2018
DOI: 10.12716/1001.12.03.01
|View full text |Cite
|
Sign up to set email alerts
|

A Taxonomy Framework for Maritime Cybersecurity: A Demonstration Using the Automatic Identification System

Abstract: The maritime transportation system is increasingly a target of cyber attacks. This paper describes a taxonomy that supports the creation of adversarial cyber models, risk mitigation, and resiliency plans as applied to the maritime industry, using the Automatic Identification System as a specific illustration of the approach. This method has already been applied to the aviation sector; retooling it for a maritime example demonstrates its broad applicability to the transportation sector, in general. http://www.t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
24
0
2

Year Published

2019
2019
2024
2024

Publication Types

Select...
6
2

Relationship

0
8

Authors

Journals

citations
Cited by 44 publications
(28 citation statements)
references
References 9 publications
0
24
0
2
Order By: Relevance
“…In [ 24 ], considering the growth of cyberattacks in the maritime sector, the authors describe a taxonomy that supports the creation of adversarial cyber models, risk mitigation and resilience plans applied to the maritime industry. The authors transfer the methods from the aviation sector to the maritime sector and demonstrate the approach using the AIS.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…In [ 24 ], considering the growth of cyberattacks in the maritime sector, the authors describe a taxonomy that supports the creation of adversarial cyber models, risk mitigation and resilience plans applied to the maritime industry. The authors transfer the methods from the aviation sector to the maritime sector and demonstrate the approach using the AIS.…”
Section: Related Workmentioning
confidence: 99%
“…Despite the significant utility and importance of AIS to the safety at sea, these systems lack cybersecurity mechanisms and are prone to attacks. The literature demonstrates techniques where AIS data can be spoofed or hacked to malicious activities [ 24 , 25 , 45 ]. By forging and broadcasting false AIS messages, for instance [ 45 ], it is possible to insert false AIS plots in electronic navigation systems, such as an ECDIS.…”
Section: Attack Triggering Mechanismmentioning
confidence: 99%
“…Ship operational technology systems for a last two decades have been intensively developed by means of digitalization, integration and networking. The development resulted in complex and computerbased technology systems, and therefore there is urgent need for safeguarding shipping from cyber threats and vulnerabilities (Svilicic et al 2019, Tam et al 2019, Filic 2018, Kessler et al 2018, Polatid et al 2018, Hareide et al 2018, Shapiro et al, 2018, Svilicic et al 2018, Lee et al 2017, Hassani et al 2017, Burton 2016, Balduzzi et al 2014, Svilicic et al 2005. The International Maritime Organization (IMO) has recently published the Guidelines on high-level recommendations for maritime cyber risk management (IMO MSC-FAL.1/Circ.3 2017), and imposed to include cyber risk assessment in the implementation of the International Safety Management (ISM) Code safety management system on ships by 1st of January 2021 (IMO MSC.428(98) 2017).…”
Section: Introductionmentioning
confidence: 99%
“…The Electronic Chart Display and Information System (ECDIS) has significantly changed the ship navigation by providing real-time navigational information and reduction of workload from paper charts (Brčić et al, 2019), and thus enhancing the efficiency and safety. The ECDIS development for about three decades into the complex computer-based system has raised a need to protect the safe navigation from cyber threats (Svilicic et al, 2019a;Tam and Jones, 2019;Svilicic et al, 2019b;Hareide et al, 2018;Kessler et al, 2018;Lee et al, 2017). Therefore, International Maritime Organization (IMO) has imposed to include cyber risk assessment in the International Safety Management (ISM) Code by the 1 st January 2021 (IMO, 2017a).…”
Section: Introductionmentioning
confidence: 99%
“…[5][6][7][8][9][10][11][12][13][14] Web server The version of the Apache web server running on the ECDIS is affected by multiple vulnerabilities. An attacker could cause a denial of service condition, execute code, obtain sensitive information, execute cross-site scripting attacks or cause the ECDIS to crash.…”
mentioning
confidence: 99%