Integrated maritime protection: Innovation for the safeguarding of maritime systems based on MARISMA

The maritime sector is becoming increasingly susceptible to sophisticated cyber-attacks, underscoring the pressing necessity for advanced research and development to establish robust safeguards for maritime assets. Although risk assessment methods for traditional IT systems are now highly developed, they are not directly applicable to risk assessment in maritime environments due to the specific characteristics and particularities of the latter. Therefore, there is an urgent need to define approaches that adequately support risk assessment in maritime environments. To contribute to this important challenge, we propose a novel risk analysis technique, specifically tailored for the maritime sector, based on MARISMA, a security management methodology, and eMARISMA, its cloud-based technological support tool. Our work contributes to the state of the art by defining the MARISMA-SHIPS maritime cybersecurity pattern, which includes a set of reusable and adaptable elements that enable risk management and control in a maritime environment, and is aligned with major international standards such as ENISA and NIST, as well as existing maritime regulations, becoming a key part of our ongoing POSEIDON maritime cybersecurity framework. A case study is presented for a ship developed in the main shipyard in Colombia, which shows how the reusability and adaptability of the proposal allows the proposed MARISMA-SHIPS pattern to be easily adapted to any maritime environment, and which allowed the identification of critical areas of cybersecurity that could be improved. The application of the process in the maritime domain has proven its value in improving the efficiency and security management of maritime assets.