Dr. Aybars Oruç
Denizcilik Siber Güvenliği Uzmanı
Akademik Yayınlar
Evaluation of Maritime Cyber Security (MarCy) Training Programme
Abstract
The prevalence of digital technologies is growing in the maritime industry, as in other sectors. Consequently, concerns regarding cyber risks are also escalating. Incidents have occurred in the industry, and findings from academic studies further validate these concerns. While technical measures are being taken against cyber threats, the human element remains another crucial aspect that requires strengthening. To effectively combat cyber threats and vulnerabilities, it is imperative to enhance individuals’ awareness through education and training. In order to address the cyber security training needs of maritime professionals and students, we have developed an approach called the Maritime Cyber Security (MarCy) training programme. In this study, we evaluate all stages of the proposed programme through four conducted training sessions involving different learner groups. As a result, the MarCy programme was improved based on the findings obtained during the training sessions and the feedback from the learners. This study validates that the MarCy programme is an effective approach to meet the cyber security training needs of various groups in the maritime domain.
Cyber Security of the Integrated Navigation System (INS)
Abstract
The maritime sector, similar to other industries, is swiftly adapting to evolving technologies. However, these advancing technologies also bring forth cyber security concerns. Attacks on ships and findings from scientific studies confirm such concerns. Because of their long service lives, technologies on ships lag behind, making it challenging to address risks arising from operational principles. Moreover, many commercially operated vessels typically lack a cyber security expert. The limited support available from cyber security experts leaves the ship’s crew directly confronting cyber attacks occurring nautical miles away from the shore.
Modern ships are equipped with computerized systems for various purposes. The Integrated Navigation System (INS) is one such system that improves navigation safety by integrating data from multiple devices onboard, aiding the Officer of the Watch (OOW) in ship navigation planning and monitoring. The INS’s ability to gather information from various components exposes it to cyber risks associated with these connected components, resulting in a broad attack surface. The cyber security of such a system with an extensive attack surface should be ensured, considering all three dimensions of cyber security: people, process, and technology.
The objective of this thesis is to provide effective recommendations for enhancing the cyber security of INS by considering all three aspects of cyber security. The focus includes understanding testbed requirements for the technology aspect, implementing risk assessment methodologies for the process aspect, and developing a training programme for the people aspect.
In the initial phase, a reference architecture for INS is created, identifying its components, subcomponents, connections, dependencies, interfaces, data flows, and communication protocols. Concurrently, testbed requirements are outlined to facilitate cyber security research on INS, encompassing activities such as vulnerability analysis. This process aims to achieve a comprehensive technical understanding of an INS while integrating testbed requirements.
Subsequently, potential risks to which INS may be exposed are identified by reviewing the literature, academic studies, and incidents of cyber security breaches in the maritime sector. The identified risks are assessed for INS using both novel and customized methods, incorporating mitigation measures from academic studies and industry practices.
Lastly, considering risks and preventive measures, a training programme is proposed and evaluated through four distinct training sessions. This programme aims not only to enhance the cyber security awareness of seafarers but also that of various professionals in the other fields of the maritime domain.
This thesis provides a comprehensive contribution to enhancing the resilience of INS against cyber risks by considering the foundational elements of people, process, and technology in the proposed recommendations. The findings, observations, methodologies, and recommendations presented in this thesis can be valuable resources for both researchers and industry professionals aiming to protect INS and its associated components from cyber attacks.
Survey-based Analysis of Cybersecurity Awareness of Turkish Seafarers
Abstract
In recent years, vessels have become increasingly digitized, reflecting broader societal trends. As a result, maritime operations have become an attractive target for cyber threat actors. Despite the limited cybersecurity training seafarers receive, they are expected to operate within technologically advanced environments. The importance of cybersecurity awareness is evident, but the extent of seafarers’ knowledge in this area remains uncertain. This article investigates three primary aspects: (1) the current state of cybersecurity onboard cargo vessels, (2) seafarers’ cybersecurity awareness, and (3) potential improvements in seafarers’ cybersecurity awareness. To accomplish this, a literature review is conducted to collect and analyze current research, supplemented by a questionnaire survey targeting Turkish seafarers. Our findings support increased investment in awareness and training programs, including organizational-wide cybersecurity awareness efforts, more frequent training, mandatory training for all seafarers through the Standards of Training Certification and Watchkeeping (STCW), and the appointment of a Cybersecurity Officer (CySO) to ensure satisfactory cybersecurity levels onboard. Since this article focuses on high-level topics by assessing the general state of maritime cybersecurity and seafarers’ cybersecurity awareness, it does not delve into detailed considerations of awareness and training programs. Nevertheless, it lays the foundation for future research in this area.
