Novel security models, metrics and security assessment for maritime vessel networks
Introduction
Maritime vessels are composed of system components with core functions (such as navigation system, accounting system, cargo management system, etc.) that monitors, control, and manage vessels while offshore. These system components are networked together, and they are also connected to the internet (via a temporal or permanent connection [1]) to communicate with other ships and onshore offices. However, the use of Information and Communications Technology (ICT) has increased the attack surface of maritime vessel networks, as attackers can connect to the vessel network, gain privileged access, and manipulate critical functions on systems based onboard vessels. Moreover, many vessels have continued to use outdated systems (e.g., a legacy software) which the software vendors no longer support, and these systems may have software vulnerabilities that the security administrator knows nothing about [2]. Hence, allowing the systems to remain more prone to different types of cyber-attacks.
Several incidences of cyber-attacks on maritime vessels have been reported. For instance, a group of developers at the Naval Dome have reported an actual cyber-attack based on a vulnerability on a ship at sea. In the attack, the group of developers successfully manipulated the vessel location and steer the vessel off-course [3], [4]. In addition, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisory [5] has also reported several vulnerabilities on a vessel’s engine control system that could allow an attacker to remotely obtain potentially sensitive data which could end-up endangering the crew and ship. Despite the critical nature of threats and cyber-attacks that are associated with vessel networks, only a little has been done to safeguard the vessel’s ICT systems against the cyber-attacks [1]. It is important to achieve three security goals — Confidentiality, Integrity, and Availability (CIA) for vessel systems due to the critical nature of the functions based onboard vessels.
The International Maritime Organization (IMO), the Shipowners’ Association, Baltic and International Maritime Council (BIMCO), and other national registries have presented ‘guidelines on cybersecurity on-board ships’ to provide a safe environment for ships considering cybersecurity components [6], [7]. However, the guidelines and the standards presented are focused on procedural methods for identifying, assessing, and taking action against threats and vulnerabilities from a cybersecurity perspective. Consequently, there are insufficient research on quantitative and automated cybersecurity modeling for vessels’ networks (this has also been emphasized in Caprolu et al. [2]).
Automated security modeling and assessments can identify security vulnerabilities and possible attack scenarios, which can be effectively secured with appropriate defense strategies. The current state-of-the-art cybersecurity risk modeling and assessment methods used in cloud networks, IoT networks, etc. may not have the ability to sufficiently represent the distinctive nature of onboard vessels’ systems and networks (that combines both operational and information technology systems) [8]. Moreover, the existing ship security assessments focus on risk factors for physical and human factors, including the ones from ISPS (International Ship and Port Facility Security) code and ISM (International Safety Management) code, rather than the vessels system’s cybersecurity modeling and analysis [7].
Therefore, we approach these challenges by proposing and developing a novel graphical security model named Maritime Vessel-Hierarchical Attack Representation Model (MV-HARM) to model and evaluate the security of a maritime vessel network. The MV-HARM will provide a systematic way to find potential attack paths to compromise a target system taking into account probabilistic events, and the relationships between vulnerabilities to reach the target system. This approach will allow us to analytically evaluate the security posture of vessel networks and generate possible ways to defend them. Moreover, we can evaluate attack goal(s) based on functions; (1) single function, or (2) multiple functions, depending on the attack objective(s). To do this, we utilize logical compositions to formulate attack goals when there are multiple functions to compromise. Furthermore, since vessel networks can have temporal or permanent connections to their systems (e.g., permanent satellite links), we model them such that the temporal and permanent connections that are associated with systems can be taken into account in the security evaluation based on their links’ weight values.
To the best of our knowledge, there are only a few works that aims to assess systems on ship from cyber attacks, and this is the first contribution to comprehensively model, assess, and evaluate modern vessels network in a systematic and structured way. We summarize the main contributions of this work as follows:
- •
We develop a Maritime Vessel Graphical Security Model (MV-HARM, see Section 3.1) that captures the temporal property of connections to analyze the security posture of vessels networks.
- •
We use well-defined security metrics (see Section 3.2) to effectively measure the security posture of the network taking into account vulnerabilities, and/or the threats they may pose. So, it is feasible to measure the impact of attacks and/or threats more precisely.
- •
We propose an approach to assess the vessel network with a single or multiple function(s) as attack goal(s) (see Section 3.3).
