DENİZCİLİK SEKTÖRÜNDE SİBER GÜVENLİK, KRİTİK ALTYAPI VE SİBER DAYANIKLILIK

Gülsüm Koraltürk

Research Article

BibTex

RIS

Cite

DENİZCİLİK SEKTÖRÜNDE SİBER GÜVENLİK, KRİTİK ALTYAPI VE SİBER DAYANIKLILIK

Year 2025, Volume: 14 Issue: 1, 59 - 86, 02.06.2025

Gülsüm Koraltürk

Abstract

Günümüzde yaygın olarak kullanılan bilişim ve teknoloji ürünlerinin denizcilikte her alanda kullanıldığı bilinmektedir. Bu zamana kadar siber güvenlikle ilgili gemi, limanlar ve tedarik zinciri olmak üzere bir çok teknik rapor yayınlanmıştır. Denizcilikte meydana gelmiş güncel saldırılara incelendiğinde hemen hemen her tarafta siber saldırılara maruz kalındığını özellikle fidye saldırıların en çok pay aldığı tespit edilmiştir. Yaşanan siber saldırıların sonuçlarında ABD ve AB üye devletleri tarafından yapılan siber güvenlik çalışmaları ifade edilmiştir. Araştırmanın amacı, denizcilik sektöründe yaşanan olaylara karşı alınan ülkelerin, denizcilik klas ve liman birliği gibi kuruluşları eylem planlarını nitel yöntemle analiz edilmesidir. Bu bağlamda, genel kavramlar sırasıyla Siber Güvenlik, Denizcilikte IT ve OT kavramları, Kritik Altyapı ve Kritik Bilginin Altyapısı, ISO Bilgi Yönetim Standartları, Denizcilikte Siber Dayanıklılık Yasası açıklanmıştır. Yürürlüğe giren yeni düzenlemelere yer verilmiştir. Sonuç kısmında ise denizcilikte siber güvenliği artırmak için yapılması gerekenlere belirtilerek güncel gelişmeler esnasında sektörün siber güvenlik üzerine aldığı önlemlerin değerlendirmesi yapılacaktır. Denizcilikte Siber Saldırılar ile ilgili yayınlarda elde edilen bilgiler bir araya getirerek hazırlanmıştır. Devletlerin, denizcilik örgütlerin ve klas kuruluşlarının raporlarında gelinen son noktalar tespit edilmiştir. Liman, Gemi ve Tesislerin Siber Güvenliği ve Siber güvenlik hakkında akademik çalışmalarda gelinen en son noktalar Türkçe dilinde açıklanmıştır.

