risk
assessments and evaluation, and a part of the risk management process.

17
Bolbot, Theotokatos, Bujorianu, Boulougouris and Vassalos concluded their research with some
suggestions for the cyber security (Bolbot et al., 2019, p. 9):

• Increasing communication redundancy across various network zones (Zone 1, Zone 2,

Zone 3, and Zone 4).
• Firewalls should be installed between each zone (on the conduits).
• Added a safety mechanism that verifies the activities of the autonomous navigation
control system are safe.
• Sanity checks and filtering for GPS signal measurements, as well as the insertion of anti-
interference antennas.
• The VHF broadcasts are encrypted.
• Kernels are used on essential controllers.
• For software upgrades and patching, two or three factors authentication is required.
• In each zone, an intrusion detection system should be installed.
• Choosing crucial health sensor readings and delivering them to the shore control center at
predetermined intervals.
• In the event of a major system failure, implement a safe system shutdown.
• Using power take-in/take-off mechanisms to link the main engine to the generator.
• Plan route verification by the shore control center.

What we have seen through the different methods, assessments and suggestions, is that there must be
a proper risk analysis process when designing and preparing the different ships, when all is dependent
on operation areas, cargo, vessel size etc. What is mentioned through our sources in this report is like
a baseline that must be as a minimum before starting to build the complete security architecture for
the different vessels.

The risk process will be a continuous process when operating the C-ES systems, and the initial
assessments and analysis process when building and designing the systems will be vital for the
security architecture, defining security zones with different complexity and encryption. We also
believe this will be improved during the coming years getting more experience and knowledge from
the first pilot projects of autonomous vessels.

Depending on the area of operation, additional security measures to the mentioned baseline probably
will be needed. This will emerge from the respective risk assessment process for the vessels. Some
parts of the world have an increased risk of piracy and intruders. Vessels for these areas might need an
increased number of different sensors and also perhaps “soft kill” weapons on board, making it
extremely difficult to even get on board. We earlier mentioned examples of “soft kill” arrangements.

The ship can be arranged with different security zones and can have pre-programmed actions if zones
are intruded. Another concern is of course if the ship is hacked and remotely taken over online, as
there have been examples of autonomous cars (Brooks, 2016). This will also be a constant threat to
the security measures, and there will always be a risk like it is for our banking system, power plants
connected online etc. The security will be an important cost when making and operating the ship. This
also means you will need highly skilled people and expensive equipment to be able to conduct an
operation like this. To see it as a threat there must be someone that has both the ability and
willingness to conduct an act like this.

18
If someone should manage to get to the point that they have remote control over the ship. All
autonomous ships must somehow be monitored by coastal authorities and the shipping companies or
owners. A deviation from planned route or actions, or deviation in communication must also
somehow alert the supervisors. But if a proper security architecture is designed, I believe it will be
more difficult to take over an autonomous ship, than it is to hijack and take over a vessel today. This
does not mean we shouldn’t focus on these measures, because they are important issues to solve to
even get the autonomous vessels approved by authorities, and to ensure the safety and security of the
cargo.

Liability and its limitations

Autonomous ships are set to become the future in the maritime industries, and this is gradually
gaining new ground on a global scale. However, this new venture and the use of autonomous ships in
commercial shipping will undoubtedly present a number of challenges that have simply not been
thought of before. One such challenge is how liability should be determined in the event of an
accident or claim arising from a defect in the autonomous technology. The question is, who will be
liable if things go wrong and any damage caused by autonomous ships?

There are a lot of liability and limitation rules applicable to the shipping industries. Organizations like
International Maritime Organization (IMO) and others have formulated rules which are widely
applicable, and various countries and their maritime regulations have imbibed and aligned a couple of
these rules in relation to their regions. For example, in Norway, the Norwegian Maritime Code
(NMC) based liability rules on the principle of negligence (Westgård, 2021). Likewise, in accordance
with the 1910 Collision convention, the NMC collision rules are fault-based, and all these liability
rules are quite similar to other jurisdictions around the world. However, civil liability for shipowners
is regulated nationally and varies from jurisdiction to jurisdiction, which results in complex legal
issues and relative to law and territories (CORE & Cefor, 2018).