Cyber Risk Assessment for SHips (CRASH)
Abstract
The maritime industry is undergoing a digital transformation, with an increasing integration of Information Technology (IT) and Operational Technology (OT) systems on modern vessels. Its multiple benefits notwithstanding, this transformation brings with it increased cybersecurity risks, that need to be identified, assessed, and managed. Although several cyber risk assessment methodologies are available in the literature, they may be challenging for experts with a maritime background to use. In this paper we propose a simple and effective cyber risk assessment methodology, named Cyber Risk Assessment for SHips (CRASH), that can be easily implemented by maritime professionals. To showcase its workings, we assessed 24 cyber risks of the Integrated Navigation System (INS) using CRASH and we validated the method by comparing its results to those of another method and by means of interviews with experts in the maritime sector. CRASH can aid shipping companies in effectively assessing cyber risks as a step towards selecting and implementing necessary measures to enhance the cyber security of cyber-physical systems onboard their vessels.
A Modular Cyber Security Training Programme for the Maritime Domain
Abstract
The global maritime industry is continuing the rapid digitization of systems and dependency on advancing technology, in a trend akin to other industrial domains. One of the main issues that this integration has brought is an increased vulnerability to a growing number of cyber threats. While several security measures are being implemented to prevent or respond to cyber attacks, the human element is still one of the main weaknesses. Many of today’s cyber attacks take advantage of human personnel’s lack of awareness, which makes cyber security awareness and training activities of critical importance. Unfortunately, current research is still limited in its offerings for cyber security training specific to maritime personnel. Moreover, such training programmes for the professionals should be developed role-based in accordance with the suggestions of many credited maritime organizations. For this reason, we developed a modular cyber security training programme for the maritime domain called Maritime Cyber Security (MarCy) by implementing Critical Events Model (CEM). Then, we evaluated the MarCy programme by utilizing the Delphi technique with the participation of 19 experts from academia and industry. In this study, we offer cyber security training for seafarers and office employees in shipping companies. We proposed eleven elective modules to improve the knowledge, skills, and attitude of learners against cyber risks. The MarCy programme can be implemented by universities, shipping companies, training institutes, and governmental organizations for maritime cyber security training purposes.
Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework
Abstract
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities.
Ethical Considerations in Maritime Cybersecurity Research
Abstract
Maritime transportation, an essential component of world trade, is performed by contemporary vessels. Despite the improvements that rapid advances in technology have brought to vessels’ operational efficiency and capability for safe navigation, the cyber risks associated with modern systems have increased apace. Widespread publicity regarding cyber incidents onboard ships has sparked extensive research on the part of universities, industry, and governmental organisations seeking to understand cyber risks. Consequently, researchers have discovered and disclosed an increasing number of threats and vulnerabilities in this context, providing information that in itself may pose a threat when accessed by the wrong parties. Thus, this paper aims to raise researchers’ awareness of ethical concerns and provide guidance for sound decision-making in areas where the research process must be handled carefully to avoid harm. To this end, this paper presents a literature review that explores the ethical issues involved in maritime cybersecurity research and provides specific examples to promote further understanding. Six ethical principles and four categories of ethical dilemmas are discussed. Finally, the paper offers recommendations that can guide researchers in dealing with any ethical conflicts that may arise while studying maritime cybersecurity.
Tools for Organizing an Effective Virtual Academic Conference
Abstract
Academic conferences are an indispensable component of contemporary science, giving researchers the opportunity to present the results of recent investigations, become familiar with other scholars’ studies, and build and expand a network for future collaborations. However, the impact of the COVID-19 pandemic has caused the format of academic conferences to shift, leading virtual conferences to become increasingly popular in the academic environment. Along the way, practical online tools used to organize a virtual academic conference have attained prominence. This study evaluates the various features that service providers currently offer, having thoroughly investigated many tools that are currently on the market. The discussion categorizes these online tools into three groups based on function: event management tools, submission management tools, and online conferencing tools. The study findings contribute to conference organizers’ ability to determine useful features for conducting a virtual academic conference. Moreover, the results reveal that the tools that support event and submission management can also benefit traditional scientific conferences, making this study valuable for those organizing all types of conferences, whether virtual or traditional.
Navigation Data Anomaly Analysis and Detection
Abstract
Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, traditional Integrated Navigation System (INS) and Autonomous Passenger Ship (APS). The results reflect the utility of specification and frequency-based detection in detecting the identified anomalies with high confidence. Furthermore, the analysis is found to facilitate the communication of threats through indicating the possible impact of the identified anomalies against the navigational operations. Moreover, we have developed a testing environment that facilitates conducting the analysis. The environment includes a developed tool, NMEA-Manipulator that enables the invocation of the identified anomalies through a group of cyber attacks on sensor data. Our work paves the way for future work in the analysis of NMEA anomalies toward the development of an NMEA intrusion detection system.
Towards a Cyber-Physical Range for the Integrated Navigation System (INS)
Abstract
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of e-navigation testbeds including some recognized by the IALA exist, they pertain to parts only of the Integrated Navigation System (INS) concept. Moreover, existing e-navigation and bridge testbeds do not have a cybersecurity testing functionality, therefore they cannot be used for assessing the cybersecurity posture of the INS. With cybersecurity concerns on the rise in the maritime domain, it is important to provide such capability. In this paper we review existing bridge testbeds, IMO regulations, and international standards, to first define a reference architecture for the INS and then to develop design specifications for an INS Cyber-Physical Range, i.e., an INS testbed with cybersecurity testing functionality.