Keywords

Denizcilikte Siber Güvenlik, Kritik Altyapı, ISO Bilgi Standardı

Project Number

References

AMMITEC. (2016). Cyber Security Awareness.
DCSA. (2020). DCSA Implementation Guide for Cyber Security on Vessels v1.0. Digital Container Shipping Association.
The Oil Companies International Marine Forum (OCIMF). (2017). Tanker Management and Self Assessment 3 - A Best Practice Guide.
ANSSI. (2016). Best Practices for cybersecurity on-board ships. Agence nationale de la sécurité des systèmes d'information.
ClassNK. (2024). ClassNK releases Guidelines for Cyber resilience of ships.
KOREAN Register. (2024). Cyber Resilience Approval/Survey Guide for Ship Automation Systems.
T.C. Ulaştırma Altyapı Bakanlığı. (2023). Ulusal Siber Güvenlik Stratejisi 2020-2023. T.C. Ulaştırma Alt yapı Bakanlığı: https://hgm.uab.gov.tr/uploads/pages/siber-guvenlik/ulusal-siber-guvenlik-stratejisi-ep-2020-2023.pdf adresinden alındı
Polemi N. ve Van Maale C., 2. R. (2023). Cybersecurity in Maritime Critical Infraastructure Reflection of American Ports. The European Union through the Critical Maritime Routes Monitoring, Support and Evaluation Mechanism (CRIMSON III),.
BIMCO, Chamber of Shipping America, Digital Containership Association, INTERCARGO, InterManager, INTERTANKO, . . . WSC. (2021). THE GUIDELINES ON CYBER SECURITY ONBOARD SHIPS. BIMCO: https://www.bimco.org/products/publications/titles/the-guidelines-on-cyber-security-onboard-ships/ adresinden alındı
Finland National Emergency Supply Agency. (2021b). Maritime Cybersecurity- Best Practices for Vessels. https://www.huoltovarmuuskeskus.fi/en: https://www.huoltovarmuuskeskus.fi/en/a/new-maritime-cyber-security-guidelines-for-shipping-companies-and-ships adresinden alındı
Finland National Emergency Supply Agency. (2021a). Maritime Cybersecurity Report- Finnish Maritime Cybersecurity Maturity Current state report and best practices for the Finnish Maritime sector. https://www.huoltovarmuuskeskus.fi/en: https://www.huoltovarmuuskeskus.fi/files/87d5a22180c40cedd9cf89d2a2e2f026a18e31c8/maritime-cybersecurity-report.pdf adresinden alındı
Finland National Emergency Supply Agency. (2021). Maritime Cybersecurity-Best Practices for Shipowner Organisation. https://www.huoltovarmuuskeskus.fi: https://www.huoltovarmuuskeskus.fi/files/6236df888931eb8ad0bbc3ea23f3d2a04d5cbd56/cybersecurity-best-practices-for-shipowner-organisations.pdf adresinden alındı
IAPH. (2021). IAPH Cybersecurity Guidelines for Ports and Port Facilities. https://sustainableworldports.org/wp-content/uploads/IAPH-Cybersecurity-Guidelines-version-1_0.pdf adresinden alındı
ISO-ISO/EIC27001. (2022). nformation security, cybersecurity and privacy protection — Information security management systems — Requirements. ISO: https://www.iso.org/standard/27001 adresinden alındı
IMO. (2022). Guidelines on Maritime Cyber Risk Management. Greenberg, M. D., Chalk, P., Willis, H. H., Khilko, I., & Ortiz, D. S. (2006). Maritime Terrorism Risk and Liability. RAND Corporation.
Servida, A., Erhardt, J.-B., Savo, J., Kernkamp, A., & Polemi, N. (2011). Analysis of Cyber Security Aspects in the Maritime Sector. ENISA.
Kristoffersen, P. B., Hartvigsen, T., Myrvang, P., & Torjusen, A. (2015). Digitale Sårbarheter Maritim Sektor. Lysneutvalget.
Kretschmann, L., Rødseth, Ø., Tjora, Å., Fuller, B., & Noble, H. (2015). D9.2: Qualitative assessment. Kretschmann, L., Rødseth, Ø., Tjora, Å., Fuller, B.S., Noble, H., Horahan, J.: (2015).
IMO. (2022). MSC-FAL.1/Circ.3/Rev.2. Guidelines on Maritime Cyber Risk Management.
IMO. (2017). MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems.
NIST. (2022, Temmuz 10). NIST Risk Management Framework CSRC.
EU. (2022, Eylül 15). Cyber Resilience Act.
EU. (2024). The EU Cybersecurity Certification Framework.
ABD. (2002). Maritime Transportation Security (MTSA).
ECFR.GOV. (2025, Şubat 02). 33 Cfr part 6 Protection and Security of Vessels, Harbors and Waterfront Facilities.
USCG-United States Coast Guard. (2024, Şubat). Navigation and Vessel Inspection Circular No. 02-04.
USCG. (2025, Ocak 17). Final Rule: Cybersecurity in the Marine Transportation System.
USCG. (2025). https://www.dco.uscg.mil/Our-Organization/CGCYBER/. adresinden alındı
CGCYBER. (2025, Şubat). United States Coast Guard: https://www.dco.uscg.mil/Our-Organization/CGCYBER/ adresinden alındı
