In the maritime sector, the integration of radar systems, Automatic Identification System (AIS) and Electronic Chart Display and Information System (ECDIS) through digital technologies enables several benefits to maritime operations, but also make ships prone to cyberattacks. In this context, this work investigates the feasibility of an attacker using a radar system or AIS as open door to remotely send commands to a cyber threat hosted on a ship, even if the ship’s systems are air gapped—i.e., are not connected to other networks. The received commands are intended to trigger a cyber threat located in the ship. Although the literature covers several analyzes on cyber risks and vulnerabilities in naval systems, it lacks exploiting mechanisms capable of acknowledging attack commands received through radar and AIS. To this end, this work proposes a triggering mechanism that uses a template matching technique to detect specific patterns transmitted by the attacker to the ship’s radar or AIS. The results show the effectiveness of the proposed technique as a tool to acknowledge the received attack commands and activate a malicious code previously installed on the ship. In the case of attacks on a radar system, the accuracy achieved by the proposed method is 0.90. In the case of attacks on an AIS/ECDIS setup it presents an accuracy of 0.93. In both cases the proposed mechanism maintains the due safety against accidental attack activations.
O presente trabalho objetiva apresentar a necessidade do aprimoramento do assessoramento ao processo decisório por meio do emprego da análise de risco como ferramenta de inteligência estratégica, de maneira conjugada com técnicas prospectivas, fazendo uma apresentação prévia do contexto atual, sua aplicabilidade, e a exposição do modelo norte-americano adotado pelo Departamento de Segurança Doméstica (DHS).
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.