Security of the Cyber Enabled Ship
Abstract
The maritime industry is actively engaged with developing remotely controlled and autonomous ships to sail in the near future. Remotely controlled and autonomous vessels have the potential to transform the maritime transport sector and to constitute the instantiation of the Industry 4.0 process in the maritime industry, termed “Shipping 4.0”. Both remotely controlled and autonomous vessels are variants of the Cyber-Enabled Ship (C-ES), and comprise a number of interconnected Cyber Physical Systems (CPSs) that perform functions critical to the safe operation of the vessel. This proliferation of the use of integrated Information Technology and Operational Technology systems that aims to maximize the reliability and efficiency of a number of the vessel’s operations, including vessel navigation, introduces previously unknown security risks that, in view of the significance of the sector to transportation and commerce, are important to address.
The overall objective of this research is to determine the security architecture of the C-ES seen as a system of CPSs, i.e. to provide a cohesive security design, which addresses the requirements - and in particular the risks of the C-ES, and specifies what security controls are to be applied where. Accordingly, the main research questions that the work described in this thesis addressed are as follows:
• What is a reference system architecture for the C-ES?
• What are the cyber security and safety risks and requirements of the C-ES?
• What is an appropriate security architecture for the C-ES?
In the course of addressing these research questions, we researched several aspects of the process of analyzing the security of CPSs and we proposed methods and approaches for carrying out such analysis. We thus effectively proposed a domain-agnostic approach for studying the security of complex interconnected CPSs, and we demonstrated its applicability to the case of the C-ES.
Specifically, we proposed methods for analyzing threats, attacks, attack paths, and risks of interconnected CPSs; for systematically selecting baseline security controls for individual CPSs; for eliciting security and safety requirements; and for selecting optimal sets of security controls for complex interconnected CPSs. We also proposed a reference architecture that can represent the C-ES in the maritime domain ecosystem, and a reference architecture for a cyber-physical range.
These results have been published in five journal articles and three articles in conference proceedings; these constitute the second part of the thesis.
Has parts
Article 1: Kavallieratos, Georgios; Katsikas, Sokratis; Gkioulos, Vasileios. Modelling Shipping 4.0: A Reference Architecture for the Cyber-Enabled Ship. I: Intelligent Information and Database Systems, 12th Asian Conference, ACIIDS 2020, Phuket, Thailand, March 23–26, 2020, Proceedings, Part II. Springer Nature 2020 ISBN 978-3-030-42058-1. s. 202-217 https://doi.org/10.1007/978-3-030-42058-1_17Article 2: Kavallieratos, Georgios; Katsikas, Sokratis. Managing Cyber Security Risks of the Cyber-Enabled Ship. Journal of Marine Science and Engineering 2020 ;Volum 8.(10) https://doi.org/10.3390/jmse8100768 This is an open access article distributed under the Creative Commons Attribution License (CC BY 4.0)
Article 3: Kavallieratos, Georgios; Diamantopoulou, Vasiliki; Katsikas, Sokratis. Shipping 4.0: Security requirements for the Cyber-Enabled Ship. IEEE Transactions on Industrial Informatics 2020 ;Volum 16.(10) s. 6617-6625 https:/doi.org/10.1109/TII.2020.2976840 “In reference to IEEE copyrighted material which is used with permission in this thesis, the IEEE does not endorse any of NTNU]’s products or services. Internal or personal use of this material is permitted. If interested in reprinting/republishing IEEE copyrighted material for advertising or promotional purposes or for creating new collective works for resale or redistribution, please go to http://www.ieee.org/publications_standards/publications/rights/rights_link.html to learn how to obtain a License from RightsLink. If applicable, University Microfilms and/or ProQuest Library, or the Archives of Canada may supply single copies of the dissertation.”
Article 4: Kavallieratos, Georgios; Katsikas, Sokratis; Gkioulos, Vasileios. Cybersecurity and Safety Co-Engineering of Cyberphysical Systems—A Comprehensive Survey. Future Internet 2020 ;Volum 12.(4) https://doi.org/10.3390/fi12040065 This is an open access article distributed under the Creative Commons Attribution License (CC BY 4.0)
Article 5: Kavallieratos, Georgios; Katsikas, Sokratis; Gkioulos, Vasileios. SafeSec Tropos: Joint security and safety requirements elicitation. Computer Standards & Interfaces 2020 ;Volum 70:103429. s. 1-11 https://doi.org/10.1016/j.csi.2020.103429
Article 6: Kavallieratos, Georgios; Katsikas, Sokratis. Attack Path Analysis for Cyber Physical Systems. I: Computer Security: ESORICS 2020 International Workshops, CyberICPS, SECPRE, and ADIoT, Guildford, UK, September 14–18, 2020, Revised Selected Papers. Springer Publishing Company 2020 ISBN 978-3-030-64330-0. s. 19-33 https://doi.org/10.1007/978-3-030-64330-0_2
Article 7: Kavallieratos, Georgios; Katsikas, Sokratis; Gkioulos, Vasileios. Towards a Cyber-Physical Range. I: CPSS '19 Proceedings of the 5th on Cyber-Physical System Security Workshop. Association for Computing Machinery (ACM) 2019 ISBN 978-1-4503-6787-5. s. 25-34 https://doi.org/10.1145/3327961.3329532
Article 8: Kavallieratos, Georgios; Spathoulas, Georgios; Katsikas, Sokratis. Cyber Risk Propagation and Optimal Selection of Cybersecurity Controls for Complex Cyberphysical Systems. Sensors 2021 ;Volum 21.(5) https://doi.org/10.3390/s21051691 This is an open access article distributed under the Creative Commons Attribution License (CC BY 4.0)