Asides liabilities issues, another area of concern calling for global attention and collective agreement
is the jurisdiction aspect of autonomous ships. An insight from Denmark’s Danish Maritime
Authority’s final report in December 2017 on the analysis of regulatory barriers to the use of
autonomous ships (DMA, 2017), indicates port and coastal states right to ban, authorizes and decides
which ships can lay at their port. Under UNCLOS, article 25(2), 211(3), 22 and section 4.3.2
(jurisdiction as a coastal state and port states), seems not to want autonomous ships in their waters.
This official power to make legal decisions and judgements by sectional states will still limit
navigation location of autonomous ships and potentially hamper trade areas.

As it is, autonomous ships navigation is still limited and only been test run in certain locations,
hopefully this will expand and improve as years goes by. Because one of the end goals of autonomous
ships is to deliver goods and services to various locations like the normal conventional ship that we
have and operate.

19
However, if these autonomous ships are ever to operate commercially, the existing international legal
and liability framework has to be reviewed and updated. Under the existing legal framework, liability
is apportioned according to the degree of fault and is usually placed on the ship owner. As there could
be several parties involved in the construction of an autonomous ship, each of which may be
responsible for the defect giving rise to the claim, it might be appropriate to transfer liability from the
shipowner to these other parties. However, in this case, new issues arise in terms of applicable law,
jurisdiction, value of the potential defendants, etc. Moreover, a potential third-party plaintiff would
not only have to identify all parties who might be responsible (including software programmers,
sensor manufacturers, hardware producers, etc.), but would also have to prove their culpability for the
damage that occurred. This would make any recovery action a cumbersome, expensive and prolonged
process.

A viable alternative would be to hold the ship owner strictly liable for all claims arising out of the
operation of the autonomous ship. This would make it easier for plaintiffs to pursue their claims and
recover their losses. It also protects the manufacturers of the technology, who are not entitled to limit
their liability for maritime claims by third parties and who may therefore find it difficult to obtain
Protection and Indemnity insurance against such claims. According to Gard P&I, a member of The
Nordic Association of Marine Insurers, ‘’the purpose of Protection and Indemnity ("P&I") insurance
is to shield the insured from the risk of his liability to others arising from his maritime activities’’.
Unlike loss insurance, P&I responds to liability for damage or loss which the insured has caused to
others (Gard, 2021). Shipowners are generally entitled to limit their liability for maritime claims. This
puts them in a better position to obtain appropriate insurance cover.

The shipowners' right to limit their liability will only be affected if the plaintiffs can prove a personal
act or omission by the owners that is causative of the plaintiff's loss. For this to be the case, the "act or
omission" must be that of a person who can be regarded as the directing mind and will of the
shipowner and stakeholders. If the damage was due to a defect in the programming or software of the
autonomous ship, it would be difficult for plaintiffs to prove a personal act or omission on the part of
the ship owner, and therefore virtually impossible to break the perimeter. Thus, even if a strict liability
rule established the shipowner's liability, the owners would almost always be entitled to limit that
liability unless the "personal act or omission" test were modified. In any event, under a strict liability
regime, the shipowner would generally have a right of recourse against the manufacturers of the
technology for the liability incurred.

In summary, a strict liability regime is probably the most appropriate option to deal with the liability
issues arising from autonomous operation. The shipowner and stakeholders who allow a fully
autonomous ship to set sail are well aware of the shortcomings of the technology and the risk it poses
to other ships in the shipping industry, and should therefore be held responsible for assuming that risk.
However, an exception to this rule should be made for losses occurring during periods when the
unmanned ship is not operating autonomously (e.g. at anchor). In this case, the actions of the
shipowner would not necessarily have created a risk to navigation and it would also be easier to
identify the party whose fault led to the accident or caused the loss.

As regards to jurisdictions, it is important that international agreement on the regulatory requirement

is reached, so that autonomous ships are not limited to national waters where the national maritime
authorities have the powers and positive attitude to autonomous ships.

20
Conclusion
In this paper we have highlighted the following issues: definition issues, issues with absence of crew,
issues with the COLREGS and autonomous vessels, seaworthiness, cyber risks and liability.
Autonomy is in development, and the possible future with autonomous vessels has just started as a
clear example; there is the Yara Birkeland that recently had her first voyage. There are clear
definitions for automation and autonomy, however it is expected that this area will develop as the
technology gets better and we receive more experience with autonomous vessels. Legislations for
unmanned autonomous vessels have just started, and we are at the beginning of a new era for the
maritime industry. The COLREGS are from 1972 and when they were made they were not intended
for autonomous vessels, at the moment they offer limitations regarding autonomous vessels. However,
there are opportunities in the current rules and legislation to have scoping exercises where operators
are onboard and monitoring have operators monitor the vessels operating at DA4. This will give us
experience and statistics to define new legislation and rules.

