Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth

Amro, Ahmed; Gkioulos, Vasileios

doi:10.1007/s10207-022-00638-y

Cited by 16 publications

(8 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…• Govern Function: There has been a focus on 'Organizational Context' [24][25][26][27][28] and 'Risk Management Strategy' [14,[29][30][31][32][33], with several articles addressing these areas. This indicates progress in the understanding and implementation of cybersecurity within the organizational frameworks and risk management processes of maritime operations.…”

Section: Discussionmentioning

confidence: 99%

“…Enhancing information security in maritime freight transport to address cybersecurity threats was proposed by Melnyk et al [31]. A similar focus, specifically on Autonomous Passenger Ships (APS), was discussed by Amro et al [32], who introduced a cyber risk management approach integrating defense-in-depth with threat-informed defense. Additionally, Rajaram et al [33] offered guidelines for cyber risk management, emphasizing the importance of risk assessment, mitigation measures, and a checklist for shipboard operational technology (OT) systems.…”

Section: Risk Management Strategymentioning

confidence: 99%

See 1 more Smart Citation

Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

Dimakopoulou,

Rantos

2024

JMSE

View full text Add to dashboard Cite

As technology advances and digitalization becomes more prevalent in the industry, the cyber threats to maritime systems and operations have significantly increased. The maritime sector relies heavily on interconnected networks, communication systems, and sophisticated technologies for its operations, making it an attractive target for cybercriminals, nation-states, and other threat actors. Safeguarding the maritime sector against cyber threats is crucial to ensuring the safety, integrity, and efficiency of maritime operations as well as for protecting sensitive information and global trade. The International Maritime Organization (IMO) has played a significant role in addressing cybersecurity issues, leading to the implementation of regulations aimed at risk reduction. This paper delves into the realm of cybersecurity within the maritime industry, offering an in-depth analysis of its various aspects through an extensive literature review based on the latest Version 2.0 of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) functional areas. The primary objective is to establish a connection between research and NIST’s functions and categories, thereby presenting a nascent perspective and identifying existing security research gaps. Through the adoption of this strategic approach, the present paper aims to cultivate a forward-looking and proactive state of maturity in anticipation of future developments within the maritime industry. The outcomes of this research can provide valuable reference points in academic discourse, potentially leading to new hypotheses, and fuel innovation in developing advanced cybersecurity measures within the maritime industry.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Risk Management Strategymentioning

confidence: 99%

Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

Dimakopoulou,

Rantos

2024

JMSE

View full text Add to dashboard Cite

show abstract

“…The defense-in-depth model employs multiple layers of security controls to provide comprehensive protection. It assumes that no single security measure is foolproof, so it implements a combination of preventive, detective, and corrective controls at different layers [210], [211]. These layers may include: Perimeter Security: Protecting the boundaries of the civil registration system, such as firewalls, intrusion prevention systems, and access controls [212].…”

Section: Defense-indepth Modelmentioning

confidence: 99%

Security challenges in civil registration: safeguarding vital information in an evolving landscape

Peter Kennedy Okoth

2023

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

Civil registration is a fundamental process that captures vital events such as births, deaths, marriages, and divorces, enabling governments to create accurate demographic databases and deliver essential services to their citizens. However, in today's digital age, civil registration systems face numerous security challenges that jeopardize the integrity and confidentiality of vital information. This paper highlights some of the key security challenges encountered in civil registration systems and outlines potential strategies to address them. Firstly, the digitization of civil registration processes has opened new avenues for cyber threats. Malicious actors may attempt to compromise the security of databases, manipulate or steal vital records, or disrupt services through cyberattacks. Robust cybersecurity measures, including encryption, firewalls, intrusion detection systems, and regular security audits, are essential to safeguard sensitive data and ensure the continuity of civil registration operations. Secondly, the issue of identity theft poses a significant challenge to civil registration security. Fraudulent practices, such as the creation of fake identities or the alteration of existing records, can undermine the trustworthiness of the system and lead to the misallocation of resources. The implementation of identity verification mechanisms, such as biometrics or unique identifiers, can enhance the accuracy and integrity of civil registration data while reducing the risk of identity fraud. Thirdly, ensuring the privacy and confidentiality of individuals' personal information is critical in civil registration systems. With the increasing digitization and interconnectedness of data, there is a heightened risk of unauthorized access or data breaches. Strong data protection regulations, robust access controls, and encryption techniques can help mitigate these risks, fostering public trust and confidence in civil registration processes. Moreover, the challenge of inclusivity must be addressed to ensure the effectiveness and reliability of civil registration systems. Marginalized populations, including refugees, migrants, and those residing in remote areas, may face barriers in accessing civil registration services, leaving them vulnerable to identity-related challenges. Deploying mobile registration units, leveraging innovative technologies, and promoting community engagement are strategies that can improve inclusivity and extend the benefits of civil registration to all individuals.

show abstract

“…The communication requirements were utilized to define and design a communication architecture for the APS that allows it to communicate with its operational context and support several navigational services such as autonomous navigation and autonomous engine monitoring and control [10]. On the other hand, the cybersecurity requirements in addition to a group of risk analysis processes for the APS as a cyber physical system [8,11] were utilized to define and design a cybersecurity architecture for the APS [7]. Additionally, the testbed capabilities enable the exploration of additional use cases allowing the advancement of cybersecurity research in maritime.…”

Section: Background and Related Workmentioning

confidence: 99%

“…-Methods: Several methods for communication analysis are observed in the literature such as wireless coverage analysis [18] and performance analysis [22]. On the other hand, cybersecurity analysis methods include; among others, risk assessment, adversary emulation, and evaluation of security solutions [7]. Additionally, the cybersecurity analysis approaches; depending on the use case under analysis, can be conducted using black box, grey box, or white box analysis techniques [20].…”

Section: Respectively)mentioning

confidence: 99%

Communication and Cybersecurity Testbed for Autonomous Passenger Ship

Amro

Gkioulos

2022

Computer Security. ESORICS 2021 International Workshops

View full text Add to dashboard Cite

Many industrial sectors are undergoing a digital transformation, including maritime. New technological advancements and modes of operations are being introduced to maritime infrastructure, which includes ships, ports, and other facilities. Digital transformation in maritime has among its goals reducing human involvement and improving remote connectivity. The achievement of these goals hinges on several components, including communication technologies and cybersecurity. Consequently, maritime-related communication and cybersecurity solutions are in high demand. This paper targets the development of a maritimethemed testbed utilized to evaluate and analyze several maritime use cases, including autonomous passenger ships (APS) with a prime focus on the communication and cybersecurity aspects. We have proposed abstraction of processes guiding the utilization of the testbed capabilities. Also, we proposed an approach for replicating the target system of analysis which facilitates the analysis and evaluation activities. The proposed testbed and its processes have been evaluated by discussing some of the projects that utilized it, including evaluating communication and cybersecurity architectures for an APS use case. Additionally, after comparison with the state-of-the-art in cybersecurity testbeds, the testbed was found to be supporting the majority of the concepts and properties observed in the literature while the missing elements were highlighted and designated as suggestions for future work. Moreover. we provide a discussion of the challenges in cybersecurity evaluation in maritime in general and autonomous ships in particular.

show abstract

Cyber risk management for autonomous passenger ships using threat-informed defense-in-depth

Cited by 16 publications

References 47 publications

Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

Security challenges in civil registration: safeguarding vital information in an evolving landscape

Communication and Cybersecurity Testbed for Autonomous Passenger Ship

Contact Info

Product

Resources

About