An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector
<p>An overview of maritime information and communication systems.</p> "> Figure 2
<p>Maritime scenario: Security situations of the vessel.</p> "> Figure 3
<p>The proposed methodology.</p> "> Figure 4
<p>Maritime scenario: Decision tree based situation elicitation.</p> "> Figure 5
<p>Relations among risk related entities and relevant datasets.</p> "> Figure 6
<p>Specification of situation S8 in EPL.</p> "> Figure 7
<p>Sample of the low level situation-based security policy.</p> ">
Abstract
:1. Introduction
2. Related Work
2.1. Risk Assessment and Cybersecurity in the Maritime Sector
2.2. Situations and Situational Awareness
3. The Proposed Methodology
3.1. Phase 1: Situations Elicitation
- Where is the vessel located at this point in time?
- Which vessel systems should be active in this specific location? (Hardware/Software)
- Which vessel communication channels should be active in this specific location? (related to threat actors, interference from natural phenomena and equipment restrictions)
- What does the security policy dictate for human-to-equipment interaction and equipment-to-equipment interaction in each specific location?
- Which external threat actors are most active and which internal threat actors are likely to have sufficient access to initiate an attack towards critical assets in this location?
- The Protagonists/objects dimension in the context of maritime transport security requires the study of human and system agents that can potentially interact with the vessel. This includes internal and external actors, such as human or system agents acting on ports, vessels or elsewhere. At the same time, actors may be trusted (e.g., a port official adhering to the protocol) or malicious (e.g., a disgruntled employee or pirates at open seas)/actors may include not only humans be systems as well. Active systems/assets and cataloged information also pertains to this dimension.
- The Space dimension relates to the evolution of the physical locations of the vessel and other protagonists.
- The Time dimension includes topics related to time periods, maritime transport workflow steps regarding the mission of the vessel, etc.
- The Causation dimension deals with deducing evidences that can be inferred by other contextual data. For instance, analyzing the speed and trajectory of another vessel may reveal that both vessels will be in physical proximity in the near future.
- The Intentionality dimension focuses on the goals of the protagonists. Attackers have threat goals while honest parties perform tasks that adhere to their role in the system. As a consequence, security policies and procedures that dictate the behavior of human are studied in this dimension too.
3.2. Phase 2: Situation-Based Risk Assessment
3.2.1. Situational Asset Model Definition
Step 1—Service Identification
Step 2—Asset Identification and Cataloguing
3.2.2. Situational Threat Assessment
Step 1—Threat Mapping
Step 2—Threat Agent Mapping
Step 3—Situational Threat Likelihood and Profile Filtering
3.2.3. Situational Vulnerability Assessment
Step 1—Vulnerability Identification
Step 2—Vulnerability Scoring
Step 3—Vulnerability Score Assessment
Step 4—Threat Agent Scoring
3.2.4. Situational Impact Assessment
Step 1—Impact Identification
Step 2—Impact Level Calculation
Step 3—Situational Impact
3.2.5. Situational Risk Assessment
3.2.6. Situational Aware High Level Security Policy
Step 1—Existing Control Identification and Assessment
Step 2—Situational Control Identification and Application
- Applicable controls for techniques cataloged in the (ATT&CK) framework are listed in MITRE’s D3FEnd Matrix.
- Applicable controls for existing vulnerabilities can be found in the NVD’s references for each individual vulnerability.
3.3. Phase 3: Situation-Based Policy Deployment
- The sensors produce context events. A sensor can be any system available in the target vessel that can trigger context events, such a physical button activated by a human, an intrusion detection system, an alarm, a GPS, a proximity sensor, etc.
- The situation manager continuously calculates situations according to a low level situation specification. It consumes context events triggered by the sensors and produces situation events. A situation event contains the beginning of the new situation and the end of the last active situation.
- The control center is the brain of our security deployment framework as it performs the security decision making process. It consumes both context and situation events, takes security decisions based on a situation-based security policy and produces decision events. Multiple control centers can be deployed for scalability and/or performance reasons. Different strategies can be considered to coordinate decisions [36,37].
- The actuators only consume decision events and enforce security controls. Actuators can be any system that can be controlled by a software (e.g., a door that can be locked/unlocked, configurable IT systems, etc.)
- The event broker is the distribution middleware that transmits all the events between the actors following the publish-subscribe pattern. The broker divides events into three topics: context events, situation events and decision events. The broker also ensures that only authorized actors (sensors, actuators, situation manager and the command center) can access it.