The future scenario with absence of crew onboard could play a crucial part in the seaworthiness of a
vessel. Specifically, in the case of malfunctions and errors on the navigation and communication
equipment. Propulsion issues could also cause the vessel to not be seaworthy anymore. Therefore, it
will be crucial to have backup systems for both navigation, communication and propulsion. In the
case where the vessel shuts down, and it is not possible to repair or start it from an onshore control
center there will have to be procedures to what steps the autonomous vessel should take to ensure a
“safe state” until a service team will get onboard to repair the issues.

Security for autonomous vessels will need to have a completely new and larger focus than we have
earlier seen in the maritime industry. A complete risk analysis and evaluation of the respective
vessel's operation will be an important job during design and building of the vessel. The analyzes
must include the entire ecosystem, or C-ES system. We have shown different methods to be used, for
designing the security architecture, and that the risk management process onboard the ship is a
continuous process during the vessel's operation. Security will probably be divided in different zones
with different encryption and complexity dependent on the vessel type, security measures needed, and
the different threats emerged from the risk assessment for the vessel. There must be a baseline of
security measures for all autonomous vessels, but additional measures will be vessel and operational
dependent. In general, we must think new, and leave the ordinary mindset that people on board will
solve every situation, because they cannot. The maritime industry has long records of accidents and
hijackings with persons onboard. Perhaps solid security architecture on autonomous vessels can
improve the security and safety at sea.

As regards liabilities and jurisdictions, a lot of work still needs to be done. All regulatory bodies and
parties need to come to a full agreement and draw up a concrete legal framework that will serve as a
global standard and be acceptable to all. Like we have in conventional ships, there are general rules
and also diverse compliances from individual countries and coastal regions, which work harmoniously
with each other. Structures like these can be formed also as regards liabilities, Limitations and
jurisdiction for autonomous ships, which still seems unilateral to date. However, we hope that solid
common ground will be agreed upon in the nearest future and made applicable to autonomous ships.

21
References
Alguliyev, R., Imamverdiyev, Y., & Sukhostat, L. (2018). Cyber-physical systems and their security issues.
Computers in Industry, 100, 212-223. [Link]

Benjamin, M. R., & Curcio, J. A. (2004, June 17-18). COLREGS-based navigation of autonomous marine
vehicles. IEEE/OES Autonomous Underwater Vehicles, Sebasco, ME, USA.
[Link]

Bolbot, V., Theotokatos, G., Boulougouris, E. & Vassalos, D. (2019, September 17-20). Safety related cyber-
attacks identification and assessment for autonomous inland ships. International Seminar on Safety and Security
of Autonomous Vessels (ISSAV), Aalto University, Espoo, Finland. [Link]

Borio, D., Driscoll, C. O., & Fortuny, J. (2012, December 5-7). GNSS Jammers: Effects and countermeasures.
6th ESA Workshop on Satellite Navigation Technologies (Navitec 2012) & European Workshop on GNSS
Signals and Signal Processing, The European Space Agency (ESA), Noordwijk, the Netherlands.

Boyes, H., & Isbell, R., (2017). Code of practice - cyber security for ships. Institution of Engineering and
Technology, London, United Kingdom.
[Link]
[Link]

Bozdal, M., Samie, M., & Jennions, I. (2018, August 16-17). A Survey on CAN Bus Protocol: Attacks,
Challenges, and Potential Solutions. Institute of Electrical and Electronics Engineers. 2018 International
Conference on Computing, Electronics & Communications Engineering (iCCECE), Southend, United Kingdom.
DOI: 10.1109/iCCECOME.2018.8658720.

Brooks, Z. (2016). Hacking driverless vehicles. DEF CON Communications.