- •
We propose attack trees-event based scenarios to analyze the ship’s architecture (see Section 5.1).
- •
We compare the effectiveness of defense mechanisms based on different maritime vessel attack scenarios (see Section 6.2).
The rest of the paper is organized as follows. Section 2 presents the related work on cybersecurity risk analysis and security models as used in vessel networks. Section 3 presents our proposed graphical security modeling, description, formalism, and security metrics. Section 4 presents the shipboard network model, the attacker model, and the defense model used in this study, and also used to show the applicability of our security model. Section 5 presents the use of the proposed model and security metrics using an example vessel network. Section 6 presents the numerical results from the experiments. Section 7 discusses our findings and the limitations, and finally, Section 8 concludes the paper.
Section snippets
Related work
There are only a few researches on cybersecurity modeling and analysis of maritime vessel networks. In this section, we discuss the existing work on security analysis, security models, and metrics for vessel networks.
A proposed security model for maritime vessels networks
In this section, we describe the proposed security model, including the formal definition of the security model, the security metrics to measure the security of the vessel network, followed by the discussions on the method to collect or estimate the values of vulnerabilities and threats in regards to systems onboard vessels.
System model
In this section, we present (1) the network model which describes the general maritime vessel network, (2) the attack model which describes the attacker’s knowledge and capabilities, and (3) defense models that describe the defense methods used to safeguard the network against attack.
Application of the MV-HARM to assess the security of vessels networks
We have described the MV-HARM to capture the security posture of maritime vessels, and security metrics to measure their security. This section describes the use of the proposed model and security metrics using an example vessel network.
Evaluation & analysis
In this section, we perform experimental analysis via simulations to demonstrate the importance and applicability of the proposed security model with respect to security analysis and countermeasure evaluation and selection. The focus of the simulations is to use the proposed model for the following; (1) Assess the risk of the vessel’s networks based on different attack scenarios and goals, using the security metrics defined in Section 3.2, (2) Defend the vessels network, and compare the
Discussions, limitations, and future work
We developed a graph-based security model named MV-HARM for the security analysis of a vessel network taking into account vessels’ permanent or temporal connections. We have demonstrated the usability and applicability of the MV-HARM via simulations and analysis in different scenarios. However, there are limitations and future work required in the following areas.
- •
Security analysis: In this paper, we have focused on building a security model and the analysis methods for a single maritime vessel
Conclusion
As the application of ICT to ships such as electronic navigation and MASS has increased recently, damages caused by various cyber accidents in the shipping, shipbuilding, and maritime field have increased, thus the importance of cybersecurity for the safety of ships is emphasized. Existing studies have shown that there is a lack of capabilities to effectively capture the security posture of vessels network and assess them. In this paper, we have proposed a graphical security model for maritime
CRediT authorship contribution statement
Simon Yusuf Enoch: Conceptualization, Methodology, Software, Writing - original draft, Writing - review & editing. Jang Se Lee: Methodology, Investigation, Validation, Writing - review & editing. Dong Seong Kim: Conceptualization, Methodology, Investigation, Writing - review & editing, Validation, Supervision.
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgments
This study was supported by the research year program of Korea Maritime & Ocean University.
Simon Enoch (Enochson) received a Ph.D. degree in Computer Science from the University of Canterbury (UC), Christchurch, New Zealand in 2018. He is a Lecturer of Cybersecurity in the Department of Computer Science at Federal University of Kashere. He was a Postdoctoral Research Fellow with the School of Information Technology and Electrical Engineering, University of Queensland (UQ), Brisbane, Australia, where he was mentored by Assoc. Prof. Dong Seong Kim. Prior to UQ, Enochson was a Research
References (34)
- et al.
CyberShip-IoT: A dynamic and adaptive SDN-based security policy enforcement framework for ships
Future Gener. Comput. Syst.
(2019) - et al.
Towards scalable security analysis using multi-layered security models
J. Netw. Comput. Appl.
(2016) - et al.
Detecting and hunting cyberthreats in a maritime environment: Specification and experimentation of a maritime cybersecurity operations centre
- et al.
Vessels cybersecurity: Issues, challenges, and the road ahead
IEEE Commun. Mag.
(2020) Naval dome hacks into ships system to prove cyber vulnerabilities
(2018)Hackers could steer ships off-course
(2018)Auto-Maskin RP210E, DCU210E, and Marine Observer Pro
(2018)- . BIMCO, . CLIA, . ICS, . INTERCARGO, . INTERMANAGER, . INTERTANKO, . IUMI, . OCIMF, . WORLD, S. COUNCIL, The Industry...