4. Case Study—Applying the Proposed Methodology in the Maritime Cargo Transfer Service
4.1. Situations Elicitation in the Maritime Cargo Transfer Service
- Situation S1—the vessel is on port while loading the cargo.
- Situation S2—the vessel is on port while unloading the cargo.
- Situation S3—the vessel is at sea in a pretty safe area and alone.
- Situation S4—the vessel is at sea in a pretty safe area nearby another vessel which is known (it has identified itself).
- Situation S5—the vessel is at sea in a pretty safe area nearby another vessel which is unknown (it has not identified itself).
- Situation S6—the vessel is at sea in a dangerous area and alone.
- Situation S7—the vessel is at sea in a dangerous area nearby another vessel which is known (it has identified itself).
- Situation S8—the vessel is at sea in a dangerous area nearby an unknown vessel (it has not identified itself).
4.2. Situation-Based Risk Assessment in the Maritime Cargo Transfer Service
Case 1. Situational Risks during Cargo Loading/Unloading (S1 & S2): Attacking Admin Applications
Case 2. Situational Risks at Sea without Vessel Proximity (S3 & S6). Attacks against Admin and SCADA Systems
4.3. Situation-Based Policy Deployment in the Maritime Cargo Transfer Service
5. Discussion and Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Conflicts of Interest
References
- Stellios, I.; Kotzanikolaou, P.; Psarakis, M.; Alcaraz, C.; Lopez, J. A survey of iot-enabled cyberattacks: Assessing attack paths to critical infrastructures and services. IEEE Commun. Surv. Tutor. 2018, 20, 3453–3495. [Google Scholar] [CrossRef]
- Greenberg, A. The Untold Story of NotPetya, the Most Devastating Cyberattack in History. Available online: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ (accessed on 15 November 2021).
- Newman, N. Cyber pirates terrorise the high seas. Eng. Technol. 2019, 14, 54–57. [Google Scholar] [CrossRef]
- Polemi, N.; Kotzanikolaou, P. Medusa: A supply chain risk assessment methodology. In Cyber Security and Privacy Forum; Springer: Cham, Switzerland, 2015; pp. 79–90. [Google Scholar]
- Papastergiou, S.; Polemi, N. MITIGATE: A dynamic supply chain cyber risk assessment methodology. In Smart Trends in Systems, Security and Sustainability; Springer: Singapore, 2018; pp. 1–9. [Google Scholar]
- Schauer, S.; Polemi, N.; Mouratidis, H. MITIGATE: A dynamic supply chain cyber risk assessment methodology. J. Transp. Secur. 2019, 12, 1–35. [Google Scholar] [CrossRef]
- Laborde, R.; Oglaza, A.; Barrère, F.; Benzekri, A. dynSMAUG: A dynamic security management framework driven by situations. In Proceedings of the 2017 1st Cyber Security in Networking Conference (CSNet), Rio de Janeiro, Brazil, 18–20 October 2017; pp. 1–8. [Google Scholar]
- Laborde, R.; Oglaza, A.; Wazan, A.S.; Barrère, F.; Benzekri, A. A situation-driven framework for dynamic security management. Ann. Telecommun. 2019, 74, 185–196. [Google Scholar] [CrossRef] [Green Version]
- Benzekri, A.; Laborde, R.; Oglaza, A.; Rammal, D.; Barrère, F. Dynamic security management driven by situations: An Exploratory analysis of logs for the identification of security situations. In Proceedings of the 2019 3rd Cyber Security in Networking Conference (CSNet), Quito, Ecuador, 23–25 October 2019; pp. 66–72. [Google Scholar]
- Gadyatskaya, O.; Labunets, K.; Paci, F. Towards empirical evaluation of automated risk assessment methods. In International Conference on Risks and Security of Internet and Systems; Springer: Cham, Switzerland, 2016; pp. 77–86. [Google Scholar]
- Jing, Y.; Ahn, G.J.; Zhao, Z.; Hu, H. Riskmon: Continuous and automated risk assessment of mobile applications. In Proceedings of the 4th ACM Conference on Data and Application Security and Privacy, San Antonio, TX, USA, 3–5 March 2014; pp. 99–110. [Google Scholar]