Eurpoean Union. (2025, Şubat). Cyber-Diplomacy. https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-policies adresinden alındı
ÖKER, U. (2022). Türkiye'de Kritik Altyapı ve Siber Güvenlik. Konrad-Adenauer-Stiftung Türkiye. Türkiye'de Kritik Altyapı ve Siber Güvenlik adresinden alındı
The Norwegian Maritime Cyber Resilience Centre. (2024). Cyber Annual Threatment Assessment.
The Norwegian Maritime Cyber Resilience Centre. (2023). Cyber Annual Threatment Assessment.
Türk Loydu. (2023). Guidelines on Cyber Security for Ships and Offshore Units January 2023 .
IACS-International Association of Classification Societies. (2025). IACS UR E26 and E27 Press Release. https://iacs.org.uk/news/iacs-ur-e26-and-e27-press-release adresinden alındı
USCG. (2023). Maritime Cybersecurity Assessment and Annex Guide (MCAAG). https://www.dco.uscg.mil/Portals/9/CG-FAC/Documents/Maritime%20Cyber%20Assessment%20%20Annex%20Guide%20(MCAAG)_released%2023JAN2023.pdf?ver=NE11YUspj_kNa3xRoMd0TQ%3D%3D adresinden alındı
ISO-ISO/IEC TS 30104:2015. (2022). ISO/IEC TS 30104:2015. https://www.iso.org/standard/56890.html adresinden alındı
ISO 28000:2022. (2022). ISO 28000:2022. https://www.iso.org/standard/79612.html adresinden alındı
ClassNK. (2024). ClassNK releases Guidelines for Cyber resilience of ships.
UK Department for Transport and Maritime and Coastguard Agency. . (2016). Guidance Ports and port systems: cyber security code of practice.
UK Department for Transport and Maritime and Coastguard Agency. (2020). Guidance Ports and port systems: cyber security code of practice.
BIMCO. (2019). BIMCO Cyber Security Clause. https://www.bimco.org/contracts-and-clauses/bimco-clauses/current/cyber-security-clause-2019 adresinden alındı
EU . (2017, Eylül 13). Commision Recommendation EU 2017/1584. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32017H1584 adresinden alındı
ETSI TR 103 456 V1.1.1 . (tarih yok). https://www.etsi.org/deliver/etsi_tr/103400_103499/103456/01.01.01_60/tr_103456v010101p.pdf adresinden alındı
NIST. (2022). Special Publication 800 NIST SP 800-161r1-upd1Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf adresinden alındı
ECFR.GOV. (2022, Temmuz). 33 CFR Part 105 -- Maritime Security: Facilities. https://www.ecfr.gov/current/title-33/chapter-I/subchapter-H/part-105 adresinden alındı
ENISA. (2020). Cyber risk Management for Ports Guidelines for cybersecurity in the maritime sector. ENISA (2020) Cyber risk Management for Ports Guidelines for cybersecurity in the maritime sector. adresinden alındı
ENISA . (2019). Port Cybersecurity - Good practices for cybersecurity in the maritime sector .
ENISA. (2024). REPORT ON THE STATE OF CYBERSECURITY IN THE UNION.
ENISA. (2024a). Threat Landscape 2024.
ENISA. (2024b). Best Practices for Cyber Crisis Management.
Denizcilik Genel Müdürlüğü. (2024.). Dünya Denizciliğindeki Son Gelişmeler,. https://denizcilik.uab.gov.tr/uploads/pages/aylik-yayinlar/du-nya-denizcilig-indeki-son-gelis-meler-bu-lteni-2024-12.pdf adresinden alındı
International Standard Organisation: ISO/IEC 27001. (2022). ISO/IEC27001. (ISO, Editör, & ISO/IEC27001, Prodüktör) ISO/IEC27001: https://www.iso.org/standard/27001 adresinden alındı
LockBit 3.0 Ransomware Attack on BR Logistics USA. (2024). https://maritimecybersecurity.nl/incident/N0r68486b3 adresinden alındı
Ransomware attack by Akira. (2023). https://maritimecybersecurity.nl/incident/Qbq6kRboY1 adresinden alındı
MCAD Maritime Cyber Attack Database Map List view Info Report Monti Ransomware Attack on Magsaysay Maritime Corporation and Magsaysay Global Services, Inc. (2024xk). https:/maritimecybersecurity.nl/listview?page=3 alındı
MCAD Maritime Cyber Attack Database Map List view Info Report . (2024-2025). https://maritimecybersecurity.nl/incident/
ENISA. (2023). The European Union through the Critical Maritime Routes Monitoring, Support and Evaluation Mechanism (CRIMSON III). ENISA.
ENISA. (2023a). Good Practices for Supply Chain Cybersecurity,. https://www.enisa.europa.eu/publications/good-practices-for-supply-chain-cybersecurity adresinden alındı
Csrc.nist.gov. 2022. NIST Risk Management Framework | CSRC. [online] Available at: <https://csrc.nist.gov/projects/risk-management/about-rmf> [Accessed 10 July 2022].