- . Int’l-Maritime-Org., Maritime Cyber Risk Management in Safety Management System. [Online]. Available:...
- et al.
MaCRA: A model-based framework for maritime cyber-risk assessment
WMU J. Maritime Aff.
(2019)
A study on cyber security threats in a shipboard integrated navigational system
J. Mar. Sci. Eng.
Raising awareness on cyber security of ECDIS
TransNav: Int. J. Mar. Navig. Saf. Sea Transp.
Cyber-attacks against the autonomous ship
Writing Secure Code, vol. 2
Towards a secure automatic identification system (AIS)
J. Mar. Sci. Technol.
A taxonomy framework for maritime cybersecurity: A demonstration using the automatic identification system
TransNav, Int. J. Mar. Navig. Saf. Sea Transp.
Cited by (18)
Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis
2022, International Journal of Critical Infrastructure ProtectionCitation Excerpt :Weaver, et al. [77] employed an adjacency matrix to model the dependencies between the different elements of a port and used Nearly-Orthogonal Latin Hypercube and Dynamic Discretization Discovery algorithm to identify the impact of various cyberattacks considering the dependencies. Enoch, et al. [78] developed a graph-based security model which incorporated the interactions between systems on a higher level and between vulnerabilities using attack trees on a lower level to understand the effect of connections on the cybersecurity of ship systems. Another graph-based approach for risk assessment of autonomous and remotely controlled ships was proposed in [79], where DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability) and STRIDE [80] together with interconnected nodes supported the implementation of an automatic risk assessment along with an allocation of risk control measures.
Maritime cybersecurity: protecting digital seas
2024, International Journal of Information SecurityCyber Threat Analysis of Maritime Cybersecurity Using AHP-Topsis
2023, Journal of Maritime ResearchSpace-air-ground integrated network security
2023, Space-Air-Ground Integrated Network Security
Simon Enoch (Enochson) received a Ph.D. degree in Computer Science from the University of Canterbury (UC), Christchurch, New Zealand in 2018. He is a Lecturer of Cybersecurity in the Department of Computer Science at Federal University of Kashere. He was a Postdoctoral Research Fellow with the School of Information Technology and Electrical Engineering, University of Queensland (UQ), Brisbane, Australia, where he was mentored by Assoc. Prof. Dong Seong Kim. Prior to UQ, Enochson was a Research Assistant with the Cybersecurity Research Laboratory at UC, New Zealand from 2017 to 2019. Dr. Enochson has published papers in reputable Conferences and top-tier Journals. His research interests include cyber-attacks & defense automation, security modeling and analysis of computers and networks including moving target defense.
Jang Se Lee is an Associate Professor in the Division of Maritime Information Technology of Korea Maritime & Ocean University, Busan. He received the B.S., M.S., and Ph.D. degrees in Computer Engineering from Korea Aerospace University in 1997, 1999, and 2003 respectively. He was a visiting scholar at the Duke High Availability Assurance Lab (DHAAL), Duke University, Durham, North Carolina from Jan. 2013 to Jan. 2014. His research interest includes modeling and simulation, intelligent systems, security for systems and networks, system survivability, and E-navigation.
Dong Seong Kim is an Associate Professor at the University of Queensland (UQ), Brisbane, Australia. Prior to UQ, he led the Cybersecurity Lab. at the University of Canterbury (UC), Christchurch, New Zealand from August 2011 to Jan 2019. He was a Senior Lecturer in Cyber Security in the Department of Computer Science and Software Engineering at the UC. He received a Ph.D. degree in Computer Engineering from the Korea Aerospace University in February 2008. He was a visiting scholar at the University of Maryland, College Park, Maryland in the US during the year 2007 in Prof. Virgil D. Gligor Research Group. From June 2008 to July 2011, he was a postdoc at Duke University, Durham, North Carolina in the US in Prof. Kishor S. Trivedi. His research interests are in security and dependability for systems and networks; in particular, Intrusion Detection using Data Mining Techniques, Security and Survivability for Wireless Ad Hoc and Sensor Networks and Internet of Things, Availability and Security modeling and analysis of Cloud computing, and Reliability and Resilience modeling and analysis of Smart Grid.