- Medhioub, M.; Kim, T.H.; Hamdi, M. Adaptive risk treatment for cloud computing based on Markovian game. In Proceedings of the 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, 8–11 January 2017; pp. 236–241. [Google Scholar]
- Pyykköa, H.; Kuusijärvib, J.; Silverajanc, B.; Hinkkaa, V. The Cyber Threat Preparedness in the Maritime Logistics Industry. In Proceedings of the 8th Transport Research Arena, Helsinki, Finland, 27–30 April 2020; pp. 27–30. [Google Scholar]
- De la Peña Zarzuelo, I. Cybersecurity in ports and maritime industry: Reasons for raising awareness on this issue. Transp. Policy 2021, 100, 1–4. [Google Scholar] [CrossRef]
- Zhao, H.; Silverajan, B. A Dynamic Visualization Platform for Operational Maritime Cybersecurity. In Cooperative Design, Visualization, and Engineering; Luo, Y., Ed.; Springer International Publishing: Cham, Switzerland, 2020; pp. 202–208. [Google Scholar]
- Androjna, A.; Brcko, T.; Pavic, I.; Greidanus, H. Assessing Cyber Challenges of Maritime Navigation. J. Mar. Sci. Eng. 2020, 8, 776. [Google Scholar] [CrossRef]
- Leite Junior, W.C.; de Moraes, C.C.; de Albuquerque, C.E.; Machado, R.C.S.; de Sá, A.O. A Triggering Mechanism for Cyber-Attacks in Naval Sensors and Systems. Sensors 2021, 21, 3195. [Google Scholar] [CrossRef] [PubMed]
- Caprolu, M.; Di Pietro, R.; Raponi, S.; Sciancalepore, S.; Tedeschi, P. Vessels cybersecurity: Issues, challenges, and the road ahead. IEEE Commun. Mag. 2020, 58, 90–96. [Google Scholar] [CrossRef]
- Yoo, Y.; Park, H.S. Qualitative Risk Assessment of Cybersecurity and Development of Vulnerability Enhancement Plans in Consideration of Digitalized Ship. J. Mar. Sci. Eng. 2021, 9, 565. [Google Scholar] [CrossRef]
- Kavallieratos, G.; Katsikas, S.; Gkioulos, V. SafeSec Tropos: Joint security and safety requirements elicitation. Comput. Stand. Interfaces 2020, 70, 103429. [Google Scholar] [CrossRef]
- Enoch, S.Y.; Lee, J.S.; Kim, D.S. Novel security models, metrics and security assessment for maritime vessel networks. Comput. Netw. 2021, 189, 107934. [Google Scholar] [CrossRef]
- Bolbot, V.; Theotokatos, G.; Boulougouris, E.; Vassalos, D. A novel cyber-risk assessment method for ship systems. Saf. Sci. 2020, 131, 104908. [Google Scholar] [CrossRef]
- Sahay, R.; Meng, W.; Estay, D.S.; Jensen, C.D.; Barfod, M.B. CyberShip-IoT: A dynamic and adaptive SDN-based security policy enforcement framework for ships. Future Gener. Comput. Syst. 2019, 100, 736–750. [Google Scholar] [CrossRef]
- Singh, V.K.; Jain, R. Situation Recognition Using Eventshop; Springer: Heidelberg, Germany, 2016. [Google Scholar]
- Dey, A.K. Understanding and using context. Pers. Ubiquitous Comput. 2001, 5, 4–7. [Google Scholar] [CrossRef]
- Endsley, M.R. Design and evaluation for situation awareness enhancement. In Proceedings of the Human Factors and Ergonomics Society 32nd Annual Meeting; SAGE Publications: Thousand Oaks, CA, USA, 1988; Volume 32, pp. 97–101. [Google Scholar]
- Zwaan, R.A.; Radvansky, G.A. Situation models in language comprehension and memory. Psychol. Bull. 1998, 123, 162. [Google Scholar] [CrossRef] [PubMed]
- Technical Committee: ISO/IEC JTC 1/SC 27. ISO/IEC 27001:2013; Information Technology—Security techniques—Information Security Management. Technical Report; International Standardization Organization: Geneva, Switzerland, 2013.
- ISO/IEC 27005:2011; Information Technology—Security Techniques—Information Security Risk Management. Technical Report; International Standardization Organization: Geneva, Switzerland, 2005.
- Ross, R.S. Guide for Conducting Risk Assessments (NIST SP-800-30rev1); The National Institute of Standards and Technology (NIST): Gaithersburg, MD, USA, 2012. [Google Scholar]
- Stellios, I.; Kotzanikolaou, P.; Grigoriadis, C. Assessing IoT enabled cyber-physical attack paths against critical systems. Comput. Secur. 2021, 107, 102316. [Google Scholar] [CrossRef]
- National Vulnerability Database. Available online: https://nvd.nist.gov/ (accessed on 1 September 2021).