[Link]
[Link]

CORE & Cefor (2018, December). Maritime autonomous surface ships - Zooming in civil liability and
insurance. CORE Law Firm and Nordic Association of Marine Insurers (Cefor).
[Link]
insurance—[Link]

DMA. (2017, December). Analysis of Regulatory Barriers to the Use of Autonomous Ships - Final Report.
Danish Maritime Authority.
[Link]
of%20Autonomous%[Link]

DNV GL. (2016). Cyber security resilience management for ships and mobile offshore units in operation
(DNVGL-RP-0496). Det Norske Veritas Group. [Link]
[Link]

DNV GL. (2018). Class Guideline - Autonomous and remotely operated ships (DNVGL-CG-0264, Sept. ed.).
Det Norske Veritas Group. [Link]

Evensen, M. H. (2020). Safety and security of autonomous vessels. [Master thesis]. University of Bergen.

Farid, M. A., Ahmad, M., Ahmed, S., & Rahim, S. S. (2018). Impact and detection of GPS jammers and
countermeasures against jamming. International Journal of Scientific & Engineering Research, 9(12), 47-54.
[Link]
6/publication/330223087_IMPACT_AND_DETECTION_OF_GPS_JAMMERS_AND_COUNTERMEASURE
S_AGAINST_JAMMING/links/5c34d6a4299bf12be3b79efb/IMPACT-AND-DETECTION-OF-GPS-
[Link]

22
Felski, A., & Zwolak, K. (2020). The Ocean-Going Autonomous Ship—Challenges and Threats. Journal of
Marine Science and Engineering, 8(1), [Link]: 10.3390/jmse8010041. [Link]
1312/8/1/41

Flaus, J.-M. (2019). Cybersecurity of industrial systems. ISTE Ltd.

Gard. (2021). Standard P&I cover. [Link]

Global Institute of Law. (2021, November 5). Autonomous and Unmanned Vessels as a Challenge to the Law of
the Sea [Video]. YouTube. [Link]

Goward, D. (2017, July 11). Mass GPS Spoofing Attack in Black Sea? The Maritime Executive.
[Link]

Hussain, S. R., Chowdhury, O., Mehnaz, S. & Bertino, E. (2018). LTEInspector: A Systematic Approach for
Adversarial Testing of 4G LTE. Network and Distributed Systems Security Symposium. DOI:
10.14722/NDSS.2018.23313. [Link]
3_Hussain_paper.pdf

IMO. (1972). Convention on the international Regulations for preventing collisions at sea, 1972 (COLREGs).
International Maritime Organization. [Link]

IMO. (2013). The International Safety Management (ISM) Code. International Maritime Organization.
[Link]

IMO. (2018). IMO takes first steps to address autonomous ships. International Maritime Organization.
[Link]

IMO. (2021, May 25). Autonomous ships: regulatory scoping exercise completed. International Maritime
Organization. [Link]

ISO. (2018a). Information Technology – Security Techniques – Information Security Management Systems
(ISO/IEC 27000:2018, 5. Ed). International Organization for Standardization. Downloaded from:
[Link]

ISO. (2018b). Risk management - Guidelines (ISO 31000:2018, 2nd Ed.). International Organization for
Standardization. [Link]

Kampantais, N. (2016). Seaworthiness in autonomous unmanned cargo ships. [Master thesis]. Erasmus
University Rotterdam. DOI: 10.13140/RG.2.2.23001.11369.
[Link]
hannel=doi&linkId=5846f6c208aeda696822766d&showFulltext=true

Kang, T. U., Song, H. M., Jeong, S., & Kim, H. K. (2018, August 27-30). Automated Reverse Engineering and
Attack for CAN Using OBD-II. Institute of Electrical and Electronics Engineers. 2018 IEEE 88th Vehicular
Technology Conference (VTC-Fall), Chicago, Illinois, USA. DOI:10.1109/VTCFall.2018.8690781.

Kavallieratos, G. & Katsikas, S. (2020). Managing Cyber Security Risks of the Cyber-Enabled Ship. Journal of
Marine Science and Engineering, 8(10), 768. [Link]

Kongsberg. (2021). Wilhelmsen and Kongsberg establishes world’s first autonomous shipping company.
Kongsberg Group. [Link]
archive/2018/wilhelmsen-and-kongsberg-establish-worlds-first-autonomous-shipping-company/

LR. (2016, October 25). Collaborates on collision avoidance research project for autonomous vessels. Lloyd’s
Register. Retrieved December 15, 2021, from [Link]
avoidance-research-project-for-autonomous-vessels/

