Figure - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine c...
Contexts in source publication
Context 1
... scores in the estimation criteria tables were identified between 0 and 1 using their impact degrees. Table 5 was used to estimate the impact of a failure mode on the safety consequence. Table 6 was used to forecast financial criticality. ...Context 2
... 6 was used to forecast financial criticality. The estimation criteria for environmental criticality are depicted in Table 7. Tables 5 and 7 were derived from the Appendix 4-Initial Ranking of Accident Scenarios in the FSA published by the IMO [39]. Because of cyber incidents, the seaworthiness and cargo worthiness of a ship may be lost or the ship might be delayed to its destination port. ...Citations
... This includes the understanding of how the limitations of sensors' performance could affect SA (Thombre et al., 2022). It is also worth noting that cybersecurity needs to be emphasized for remotely-operated and autonomous vessels since they can be susceptible to cyberattacks Oruc et al., 2022). All the challenges mentioned above emphasize the fact that maintaining SA in a complex navigation environment can differ from conventional shipping practices. ...
The marine navigation environment can become further complex when ships with different autonomy levels are introduced. To ensure navigation safety in such mixed environment, advanced ship predictors type technologies are essential in aiding ship navigators to attain the highest levels of situation awareness (SA). Consequently, precise ship trajectory prediction, specifically within a short prediction horizon, should be included in such predictors as an indispensable component. This study introduces two methods for ship trajectory prediction on a local scale: the kinematic-based method and the Gate Recurrent Unit (GRU)-Pivot Point (PP)-based method. The first method utilizes kinematic motion models to predict a ship trajectory. In the second method, the GRU is trained to generate the predictions of related ship navigation states. The ship’s PP is then extracted from these predicted states, subsequently providing a predicted ship trajectory. Both methods are validated using simulated maneuvering exercises to assess their effectiveness, with a prediction horizon of 90 seconds. The results show that the kinematic-based method excels in the predictions during ship’s stable stages, i.e., steady-state conditions. Meanwhile, the GRU-PP-based method exhibits robust performances in cases when new rudder orders are executed, i.e., transient conditions. It is considered that these applications can provide significant benefits in maritime SA in present and future ship navigation.
... This system categorizes each cyberattack by evaluating its influence on the latest techniques. The significant contributions of researchers such as Oruc et al. and Kapalidis et al. [21,22] highlight the strategic incorporation of the NIST CSF within the maritime sector. This adoption aims for a comprehensive approach that weaves cybersecurity within organizational objectives and operations. ...
... However, the International Association of Marine Aids to Navigation and Lighthouse Authorities (IALA) has acknowledged that some e-navigation tests might not sufficiently address cybersecurity concerns. Oruc et al. [21,38] sought to fill this void with perceptive research on bridge tests, international standards, and IMO regulations. As a result of their efforts, the Integrated Navigation System (INS) Cyber-Physical Range has been developed, with the aim of improving asset management within the context of maritime cybersecurity. ...
... The research literature demonstrates a concerted effort on the part of the maritime sector to adapt and align with the evolving cybersecurity landscape, marked by a diverse range of approaches spanning various aspects of the NIST CSF, from the identification of threats to recovery planning. Our review of 119 recent literature articles revealed that only four papers [20][21][22][23] explicitly addressed the NIST CSF domain. Despite appearing 136 times across various functional areas spanning diverse discussion topics, none of the papers made reference to or were centred around the newest version, the NIST CSF v2.0, which could be due to the recentness of its publication. ...
As technology advances and digitalization becomes more prevalent in the industry, the cyber threats to maritime systems and operations have significantly increased. The maritime sector relies heavily on interconnected networks, communication systems, and sophisticated technologies for its operations, making it an attractive target for cybercriminals, nation-states, and other threat actors. Safeguarding the maritime sector against cyber threats is crucial to ensuring the safety, integrity, and efficiency of maritime operations as well as for protecting sensitive information and global trade. The International Maritime Organization (IMO) has played a significant role in addressing cybersecurity issues, leading to the implementation of regulations aimed at risk reduction. This paper delves into the realm of cybersecurity within the maritime industry, offering an in-depth analysis of its various aspects through an extensive literature review based on the latest Version 2.0 of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) functional areas. The primary objective is to establish a connection between research and NIST’s functions and categories, thereby presenting a nascent perspective and identifying existing security research gaps. Through the adoption of this strategic approach, the present paper aims to cultivate a forward-looking and proactive state of maturity in anticipation of future developments within the maritime industry. The outcomes of this research can provide valuable reference points in academic discourse, potentially leading to new hypotheses, and fuel innovation in developing advanced cybersecurity measures within the maritime industry.
... MITRE ATT&CK-Based Tactics: Five of the selected 25 papers used the MITRE ATT&CK framework as a specialized supporting tool for threat modeling. Oruc et al. (2022) applied the MITRE ATT&CK framework to model adversarial behavior in maritime navigation systems. The method proposed by Oruc et al. (2022) also involved specifying and classifying components, identifying failure modes, interrelating failure modes to impacts and consequences, and assessing mitigation measures. ...
... Oruc et al. (2022) applied the MITRE ATT&CK framework to model adversarial behavior in maritime navigation systems. The method proposed by Oruc et al. (2022) also involved specifying and classifying components, identifying failure modes, interrelating failure modes to impacts and consequences, and assessing mitigation measures. The method also includes risk score calculations and risk level classification. ...
... Malware Infections: Malware infections are widely recognized as critical cyberthreats in the maritime industry, as indicated in several studies. Oruc et al. (2022) categorized malware as a significant cyberthreat that affects marine components. This concern was echoed by Bolbot et al. (2020), who acknowledged malware infections and explored specific cases and potential countermeasures. ...
