网络自主货船的网络风险评估

IF 4.1 3区 工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS
Awais Yousaf , Ahmed Amro , Philip Teow Huat Kwa , Meixuan Li , Jianying Zhou
{"title":"网络自主货船的网络风险评估","authors":"Awais Yousaf ,&nbsp;Ahmed Amro ,&nbsp;Philip Teow Huat Kwa ,&nbsp;Meixuan Li ,&nbsp;Jianying Zhou","doi":"10.1016/j.ijcip.2024.100695","DOIUrl":null,"url":null,"abstract":"<div><p>The increasing interest in autonomous ships within the maritime industry is driven by the pursuit of revenue optimization, operational efficiency, safety improvement and going greener. However, the industry’s increasing reliance on emerging technologies for the development of autonomous ships extends the attack surface, leaving the underlying ship systems vulnerable to potential exploitation by malicious actors. In response to these emerging challenges, this research extends an existing cyber risk assessment approach called FMECA-ATT&amp;CK based on failure modes, effects and criticality analysis (FMECA), and the MITRE ATT&amp;CK framework. As a part of our work, we have expanded the FMECA-ATT&amp;CK approach to assessing cyber risks related to systems with artificial intelligence components in cyber-enabled autonomous ships (e.g. autonomous engine monitoring and control). This new capability was developed using the information and semantics encoded in the MITRE ATLAS framework. FMECA-ATT&amp;CK has been adopted due to its comprehensive and adaptable nature and its promising venue for supporting continuous cyber risk assessment. It helps evaluate the cyber risks associated with the complex and state-of-the-art operational technologies on board autonomous ships. The cyber risk assessment approach assists cybersecurity experts in aligning mitigation strategies for the cyber defence of autonomous ships. It also contributes towards advancing overall cybersecurity in the maritime industry and ensures the safe and secure sailing of autonomous ships. Our key findings after applying the proposed approach against a model of an autonomous cargo ship is the identification of the Navigation Situation Awareness System (NSAS) of the ship as being at the highest risk followed by the Autonomous Engine Monitoring and Control (AEMC) system. Additionally, we identified 3 high, 48 medium, and 5776 low risks across 29 components.</p></div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"46 ","pages":"Article 100695"},"PeriodicalIF":4.1000,"publicationDate":"2024-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Cyber risk assessment of cyber-enabled autonomous cargo vessel\",\"authors\":\"Awais Yousaf ,&nbsp;Ahmed Amro ,&nbsp;Philip Teow Huat Kwa ,&nbsp;Meixuan Li ,&nbsp;Jianying Zhou\",\"doi\":\"10.1016/j.ijcip.2024.100695\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>The increasing interest in autonomous ships within the maritime industry is driven by the pursuit of revenue optimization, operational efficiency, safety improvement and going greener. However, the industry’s increasing reliance on emerging technologies for the development of autonomous ships extends the attack surface, leaving the underlying ship systems vulnerable to potential exploitation by malicious actors. In response to these emerging challenges, this research extends an existing cyber risk assessment approach called FMECA-ATT&amp;CK based on failure modes, effects and criticality analysis (FMECA), and the MITRE ATT&amp;CK framework. As a part of our work, we have expanded the FMECA-ATT&amp;CK approach to assessing cyber risks related to systems with artificial intelligence components in cyber-enabled autonomous ships (e.g. autonomous engine monitoring and control). This new capability was developed using the information and semantics encoded in the MITRE ATLAS framework. FMECA-ATT&amp;CK has been adopted due to its comprehensive and adaptable nature and its promising venue for supporting continuous cyber risk assessment. It helps evaluate the cyber risks associated with the complex and state-of-the-art operational technologies on board autonomous ships. The cyber risk assessment approach assists cybersecurity experts in aligning mitigation strategies for the cyber defence of autonomous ships. It also contributes towards advancing overall cybersecurity in the maritime industry and ensures the safe and secure sailing of autonomous ships. Our key findings after applying the proposed approach against a model of an autonomous cargo ship is the identification of the Navigation Situation Awareness System (NSAS) of the ship as being at the highest risk followed by the Autonomous Engine Monitoring and Control (AEMC) system. Additionally, we identified 3 high, 48 medium, and 5776 low risks across 29 components.</p></div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"46 \",\"pages\":\"Article 100695\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-06-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548224000362\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000362","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

摘要

海运业对自主船舶的兴趣与日俱增,其驱动力是追求收入优化、运营效率、安全改善和绿色环保。然而,该行业在开发自主船舶时越来越依赖新兴技术,这扩大了攻击面,使底层船舶系统容易受到恶意行为者的潜在利用。为了应对这些新出现的挑战,本研究在故障模式、影响和关键性分析(FMECA)和 MITRE ATT&CK 框架的基础上,扩展了一种名为 FMECA-ATT&CK 的现有网络风险评估方法。作为我们工作的一部分,我们扩展了 FMECA-ATT&CK 方法,以评估与具有人工智能组件的网络自主船舶系统(如自主发动机监测和控制)相关的网络风险。这项新功能是利用 MITRE ATLAS 框架中编码的信息和语义开发的。FMECA-ATT&CK 因其全面性和适应性,以及支持持续网络风险评估的广阔前景而被采用。它有助于评估与自主船舶上复杂而先进的操作技术相关的网络风险。网络风险评估方法有助于网络安全专家调整自主式船舶网络防御的缓解战略。它还有助于推进海运业的整体网络安全,确保自主航行船舶的安全航行。在对自主货船模型应用所提出的方法后,我们的主要发现是船舶的导航态势感知系统(NSAS)风险最高,其次是自主发动机监测和控制系统(AEMC)。此外,我们还在 29 个组件中识别出 3 个高风险、48 个中风险和 5776 个低风险。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
Cyber risk assessment of cyber-enabled autonomous cargo vessel

The increasing interest in autonomous ships within the maritime industry is driven by the pursuit of revenue optimization, operational efficiency, safety improvement and going greener. However, the industry’s increasing reliance on emerging technologies for the development of autonomous ships extends the attack surface, leaving the underlying ship systems vulnerable to potential exploitation by malicious actors. In response to these emerging challenges, this research extends an existing cyber risk assessment approach called FMECA-ATT&CK based on failure modes, effects and criticality analysis (FMECA), and the MITRE ATT&CK framework. As a part of our work, we have expanded the FMECA-ATT&CK approach to assessing cyber risks related to systems with artificial intelligence components in cyber-enabled autonomous ships (e.g. autonomous engine monitoring and control). This new capability was developed using the information and semantics encoded in the MITRE ATLAS framework. FMECA-ATT&CK has been adopted due to its comprehensive and adaptable nature and its promising venue for supporting continuous cyber risk assessment. It helps evaluate the cyber risks associated with the complex and state-of-the-art operational technologies on board autonomous ships. The cyber risk assessment approach assists cybersecurity experts in aligning mitigation strategies for the cyber defence of autonomous ships. It also contributes towards advancing overall cybersecurity in the maritime industry and ensures the safe and secure sailing of autonomous ships. Our key findings after applying the proposed approach against a model of an autonomous cargo ship is the identification of the Navigation Situation Awareness System (NSAS) of the ship as being at the highest risk followed by the Autonomous Engine Monitoring and Control (AEMC) system. Additionally, we identified 3 high, 48 medium, and 5776 low risks across 29 components.

求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
International Journal of Critical Infrastructure Protection
International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY
CiteScore
8.90
自引率
5.60%
发文量
46
审稿时长
>12 weeks
期刊介绍: The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信