Recent innovations in the smart city domain include new autonomous transportation solutions such as buses and cars, while Autonomous Passenger Ships (APS) are being considered for carrying passengers across urban waterways. APS integrate several interconnected systems and services that are required to communicate in a reliable manner to provide safe and secure real-time operations. In this paper, we discuss the APS context, stakeholders, regulations, standards and functions in order to identify communication and cybersecurity requirements towards designing a secure communication architecture suitable for APS.
Autonomous transport receives increasing attention, with research and development activities already providing prototype implementations. In this article we focus on Autonomous Passenger Ships (APS), which are being considered as a solution for passenger transport across urban waterways. The ambition of the authors has been to examine the safety and security implications of such a Cyber Physical System (CPS), particularly focusing on threats that endanger the passengers and the operational environment of the APS. Accordingly, the article presentsa new risk assessment approach based on a Failure Modes Effects and Criticality Analysis (FMECA) that is enriched with selected semantics and components of the MITRE ATT&ACK framework, in order to utilize the encoded common knowledge and facilitate the expression of attacks. Then, the proposed approach is demonstrated through conducting a risk assessment for a communication architecture tailored to the requirements of APSs that were proposed in earlier work. Moreover, we propose a group of graph theory-based metrics for estimating the impact of the identified risks. The use of this method has resulted in the identification of risks and their corresponding countermeasures, in addition to identifying risks with limited existing mitigation mechanisms. The benefits of the proposed approach are the comprehensive, atomic, and descriptive nature of the identified threats, which reduce the need for expert judgment, and the granular impact estimation metrics that reduce the impact of bias. All these features are provided in a semi-automated approach the reduce the required effort and collectively are argued to enrich the design-level risk assessment processes with an updatable industry threat model standard, namely ATT&ACK.
Novel innovations have been witnessed in the past few years in the field of technology for autonomous vehicles. These have been exploited in various applications in the maritime domain; one such application is the proposal to develop autonomous passenger ships (APS) or ferries for carrying passengers in urban waterways. Such technology requires the integration of several components to support the safe and secure operation of the ferries. In this paper, a communication architecture is proposed, that satisfies pre-established communication requirements and supports autonomous and remotely controlled functions of an APS. The architecture was designed using the Architecture Analysis and Design Language (AADL); this enabled an iterative design process to be followed and allows for future improvements. The proposed architecture is verified by showcasing the role of the different architectural components in addressing the requirements and in supporting the expected functions in a number of operational scenarios based on the expected operations of an APS use case called “Autoferry.” Furthermore, the proposed architecture has been evaluated by demonstrating its ability to achieve the expected performance according to the requirements, in simulated experiments using the network simulator GNS3.
Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, traditional Integrated Navigation System (INS) and Autonomous Passenger Ship (APS). The results reflect the utility of specification and frequency-based detection in detecting the identified anomalies with high confidence. Furthermore, the analysis is found to facilitate the communication of threats through indicating the possible impact of the identified anomalies against the navigational operations. Moreover, we have developed a testing environment that facilitates conducting the analysis. The environment includes a developed tool, NMEA-Manipulator that enables the invocation of the identified anomalies through a group of cyber attacks on sensor data. Our work paves the way for future work in the analysis of NMEA anomalies toward the development of an NMEA intrusion detection system.
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.