The increasing integration of advanced technology into maritime operations has increased ship cybersecurity risks, especially with the development of autonomous vessels. This systematic literature review critically examines and compares existing threat modeling and risk assessment methods in ship cybersecurity, identifies key challenges, and addresses gaps in the literature. Through a systematic literature review, 25 scientific articles selected from diverse databases were analyzed to understand the evolving landscape of cybersecurity practices for manned and autonomous ships. Significant inconsistencies were observed in current approaches, underscoring the urgent need for standardized threat modeling and risk assessment frameworks that consider the special requirements of autonomous ships. Improved tool support for these frameworks and systematic validation of expert knowledge are also critical. Addressing these gaps can significantly enhance the resilience of maritime systems to cyberthreats.
... The value of the criticality component in CRASH is determined by considering the Criticality Matrix depicted in Table 4 [5,6,29]. Several cyber incidents targeted INS and its vulnerabilities have been extensively analyzed in the literature [39,43,30,29]. Accordingly, the INS was selected to illustrate the workings of CRASH. ...
The maritime industry is undergoing a digital transformation, with an increasing integration of Information Technology (IT) and Operational Technology (OT) systems on modern vessels. Its multiple benefits notwithstanding, this transformation brings with it increased cybersecurity risks, that need to be identified, assessed, and managed. Although several cyber risk assessment methodologies are available in the literature, they may be challenging for experts with a maritime background to use. In this paper we propose a simple and effective cyber risk assessment methodology, named Cyber Risk Assessment for SHips (CRASH), that can be easily implemented by maritime professionals. To showcase its workings, we assessed 24 cyber risks of the Integrated Navigation System (INS) using CRASH and we validated the method by comparing its results to those of another method and by means of interviews with experts in the maritime sector. CRASH can aid shipping companies in effectively assessing cyber risks as a step towards selecting and implementing necessary measures to enhance the cyber security of cyber-physical systems onboard their vessels.
... In each of the phases, ATT&CK framework helps FMECA by providing granular details of the cyber attacks with the help of MITRE ATT&CK tactics and techniques. After demonstrating the effectiveness of proposed risk assessment framework, Integrated Navigation System (INS) is considered in [44] as a test case for the evaluation of proposed risk assessment framework. As discussed above, ATT&CK is not a risk assessment framework, but it can be used in conjunction with other standards and procedures for the development of risk assessment frameworks and cybersecurity solutions. ...
Cybersecurity is a growing concern for maritime sector. Modern ships are practical realism of cyber physical systems that utilize both information technologies and operational technologies. Cybersecurity incidents on such systems require robust and explainable models that should provide deep insights about the nature of an attack. Many frameworks for modeling of cyber attacks exist, but they cover only the tiny part of modern multidimensional attack surfaces. MITRE ATT &CK is the most comprehensive cyber attack modeling framework that covers the multidimensional nature of modern cyber attacks. MITRE D3FEND is similar to ATT &CK knowledge base, but it represents cyber defense framework. In this paper, we aim to demonstrate the modeling with MITRE ATT &CK and MITRE D3FEND frameworks for maritime cybersecurity. An attack scenario against ballast water management system of the ship is considered and modeled with the help of ATT &CK. Moreover, two defensive mechanisms are suggested. First is created with the help of D3FEND framework and second leverages the strength offered by mitigation techniques of ATT &CK. We believe that the demonstration of MITRE ATT &CK and D3FEND frameworks for modeling of maritime cyber attacks and maritime defense, respectively, would pave the way for the development of future maritime cybersecurity solutions.
... It is also worth noting that the reason for the growing popularity of MIB technologies and the distribution of packets across streams are disputes about the legality of deep traffic analysis, since traffic research with such accuracy encroaches on privacy rights. Therefore, in various scientific papers, traffic is encrypted using information security tools before conducting high-precision analysis (30). ...
This paper researches the possibility of conducting attacks on the console control transfer functions using active intelligence methods. The research employs a comprehensive approach involving ports scanning, directories searching, parameters modifying, and credentials searching based on a user dictionary. Additionally, the study involves the development of a software tool designed to detect vulnerabilities in network nodes. The software developed within the framework of this study is delivered in the form of two modules, the first module contains the main program with the mechanisms implemented in it to indicate the possibility of attacks, with an emphasis on current web applications and services. Checking for the possibility of an attack for any network node is that first a list of requests is compiled, the purpose of which is to identify weaknesses of a web application running on the server, and a list of expected responses from the server is also compiled for these requests. After that request goes to the server, the program waits for responses from the server, and if the expected responses from the compiled list coincide with the actual ones, then this fact signals the possibility of an attack on the web application. The second module stores localization dictionaries responsible for the presence of two interface languages in the program – Russian and English. The result of this work is the MaxNetScanner2022 software, which identifies the possibility of an attack on the system control transfer functions using active intelligence tools.
... In their study, Kure et al. [117] presented an integrated cyber risk management framework that utilizes an ATT&CK-driven threat modeling approach. Oruc et al. [66] used ATT&CK to assess risks associated with cyber threats and vulnerabilities for integrated navigation systems on board shipping vessels. ...
The MITRE ATT&CK framework, a comprehensive knowledge base of adversary tactics and techniques, has been widely adopted by the cybersecurity industry as well as by academic researchers. Its broad range of industry applications include threat intelligence, threat detection, and incident response, some of which go beyond what it was originally designed for. Despite its popularity, there is a lack of a systematic review of the applications and the research on ATT&CK. This systematization of work aims to fill this gap. To this end, it introduces the first taxonomic systematization of the research literature on ATT&CK, studies its degree of usefulness in different applications, and identifies important gaps and discrepancies in the literature to identify key directions for future work. The results of this work provide valuable insights for academics and practitioners alike, highlighting the need for more research on the practical implementation and evaluation of ATT&CK.