Lund, M. S., Hareide, O. S. & Jøsok, Ø. (2018). An Attack on an Integrated Navigation System. Necesse. The
Royal Norwegian Naval Academy. [Link]
23
Mandaraka-Sheppard, A. (2014). Modern Maritime Law and Risk Management. Taylor & Francis.
[Link]
aleka-mandaraka-sheppard

Maritime Affairs Directorate of France. (2016). “Cyber Security” Assessment and Protection of Ships
(September Ed.). Directorate-General for Infrastructure, Transport and the sea, Maritime Affairs Directorate,
France. [Link]
%2520Cyber%2520security%2520-%2520Assessment%2520and%2520protection%2520of%[Link]

Massterly. (2021). News about the autonomous maritime market. Massterly. [Link]

Mehnazd. (2021, September 16). SOLAS requirement for Global Maritime Distress Safety System (GMDSS).
Marine Insight. [Link]
safety-system-gmdss/

Merriam-Webster. (2021, November 28). Autonomy. Online Merriam-Webster Dictionary.

[Link]

Microsoft. (2010). Improving Web Application Security: Threats and Countermeasures Roadmap. Chapter 3 -
Threat Modeling. Microsoft Corporation. [Link]
p/ff648644(v=pandp.10)

MSC. (2018, May). Maritime Safety Committee: Regulatory Scoping Exercise for the use of Maritime
Autonomous Surface Ships (MASS). (MSC 102/5/18). International Maritime Organization, downloaded from
Norwegian Forum for Autonomous Ships, NFAS. [Link]

Munro, K. (2017). OSINT from ship satcoms. Pen Test Partners. [Link]
blog/osint-from-ship-satcoms/

Oates, R., Roberts, J. & Twomey, B. (2017). Chains, links and lifetime: Robust security for autonomous
maritime systems. Paper presented at the Marine Electrical and Control Systems Safety, Glasgow, United
Kingdom.

PST. (2021). National threat assessment 2021, Norway. The Norwegian Police Security Service.
[Link]
[Link]

Rivkin, B. S. (2021). Unmanned Ships: Navigation and More. Gyroscopy and Navigation, 12(1), 96-108.
Pleiades Publishing Ltd. DOI: 10.1134/S2075108721010090.
[Link]

Rødseth, Ø. J. (2018, November 7). Defining Ship Autonomy by Characteristic Factors. International
Conference on Maritime Autonomous Surface Ships (ICMASS 2018), Busan, Korea.
[Link]

SDIR. (2020, June 4). Rundskriv: Føringer i forbindelse med bygging eller installering av automatisert
funksjonalitet, med hensikt å kunne utføre ubemannet eller delvis ubemannet drift (RSV 12-202).
[Link]

Schoenbaum, T. J. (2004). Admiralty and Maritime Law (4th ed.). West Academic Publishing.

Shinohara, T., & Namerikawa, T. (2017). On the vulnerabilities due to manipulative zero-stealthy attacks in
cyber-physical systems. SICE Journal of Control, Measurement, and System Integration, 10(6), 563-570.
[Link]

Shostack, A. (2014). Threat Modeling: Designing for Security (p. 61 – 86). John Wiley & Sons.

Tetley, W. (1988). Marine Cargo Claims (3rd ed.). The Carswell Company.

24
UN. (1982). United Nations Convention on the Law of the Sea. (Article 94, para 4B). United Nations.
[Link]

UN. (2019). United Nations Convention on the Law of the Sea (UNCLOS): Agreement Relating to the
Implementation of Part XI of the Convention. United Nations.
[Link]

Westgård, A. M. (2021, 16 Feb). Liability for damage caused by autonomous ships - a Norwegian perspective.
Wiersholm Law Firm. [Link]
ships-a-norwegian-perspective

Wingrove, M. (2018, April 10). ‘Impregnable’ radar breached in simulated cyber attack. Riviera Maritime
Media. [Link]
simulated-cyber-attack-25158

YARA. (2021). Yara Birkeland will be the world`s first fully electric and autonomous container vessel with zero
emissions. Yara International. [Link]

Yoshida, M., Shimizu, E., Sugomori, M., & Umeda, A. (2020). Regulatory Requirements on the Competence of
Remote Operator in Maritime Autonomous Surface Ship: Situation Awareness, Ship Sense and Goal-Based Gap
Analysis. Applied Sciences, 10(23). [Link]

25