27 March 2021
The Case for Investing in Resilient Maritime Transport Infrastructures
Maritime transport is a dynamic sector which includes various interactions between physical and cyber systems operated by different stakeholders and users. It involves various processes and services such as docking of the ship, loading and unloading, ship navigation, ship-to-ship and ship-to-shore communications, pre-arrival notifications, to name just a few.
Such complex structures provide a vast attack surface, where many attack paths may occur due to various causes, ranging from software vulnerabilities, deliberate attacks or human errors. The incremental evolution of technology in accordance with the spread of automation and digitalisation on maritime transport operations has raised the need to look for strategies, methods and tools that can adequately secure the dynamic environment of maritime transport which includes the involved operators, the critical information infrastructures (of ports and vessels) that function and their corresponding communications.
The identification of the current and near-term future cybersecurity challenges for the maritime transport sector are within the scope of the research roadmapping activities of CyberSec4Europe, along with the identification of the existing methods and tools that may assist researchers in meeting these challenges.
Challenges and opportunities
The complicated dual cyber and physical nature of the maritime environment raises a set of open issues concerning the effective and efficient handling of their security and safety issues. In this context, we have identified a set of research challenges and issues, regarding the distributed and interconnected nature of complex, interrelated maritime components, network and operating environments that need to be investigated:
Developing risk assessment and threat modeling techniques targeted at the maritime transport threat landscape
Existing maritime transport risk assessment methodologies could be enhanced with targeted threat models that capture the adversarial environment of maritime infrastructures such as ship and port facilities. The early identification of novel cyber-physical attacks and cascading attack paths against autonomous ships and port automation SCADA systems are typical examples of new cascading threats.
Security hardening for critical maritime systems
System security hardening is a challenging task in domains where it is hard to analyse and correct software errors. Maritime systems fall into this category, as they are based on non-standard devices, embedded systems, legacy applications, and so on. Therefore, developing efficient hardening techniques for maritime systems is an important research challenge.
Maritime communication system security and trust infrastructures
Maritime communications involve data exchange between ships, ports, remote control centres, vessel traffic services, search and rescue and so on, each of which have different technical and environmental constraints. For example, ships cannot depend on landline communications, while search and rescue communication services require the prioritisation of communication channels in case of emergencies. Setting up and operating efficient trust infrastructures for such an environment is also an open challenge, since typical public key infrastructures require high bandwidth and real time communications for certificate verification, which may not be efficient for the ship environment.
Securing autonomous ships
Autonomous ships are characterised by the increasing deployment of interconnected cyber-physical systems. To this end, a comprehensive requirements elicitation process requires a security assessment to incorporate safety aspects.
Increasing the resilience of maritime infrastructures
Since resilience suggests properties like infrastructure redundancy and robustness, it is implicit that building resilient infrastructures comes with an increase in cost. An interesting problem is balancing infrastructure resilience and cost optimisation. As the recent pandemic has reminded us, the maritime transport sector is a critical sector for many vital activities such as the delivery of medicine and supply chain operations. A major challenge is assuring the resilience of critical maritime systems which should continue to provide a minimum service level during or after a cyber/physical threat, and should also quickly adapt and recover from such unwanted events.
As the EU is one of the key global players in maritime transport, the development of resilient and cost-effective maritime infrastructures is a clear opportunity for Europe.
More information on the research and development roadmap for the maritime transport sector but also for the other verticals examined within CyberSec4Europe can be found here.
Panayiotis Kotzanikolaou and Eleni-Maria Kalograki, University of Piraeus