- Grigoriadis, C.; Berzovitis, M.; Stellios, I.; Kotzanikolaou, P. A Cybersecurity Ontology to Support Risk Information Gathering in Cyber-Physical Systems. In Proceedings of the 7th Workshop on the Security of Industrial Control Systems & of Cyber-Physical Systems (CyberICPS 2021), Darmstadt, Germany, 4–8 October 2021. [Google Scholar]
- Adi, A.; Etzion, O. Amit—The situation manager. VLDB J.—Int. J. Very Large Data Bases 2004, 13, 177–203. [Google Scholar] [CrossRef]
- Luckham, D. The power of events: An introduction to complex event processing in distributed enterprise systems. In Workshop on Rules and Rule Markup Languages for the Semantic Web; Springer: Berlin/Heidelberg, Germany, 2008; p. 3. [Google Scholar]
- Chadwick, D.W.; Su, L.; Otenko, O.; Laborde, R. Coordination between distributed PDPs. In Proceedings of the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY’06), London, ON, Canada, 5–7 June 2006. [Google Scholar]
- Chadwick, D.W.; Su, L.; Laborde, R. Coordinating access control in grid services. Concurr. Comput. Pract. Exp. 2008, 20, 1071–1094. [Google Scholar] [CrossRef] [Green Version]
- Open Standard. eXtensible Access Control Markup Language (XACML) Version 3.0. 2013. Available online: https://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html (accessed on 1 September 2021).
- Open Standard. Abbreviated Language for Authorization Draft Version 1.0. 2015. Available online: https://www.oasis-open.org/committees/download.php/55228/alfa-for-xacml-v1.0-wd01.doc (accessed on 15 November 2021).
- Chabridon, S.; Laborde, R.; Desprats, T.; Oglaza, A.; Marie, P.; Marquez, S.M. A survey on addressing privacy together with quality of context for context management in the Internet of Things. Ann. Telecommun. 2014, 69, 47–62. [Google Scholar] [CrossRef]
- Chabridon, S.; Bouzeghoub, A.; Ahmed-Nacer, A.; Marie, P.; Desprats, T. Unified modeling of quality of context and quality of situation for context-aware applications in the internet of things. In International and Interdisciplinary Conference on Modeling and Using Context; Springer: Cham, Switzerland, 2017; pp. 370–374. [Google Scholar]
AV | Local | Adjacent | Network | |||||||
---|---|---|---|---|---|---|---|---|---|---|
AC | Low | Medium | High | Low | Medium | High | Low | Medium | High | |
AUTH | ||||||||||
Multiple | VL | VL | L | L | L | M | M | M | H | |
Single | VL | L | M | L | M | H | M | H | VH | |
None | L | M | M | M | H | H | H | VH | VH |
C | None | Low | High | |||||||
---|---|---|---|---|---|---|---|---|---|---|
I | None | Low | High | None | Low | High | None | Low | High | |
A | ||||||||||
None | VL | VL | L | L | L | M | M | M | H | |
Low | VL | L | M | L | M | H | M | H | VH | |
High | L | M | M | M | H | H | H | VH | VH |
Initial Impact | Asset Criticality | ||
---|---|---|---|
Low | Medium | High | |
Very Low | VL | L | L |
Low | L | L | M |
Medium | L | M | H |
High | L | H | H |
Very High | M | H | VH |
Situations | ||||||||
---|---|---|---|---|---|---|---|---|
Assets | S1 Cargo Loading | S2 Cargo Unloading | S3 Transfer (Safe_Alone) | S4 Transfer (Safe_Prox_K) | S5 Transfer (Safe_Prox_UK) | S6 Transfer (Unsafe_Alone) | S7 Transfer (Unsafe_Prox_K) | S8 Transfer (Unsafe_Prox_UK) |
Admin Adobe Reader | X | X | X | |||||
Admin FTP Client | X | X | X | |||||
Admin Operating System | X | X | X | X | X | X | X | X |
Admin SSH client | X | X | X | X | X | |||
Admin Web Browser | X | X | X | X | X | X | ||
Admin Wincc SCADA | X | X | X | X | X | X | ||
Inmarsat AmosConnect | X | X | X | |||||
GPS | X | X | X | |||||
AIS Gateway | X | X | ||||||
VTS | X | X | ||||||
FTP (Manifest Storage) | X | X | ||||||
Web Services | X | X |
Situations | ||||||||
---|---|---|---|---|---|---|---|---|
