Ferney Martínez , Luis E. Sánchez , Antonio Santos-Olmo , David G. Rosado , Eduardo Fernández-Medina
{"title":"Integrated maritime protection: Innovation for the safeguarding of maritime systems based on MARISMA","authors":"Ferney Martínez , Luis E. Sánchez , Antonio Santos-Olmo , David G. Rosado , Eduardo Fernández-Medina","doi":"10.1016/j.cose.2025.104699","DOIUrl":null,"url":null,"abstract":"<div><div>The maritime sector is becoming increasingly susceptible to sophisticated cyber-attacks, underscoring the pressing necessity for advanced research and development to establish robust safeguards for maritime assets. Although risk assessment methods for traditional IT systems are now highly developed, they are not directly applicable to risk assessment in maritime environments due to the specific characteristics and particularities of the latter. Therefore, there is an urgent need to define approaches that adequately support risk assessment in maritime environments. To contribute to this important challenge, we propose a novel risk analysis technique, specifically tailored for the maritime sector, based on MARISMA, a security management methodology, and eMARISMA, its cloud-based technological support tool. Our work contributes to the state of the art by defining the MARISMA-SHIPS maritime cybersecurity pattern, which includes a set of reusable and adaptable elements that enable risk management and control in a maritime environment, and is aligned with major international standards such as ENISA and NIST, as well as existing maritime regulations, becoming a key part of our ongoing POSEIDON maritime cybersecurity framework. A case study is presented for a ship developed in the main shipyard in Colombia, which shows how the reusability and adaptability of the proposal allows the proposed MARISMA-SHIPS pattern to be easily adapted to any maritime environment, and which allowed the identification of critical areas of cybersecurity that could be improved. The application of the process in the maritime domain has proven its value in improving the efficiency and security management of maritime assets.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104699"},"PeriodicalIF":5.4000,"publicationDate":"2025-10-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003888","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
Abstract
The maritime sector is becoming increasingly susceptible to sophisticated cyber-attacks, underscoring the pressing necessity for advanced research and development to establish robust safeguards for maritime assets. Although risk assessment methods for traditional IT systems are now highly developed, they are not directly applicable to risk assessment in maritime environments due to the specific characteristics and particularities of the latter. Therefore, there is an urgent need to define approaches that adequately support risk assessment in maritime environments. To contribute to this important challenge, we propose a novel risk analysis technique, specifically tailored for the maritime sector, based on MARISMA, a security management methodology, and eMARISMA, its cloud-based technological support tool. Our work contributes to the state of the art by defining the MARISMA-SHIPS maritime cybersecurity pattern, which includes a set of reusable and adaptable elements that enable risk management and control in a maritime environment, and is aligned with major international standards such as ENISA and NIST, as well as existing maritime regulations, becoming a key part of our ongoing POSEIDON maritime cybersecurity framework. A case study is presented for a ship developed in the main shipyard in Colombia, which shows how the reusability and adaptability of the proposal allows the proposed MARISMA-SHIPS pattern to be easily adapted to any maritime environment, and which allowed the identification of critical areas of cybersecurity that could be improved. The application of the process in the maritime domain has proven its value in improving the efficiency and security management of maritime assets.
期刊介绍:
Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world.
Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.