CYBER SECURITY, CRITICAL INFRASTRUCTURE AND CYBER RESILIENCE IN THE MARITIME INDUSTRY

Year 2025, Volume: 14 Issue: 1, 59 - 86, 02.06.2025

Gülsüm Koraltürk

Abstract

Keywords

Maritime Cyber Security, Critical Infrastructure, ISO Information Standard

Project Number

References

AMMITEC. (2016). Cyber Security Awareness.
DCSA. (2020). DCSA Implementation Guide for Cyber Security on Vessels v1.0. Digital Container Shipping Association.
The Oil Companies International Marine Forum (OCIMF). (2017). Tanker Management and Self Assessment 3 - A Best Practice Guide.
ANSSI. (2016). Best Practices for cybersecurity on-board ships. Agence nationale de la sécurité des systèmes d'information.
ClassNK. (2024). ClassNK releases Guidelines for Cyber resilience of ships.
KOREAN Register. (2024). Cyber Resilience Approval/Survey Guide for Ship Automation Systems.
T.C. Ulaştırma Altyapı Bakanlığı. (2023). Ulusal Siber Güvenlik Stratejisi 2020-2023. T.C. Ulaştırma Alt yapı Bakanlığı: https://hgm.uab.gov.tr/uploads/pages/siber-guvenlik/ulusal-siber-guvenlik-stratejisi-ep-2020-2023.pdf adresinden alındı
Polemi N. ve Van Maale C., 2. R. (2023). Cybersecurity in Maritime Critical Infraastructure Reflection of American Ports. The European Union through the Critical Maritime Routes Monitoring, Support and Evaluation Mechanism (CRIMSON III),.
BIMCO, Chamber of Shipping America, Digital Containership Association, INTERCARGO, InterManager, INTERTANKO, . . . WSC. (2021). THE GUIDELINES ON CYBER SECURITY ONBOARD SHIPS. BIMCO: https://www.bimco.org/products/publications/titles/the-guidelines-on-cyber-security-onboard-ships/ adresinden alındı
Finland National Emergency Supply Agency. (2021b). Maritime Cybersecurity- Best Practices for Vessels. https://www.huoltovarmuuskeskus.fi/en: https://www.huoltovarmuuskeskus.fi/en/a/new-maritime-cyber-security-guidelines-for-shipping-companies-and-ships adresinden alındı
Finland National Emergency Supply Agency. (2021a). Maritime Cybersecurity Report- Finnish Maritime Cybersecurity Maturity Current state report and best practices for the Finnish Maritime sector. https://www.huoltovarmuuskeskus.fi/en: https://www.huoltovarmuuskeskus.fi/files/87d5a22180c40cedd9cf89d2a2e2f026a18e31c8/maritime-cybersecurity-report.pdf adresinden alındı
Finland National Emergency Supply Agency. (2021). Maritime Cybersecurity-Best Practices for Shipowner Organisation. https://www.huoltovarmuuskeskus.fi: https://www.huoltovarmuuskeskus.fi/files/6236df888931eb8ad0bbc3ea23f3d2a04d5cbd56/cybersecurity-best-practices-for-shipowner-organisations.pdf adresinden alındı
IAPH. (2021). IAPH Cybersecurity Guidelines for Ports and Port Facilities. https://sustainableworldports.org/wp-content/uploads/IAPH-Cybersecurity-Guidelines-version-1_0.pdf adresinden alındı
ISO-ISO/EIC27001. (2022). nformation security, cybersecurity and privacy protection — Information security management systems — Requirements. ISO: https://www.iso.org/standard/27001 adresinden alındı
IMO. (2022). Guidelines on Maritime Cyber Risk Management. Greenberg, M. D., Chalk, P., Willis, H. H., Khilko, I., & Ortiz, D. S. (2006). Maritime Terrorism Risk and Liability. RAND Corporation.