Threat Agents | S1 Cargo Loading | S2 Cargo Unloading | S3 Transfer (Safe_Alone) | S4 Transfer (Safe_Prox_K) | S5 Transfer (Safe_Prox_UK) | S6 Transfer (Unsafe_Alone) | S7 Transfer (Unsafe_Prox_K) | S8 Transfer (Unsafe_Prox_UK) |
Disgruntled Employee | X | X | X | X | X | X | X | X |
Disgruntled Maritime Systems Administrator (Internal Spy) | X | X | X | X | X | X | X | X |
Cyber Criminal Group (Mobster) | X | X | X | X | X | X | ||
Cyber Terrorist | X | X | X | X | X | X | ||
Nation State | X | X | X | X | X | X | ||
Pirate | X | X | ||||||
Corrupt Port Official | X | X |
Situations | Situational Risk Assessment (Indicative Risks per Situation) | Situational Risk Mitigation (Relevant Security Controls) | |||||||
---|---|---|---|---|---|---|---|---|---|
Asset | Threat Agent | Threat | Vulnerability/ Vuln. Level | Impact Level | Risk Level | High Level Security Control (DEFEND) | Specific Mitigation | Risk after Mitigation | |
S1 & S2: Cargo Loading & Unloading | Admin Adobe Reader | Corrupt Port Official | CAPEC - 10 | CVE-2011-2440: VH | VH | VH | Software Update | Patch Software. | M |
Admin Operating System | Corrupt Port Official | CAPEC - 100 | CVE-2016-0145: VH | VH | VH | File Hashing | Employing file hash comparisons to detect known malware. | M | |
Admin FTP client | Internal Spy | CAPEC - 137 | CVE-2008-3734: VH | VH | VH | File Hashing | Employing file hash comparisons to detect known malware. | M | |
S3: Transfer Safe_Alone | Admin Web Browser | Disgruntled Employee | CAPEC - 588 | CVE-2015-6144: VH | VL | M | (1) Resource access pattern analysis (2) Strong password policy | (1) Monitor access to Admin web access (2) Apply strong password policy or dual authentication for web admin access. | VL |
GPS | Nation State | CAPEC - 628 | CVE-2017-5239: VH | L | M | - | - | L | |
S4: Transfer Safe_Prox_K | GPS | Nation State | CAPEC - 628 | CVE-2017-5239: VH | L | M | Software Update | Applying a vendor-supplied patch to prevent the device from allowing unauthenticated factory reset without having physical access to the device. | VL |
S5: Transfer Safe_Prox_UK | GPS | Pirate | CAPEC - 628 | CVE-2017-5239: VH | L | M | Message Encryption | Utilize the PKI system to encrypt communications | VL |
S6: Transfer Unsafe_Alone | Admin Wincc SCADA | Disgruntled Maritime Systems Administrator | CAPEC - 76 | CVE-2015-0016: VH | VH | VH | Mandatory Access Control | Remove TSWbPrxy from the IE Elevation Policy | VL |
S7: Transfer Unsafe_Prox_K | Inmarsat AmosConnect | Nation State | CAPEC - 167 | CVE-2017-3222: VH | VH | VH | Strong Password Policy | Delete all hard-coded credentials. | VL |
S8: Transfer Unsafe_Prox_UK | Inmarsat AmosConnect | Cyber Terrorist | CAPEC - 167 | CVE-2017-3222: VH | VH | VH | Strong Password Policy | Apply a strong password policy. | L |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2021 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Grigoriadis, C.; Laborde, R.; Verdier, A.; Kotzanikolaou, P. An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector. Sensors 2022, 22, 238. https://doi.org/10.3390/s22010238
Grigoriadis C, Laborde R, Verdier A, Kotzanikolaou P. An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector. Sensors. 2022; 22(1):238. https://doi.org/10.3390/s22010238
Chicago/Turabian StyleGrigoriadis, Christos, Romain Laborde, Antonin Verdier, and Panayiotis Kotzanikolaou. 2022. "An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector" Sensors 22, no. 1: 238. https://doi.org/10.3390/s22010238
APA StyleGrigoriadis, C., Laborde, R., Verdier, A., & Kotzanikolaou, P. (2022). An Adaptive, Situation-Based Risk Assessment and Security Enforcement Framework for the Maritime Sector. Sensors, 22(1), 238. https://doi.org/10.3390/s22010238