Cyber Physical Systems Security for Maritime Assets

Abstract: The integration of IT, OT, and human factor elements in maritime assets is critical for their efficient and safe operation and performance. This integration defines cyber physical systems and involves a number of IT and OT components, systems, and functions that involve multiple and diverse communication paths that are technologically and operationally evolving along with credible cyber security threats. These cyber security threats and risks as well as a number of known security breach scenarios are described… Show more

“…Cyber-physical systems in general pertain to the integration of IT and OT systems along with human factors [5]. This combination is shown in Figure 1 and represents the majority of operational and technical components found in ports' infrastructure.…”

“…This combination is shown in Figure 1 and represents the majority of operational and technical components found in ports' infrastructure. Maritime assets such as ports' infrastructure are operated by people and encompass an IT and OT operational and technical element that links procedures, systems, components, and technical and operational performance [5]. Similar to ships, ports' infrastructure involves multiple platforms of Systems of Systems (SoS) which contain IT and OT components, aiming in the automation of processes and optimum efficiency [6].…”

“…In general, similar to physical security, the cyber threats faced by ports' infrastructure and their cyber-physical elements can be categorized as internal, external, or colluded [5]. An insider threat can be an individual, ship crew member or port personnel, that intentionally or unintentionally causes the breach of preventive cybersecurity measures (such as IT platforms and software tools) by practicing poor cybersecurity hygiene.…”

“…SRA is applicable to cyber-physical security applications in the maritime industry, as it can assess the physical aspect of security incidents and vulnerabilities as well as the interaction of assets with IT/OT components and infrastructure. The application of the SRA method for a cybersecurity related incident involving a maritime asset has been illustrated by Progoulakis, Rohmeyer and Nikitakos in a recent publication [5].…”

“…The application of the Bow Tie Analysis method in the cybersecurity of various industrial sectors has been shown through various publications [40, 41,42,43,44]. Specifically, the use of BTA in a cyber-physical security scenario for a maritime asset has been proven by Progoulakis, Rohmeyer and Nikitakos [5]. Bernsmed et al [45] has also used the Bow Tie Analysis method to analyze cyber-physical security risks in the maritime sector involving navigational communication systems.…”

Cyber-physical security for ports infrastructure

“…Cyber-physical systems in general pertain to the integration of IT and OT systems along with human factors [5]. This combination is shown in Figure 1 and represents the majority of operational and technical components found in ports' infrastructure.…”

“…This combination is shown in Figure 1 and represents the majority of operational and technical components found in ports' infrastructure. Maritime assets such as ports' infrastructure are operated by people and encompass an IT and OT operational and technical element that links procedures, systems, components, and technical and operational performance [5]. Similar to ships, ports' infrastructure involves multiple platforms of Systems of Systems (SoS) which contain IT and OT components, aiming in the automation of processes and optimum efficiency [6].…”

“…In general, similar to physical security, the cyber threats faced by ports' infrastructure and their cyber-physical elements can be categorized as internal, external, or colluded [5]. An insider threat can be an individual, ship crew member or port personnel, that intentionally or unintentionally causes the breach of preventive cybersecurity measures (such as IT platforms and software tools) by practicing poor cybersecurity hygiene.…”

“…SRA is applicable to cyber-physical security applications in the maritime industry, as it can assess the physical aspect of security incidents and vulnerabilities as well as the interaction of assets with IT/OT components and infrastructure. The application of the SRA method for a cybersecurity related incident involving a maritime asset has been illustrated by Progoulakis, Rohmeyer and Nikitakos in a recent publication [5].…”

“…The application of the Bow Tie Analysis method in the cybersecurity of various industrial sectors has been shown through various publications [40, 41,42,43,44]. Specifically, the use of BTA in a cyber-physical security scenario for a maritime asset has been proven by Progoulakis, Rohmeyer and Nikitakos [5]. Bernsmed et al [45] has also used the Bow Tie Analysis method to analyze cyber-physical security risks in the maritime sector involving navigational communication systems.…”

Cyber-physical security for ports infrastructure

Digitalization and Cyber Physical Security Aspects in Maritime Transportation and Port Infrastructure

Towards Cybersecure Maritime Supply Chains in Latin America and the Caribbean