Autonomous ships transferring valuable cargoes and humans in a more efficient and cost effective manner will soon be state of the art technology. Yet, their ICT system architecture and operations have not been defined in full detail. Moreover, multiple cyber security issues remain open and should be addressed. No study to date has analyzed fully the architecture of the autonomous ship, even less so have potential cyber threats and cyber attacks been identified. In this paper we identify and categorize systems that make up an autonomous ship, we propose a generic system architecture, and we analyze the cyber security of the ship by leveraging the STRIDE threat modeling methodology to identify potential cyber attacks, and to analyze the accordant risk. The results will support ship designers and industry towards improving the autonomous ship system architecture and making ship operations more secure.
Abstract:Young generations make extensive use of mobile devices, such as smartphones, tablets and laptops, while a plethora of security risks associated with such devices are induced by vulnerabilities related to user behavior. Furthermore, the number of security breaches on or via portable devices increases exponentially. Thus, deploying suitable risk treatments requires the investigation of how the digital natives (young people, born and bred in the digital era) use their mobile devices and their level of security awareness, in order to identify common usage patterns with negative security impact. In this article, we present the results of a survey performed across a multinational sample of digital natives with distinct backgrounds and levels of competence in terms of security, to identify divergences in user behavior due to regional, educational and other factors. Our results highlight significant influences on the behavior of digital natives, arising from user confidence, educational background, and parameters related to usability and accessibility. The outcomes of this study justify the need for further analysis of the topic, in order to identify the influence of fine-grained semantics, but also the consolidation of wide and robust user-models.
The increasingly witnessed integration of information technology with operational technology leads to the formation of Cyber-Physical Systems (CPSs) that intertwine physical and cyber components and connect to each other to form systems-of-systems. This interconnection enables the offering of functionality beyond the combined offering of each individual component, but at the same time increases the cyber risk of the overall system, as such risk propagates between and aggregates at component systems. The complexity of the resulting systems-of-systems in many cases leads to difficulty in analyzing cyber risk. Additionally, the selection of cybersecurity controls that will effectively and efficiently treat the cyber risk is commonly performed manually, or at best with limited automated decision support. In this work, we propose a method for analyzing risk propagation and aggregation in complex CPSs utilizing the results of risk assessments of their individual constituents. Additionally, we propose a method employing evolutionary programming for automating the selection of an optimal set of cybersecurity controls out of a list of available controls, that will minimize the residual risk and the cost associated with the implementation of these measures. We illustrate the workings of the proposed methods by applying them to the navigational systems of two variants of the Cyber-Enabled Ship (C-ES), namely the autonomous ship and the remotely controlled ship. The results are sets of cybersecurity controls applied to those components of the overall system that have been identified in previous studies as the most vulnerable ones; such controls minimize the residual risk, while also minimizing the cost of implementation.
One aspect of the digital transformation process in the shipping industry, a process often referred to as Shipping 4.0, is the increased digitization of on board systems that goes along with increased automation in and autonomy of the vessel. This is happening by integrating Information Technology with Operation Technology systems that results in Cyber Physical Systems on which the safe operations and sailing of contemporary and future vessels depend. Unavoidably, such highly interconnected and interdependent systems increase the exposure of the vessel’s digital infrastructure to cyber attacks and cyber security risks. In this paper, we leverage the STRIDE and DREAD methodologies to qualitatively and quantitatively assess the cyber risk of Cyber Physical Systems on board digitalized contemporary and future ships. Further, we propose appropriate cyber security baseline controls to mitigate such risks, by applying a systematic approach using a set of criteria that take into account the security requirements; the cyber risks; the possible attacks; and the possibly already existing controls, to select from the list of controls provided in the Industrial Control Systems (ICS) overlay of the NIST Guide to ICS Security. The results are expected to support the decision-making and the design of a security architecture for the cyber-enabled ship.
Safeguarding both safety and cybersecurity is paramount to the smooth and trustworthy operation of contemporary cyber physical systems, many of which support critical functions and services. As safety and security have been known to be interdependent, they need to be jointly considered in such systems. As a result, various approaches have been proposed to address safety and cybersecurity co-engineering in cyber physical systems. This paper provides a comprehensive survey of safety and cybersecurity co-engineering methods, and discusses relevant open issues and research challenges. Despite the extent of the existing literature, several aspects of the subject still remain to be fully addressed.
The Cyber-Enabled Ship (C-ES) is either an autonomous or a remotely controlled vessel which relies on interconnected cyber physical-systems (CPS) for its operations. Such systems are not well protected against cyber attacks. Considering the criticality of the functions that such systems provide, it is important to address their security challenges, thereby ensuring the ship's safe voyage. In this work we leverage the Maritime Architectural Framework reference architecture to analyze and describe the environment of the C-ES. We then apply the Secure Tropos methodology to systematically elicit the security requirements of the three most vulnerable CPSs onboard a C-ES, namely the Automatic Identification System (AIS), the Electronic Chart Display Information System (ECDIS) and the Global Maritime Distress and Safety System (GMDSS). The outcome is a set of cyber security requirements for the C-ES ecosystem in general and these systems in particular.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.