Servida, A., Erhardt, J.-B., Savo, J., Kernkamp, A., & Polemi, N. (2011). Analysis of Cyber Security Aspects in the Maritime Sector. ENISA.
Kristoffersen, P. B., Hartvigsen, T., Myrvang, P., & Torjusen, A. (2015). Digitale Sårbarheter Maritim Sektor. Lysneutvalget.
Kretschmann, L., Rødseth, Ø., Tjora, Å., Fuller, B., & Noble, H. (2015). D9.2: Qualitative assessment. Kretschmann, L., Rødseth, Ø., Tjora, Å., Fuller, B.S., Noble, H., Horahan, J.: (2015).
IMO. (2022). MSC-FAL.1/Circ.3/Rev.2. Guidelines on Maritime Cyber Risk Management.
IMO. (2017). MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems.
NIST. (2022, Temmuz 10). NIST Risk Management Framework CSRC.
EU. (2022, Eylül 15). Cyber Resilience Act.
EU. (2024). The EU Cybersecurity Certification Framework.
ABD. (2002). Maritime Transportation Security (MTSA).
ECFR.GOV. (2025, Şubat 02). 33 Cfr part 6 Protection and Security of Vessels, Harbors and Waterfront Facilities.
USCG-United States Coast Guard. (2024, Şubat). Navigation and Vessel Inspection Circular No. 02-04.
USCG. (2025, Ocak 17). Final Rule: Cybersecurity in the Marine Transportation System.
USCG. (2025). https://www.dco.uscg.mil/Our-Organization/CGCYBER/. adresinden alındı
CGCYBER. (2025, Şubat). United States Coast Guard: https://www.dco.uscg.mil/Our-Organization/CGCYBER/ adresinden alındı
Eurpoean Union. (2025, Şubat). Cyber-Diplomacy. https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-policies adresinden alındı
ÖKER, U. (2022). Türkiye'de Kritik Altyapı ve Siber Güvenlik. Konrad-Adenauer-Stiftung Türkiye. Türkiye'de Kritik Altyapı ve Siber Güvenlik adresinden alındı
The Norwegian Maritime Cyber Resilience Centre. (2024). Cyber Annual Threatment Assessment.
The Norwegian Maritime Cyber Resilience Centre. (2023). Cyber Annual Threatment Assessment.
Türk Loydu. (2023). Guidelines on Cyber Security for Ships and Offshore Units January 2023 .
IACS-International Association of Classification Societies. (2025). IACS UR E26 and E27 Press Release. https://iacs.org.uk/news/iacs-ur-e26-and-e27-press-release adresinden alındı
USCG. (2023). Maritime Cybersecurity Assessment and Annex Guide (MCAAG). https://www.dco.uscg.mil/Portals/9/CG-FAC/Documents/Maritime%20Cyber%20Assessment%20%20Annex%20Guide%20(MCAAG)_released%2023JAN2023.pdf?ver=NE11YUspj_kNa3xRoMd0TQ%3D%3D adresinden alındı
ISO-ISO/IEC TS 30104:2015. (2022). ISO/IEC TS 30104:2015. https://www.iso.org/standard/56890.html adresinden alındı
ISO 28000:2022. (2022). ISO 28000:2022. https://www.iso.org/standard/79612.html adresinden alındı
ClassNK. (2024). ClassNK releases Guidelines for Cyber resilience of ships.
UK Department for Transport and Maritime and Coastguard Agency. . (2016). Guidance Ports and port systems: cyber security code of practice.
UK Department for Transport and Maritime and Coastguard Agency. (2020). Guidance Ports and port systems: cyber security code of practice.
BIMCO. (2019). BIMCO Cyber Security Clause. https://www.bimco.org/contracts-and-clauses/bimco-clauses/current/cyber-security-clause-2019 adresinden alındı
