Affiliation:
1. Norwegian University of Science and Technology, Teknologivegen, Gjøvik, Norway
Abstract
Autonomous transport is receiving increasing attention, with research and development activities already providing prototype implementations. In this article we focus on
Autonomous Passenger Ships (APS)
, which are being considered as a solution for passenger transport across urban waterways. The ambition of the authors has been to examine the safety and security implications of such a
Cyber Physical System (CPS)
, particularly focusing on threats that endanger the passengers and the operational environment of the APS. Accordingly, the article presents a new risk assessment approach based on a
Failure Modes Effects and Criticality Analysis (FMECA)
that is enriched with selected semantics and components of the MITRE ATT&CK framework, in order to utilize the encoded common knowledge and facilitate the expression of attacks. Then, the proposed approach is demonstrated through conducting a risk assessment for a communication architecture tailored to the requirements of APSs that were proposed in earlier work. Moreover, we propose a group of graph theory-based metrics for estimating the impact of the identified risks. The use of this method has resulted in the identification of risks and their corresponding countermeasures, in addition to identifying risks with limited existing mitigation mechanisms. The benefits of the proposed approach are the comprehensive, atomic, and descriptive nature of the identified threats, which reduce the need for expert judgment, and the granular impact estimation metrics that reduce the impact of bias. All these features are provided in a semi-automated approach to reduce the required effort and collectively are argued to enrich the design-level risk assessment processes with an updatable industry threat model standard, namely ATT&CK.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference63 articles.
1. https://github.com/ahmed-amro/APS-Communication_Architecture.git APS communication architecture AADL model
2. 2018. COSCO Shipping Lines Falls Victim to Cyber Attack. https://bit.ly/COSCOAttack.
3. 2018. Iranian hackers suspected in cyber breach and extortion attempt on Navy shipbuilder Austal. https://bit.ly/AustalAttack.
4. Identifying Critical Components in Large Scale Cyber Physical Systems
5. Otis Alexander Misha Belisle and Jacob Steele. 2020. MITRE ATT&CK® for industrial control systems: Design and philosophy. (2020).
Cited by
21 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Dude, Where’s That Ship? Stealthy Radio Attacks Against AIS Broadcasts;2024 IEEE 49th Conference on Local Computer Networks (LCN);2024-10-08
2. Cyber risk assessment of cyber-enabled autonomous cargo vessel;International Journal of Critical Infrastructure Protection;2024-09
3. Systematic literature review of threat modeling and risk assessment in ship cybersecurity;Ocean Engineering;2024-08
4. Cybersecurity risk assessment of a marine dual-fuel engine on inland waterways ship;Proceedings of the Institution of Mechanical Engineers, Part M: Journal of Engineering for the Maritime Environment;2024-07-28
5. Research on neural networks in computer network security evaluation and prediction methods;International Journal of Knowledge-based and Intelligent Engineering Systems;2024-03-03