EU . (2017, Eylül 13). Commision Recommendation EU 2017/1584. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32017H1584 adresinden alındı
ETSI TR 103 456 V1.1.1 . (tarih yok). https://www.etsi.org/deliver/etsi_tr/103400_103499/103456/01.01.01_60/tr_103456v010101p.pdf adresinden alındı
NIST. (2022). Special Publication 800 NIST SP 800-161r1-upd1Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-161r1.pdf adresinden alındı
ECFR.GOV. (2022, Temmuz). 33 CFR Part 105 -- Maritime Security: Facilities. https://www.ecfr.gov/current/title-33/chapter-I/subchapter-H/part-105 adresinden alındı
ENISA. (2020). Cyber risk Management for Ports Guidelines for cybersecurity in the maritime sector. ENISA (2020) Cyber risk Management for Ports Guidelines for cybersecurity in the maritime sector. adresinden alındı
ENISA . (2019). Port Cybersecurity - Good practices for cybersecurity in the maritime sector .
ENISA. (2024). REPORT ON THE STATE OF CYBERSECURITY IN THE UNION.
ENISA. (2024a). Threat Landscape 2024.
ENISA. (2024b). Best Practices for Cyber Crisis Management.
Denizcilik Genel Müdürlüğü. (2024.). Dünya Denizciliğindeki Son Gelişmeler,. https://denizcilik.uab.gov.tr/uploads/pages/aylik-yayinlar/du-nya-denizcilig-indeki-son-gelis-meler-bu-lteni-2024-12.pdf adresinden alındı
International Standard Organisation: ISO/IEC 27001. (2022). ISO/IEC27001. (ISO, Editör, & ISO/IEC27001, Prodüktör) ISO/IEC27001: https://www.iso.org/standard/27001 adresinden alındı
LockBit 3.0 Ransomware Attack on BR Logistics USA. (2024). https://maritimecybersecurity.nl/incident/N0r68486b3 adresinden alındı
Ransomware attack by Akira. (2023). https://maritimecybersecurity.nl/incident/Qbq6kRboY1 adresinden alındı
MCAD Maritime Cyber Attack Database Map List view Info Report Monti Ransomware Attack on Magsaysay Maritime Corporation and Magsaysay Global Services, Inc. (2024xk). https:/maritimecybersecurity.nl/listview?page=3 alındı
MCAD Maritime Cyber Attack Database Map List view Info Report . (2024-2025). https://maritimecybersecurity.nl/incident/
ENISA. (2023). The European Union through the Critical Maritime Routes Monitoring, Support and Evaluation Mechanism (CRIMSON III). ENISA.
ENISA. (2023a). Good Practices for Supply Chain Cybersecurity,. https://www.enisa.europa.eu/publications/good-practices-for-supply-chain-cybersecurity adresinden alındı
Csrc.nist.gov. 2022. NIST Risk Management Framework | CSRC. [online] Available at: <https://csrc.nist.gov/projects/risk-management/about-rmf> [Accessed 10 July 2022].

There are 60 citations in total.

Details

Primary Language	Turkish
Subjects	Cybersecurity and Privacy (Other)
Journal Section	Articles
Authors	Gülsüm Koraltürk 0000-0002-0092-4209
Project Number	-
Publication Date	June 2, 2025
Submission Date	February 28, 2025
Acceptance Date	May 30, 2025
Published in Issue	Year 2025 Volume: 14 Issue: 1

Cite

APA	Koraltürk, G. (2025). DENİZCİLİK SEKTÖRÜNDE SİBER GÜVENLİK, KRİTİK ALTYAPI VE SİBER DAYANIKLILIK. Güvenlik Bilimleri Dergisi, 14(1), 59-86.

Download Cover Image

Article Files

Full Text

24347 14728 14731 14739 29833

This journal is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License. 29846