Aybars Oruç
Araştırma Görevlisi
Publications
Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework
Abstract
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities.
Ethical Considerations in Maritime Cybersecurity Research
Abstract
Maritime transportation, an essential component of world trade, is performed by contemporary vessels. Despite the improvements that rapid advances in technology have brought to vessels’ operational efficiency and capability for safe navigation, the cyber risks associated with modern systems have increased apace. Widespread publicity regarding cyber incidents onboard ships has sparked extensive research on the part of universities, industry, and governmental organisations seeking to understand cyber risks. Consequently, researchers have discovered and disclosed an increasing number of threats and vulnerabilities in this context, providing information that in itself may pose a threat when accessed by the wrong parties. Thus, this paper aims to raise researchers’ awareness of ethical concerns and provide guidance for sound decision-making in areas where the research process must be handled carefully to avoid harm. To this end, this paper presents a literature review that explores the ethical issues involved in maritime cybersecurity research and provides specific examples to promote further understanding. Six ethical principles and four categories of ethical dilemmas are discussed. Finally, the paper offers recommendations that can guide researchers in dealing with any ethical conflicts that may arise while studying maritime cybersecurity.
Tools for Organizing an Effective Virtual Academic Conference
Abstract
Academic conferences are an indispensable component of contemporary science, giving researchers the opportunity to present the results of recent investigations, become familiar with other scholars’ studies, and build and expand a network for future collaborations. However, the impact of the COVID-19 pandemic has caused the format of academic conferences to shift, leading virtual conferences to become increasingly popular in the academic environment. Along the way, practical online tools used to organize a virtual academic conference have attained prominence. This study evaluates the various features that service providers currently offer, having thoroughly investigated many tools that are currently on the market. The discussion categorizes these online tools into three groups based on function: event management tools, submission management tools, and online conferencing tools. The study findings contribute to conference organizers’ ability to determine useful features for conducting a virtual academic conference. Moreover, the results reveal that the tools that support event and submission management can also benefit traditional scientific conferences, making this study valuable for those organizing all types of conferences, whether virtual or traditional.
Navigation Data Anomaly Analysis and Detection
Abstract
Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, traditional Integrated Navigation System (INS) and Autonomous Passenger Ship (APS). The results reflect the utility of specification and frequency-based detection in detecting the identified anomalies with high confidence. Furthermore, the analysis is found to facilitate the communication of threats through indicating the possible impact of the identified anomalies against the navigational operations. Moreover, we have developed a testing environment that facilitates conducting the analysis. The environment includes a developed tool, NMEA-Manipulator that enables the invocation of the identified anomalies through a group of cyber attacks on sensor data. Our work paves the way for future work in the analysis of NMEA anomalies toward the development of an NMEA intrusion detection system.
Towards a Cyber-Physical Range for the Integrated Navigation System (INS)
Abstract
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of e-navigation testbeds including some recognized by the IALA exist, they pertain to parts only of the Integrated Navigation System (INS) concept. Moreover, existing e-navigation and bridge testbeds do not have a cybersecurity testing functionality, therefore they cannot be used for assessing the cybersecurity posture of the INS. With cybersecurity concerns on the rise in the maritime domain, it is important to provide such capability. In this paper we review existing bridge testbeds, IMO regulations, and international standards, to first define a reference architecture for the INS and then to develop design specifications for an INS Cyber-Physical Range, i.e., an INS testbed with cybersecurity testing functionality.
Potential Cyber Threats, Vulnerabilities, and Protections of Unmanned Vehicles
Abstract
This study seeks to contribute to the literature by presenting a discussion of potential cyber risks and precautionary measures concerning unmanned vehicles as a whole. In this study, Global Navigation Satellite System (GNSS) spoofing, jamming, password cracking, denial-of-service (DoS), injecting malware, and modification of firmware are identified as potential cyberattack methods against unmanned vehicles. Potential deterrents against the aforementioned cyberattack methods are suggested as well. Illustrations of such safeguards include creating an architecture of the multi-agent system, using solid-state storage components, applying distributed programming tools and techniques, implementing sophisticated encryption techniques for data storage and transmission, deploying additional sensors and systems, and comparing the data received from different sensors.
Requirements for Productivity in the Academic Environment
Abstract
Modern life is improving as a result of the research that corporations, research centres, and universities, in particular, conduct. Moreover, besides their teaching function, the quantity and quality of universities’ research activities comprise an essential criterion for measuring the university’s quality. Today, universities around the world face global competition. Although one facet of the effort to attract productive researchers entails offering more and more, individual incentives are not enough. Universities must also create an attractive academic environment for researchers. This study sought answers to the following question: “What incentives and requirements are necessary to create a productive academic environment?” As the result of a literature review in pursuit of the study aim, the study findings include a total of 10 incentives for researchers and requirements for universities to build a productive research environment in academia.
Claims of State-Sponsored Cyberattack in the Maritime Industry
Abstract
Developments in technology bring inherent risks along with convenience. Undoubtedly, cyberattacks constitute one potentially serious risk. While a stereotypical scenario involves a curious teenager sitting in front of his computer at home, a much more critical threat comes from experienced professionals, supported by states, who are specially trained and who have the necessary technological equipment to do great harm. These cyberattacks exert a negative impact on the maritime industry due to the wide usage area of both information technology (IT) and operational technology (OT) systems. On a related note, opponents of autonomous ship projects can effectively cite the weaknesses detected in navigation systems onboard ships. Examination of cyberattacks in the maritime industry as reflected in the press or in academic studies reveals claims that some of these attacks are state-sponsored. However, no country has to date accepted responsibility for such cyberattacks. Although those targeted by such accusations have neither confirmed nor rejected responsibility, the nature of the attacks – sophisticated or requiring high-cost equipment – raises the possibility that behind the attacks are countries that may have conducted research studies for defensive or offensive purposes. China, Iran, North Korea, Russia and Turkey have been named among the countries carrying out cyberattacks on the maritime industry. It is envisaged that these attacks are based on motivations such as information theft, defence research or sabotage of exploration for underground sources. Among the cyberattacks on vessels that have been assessed as state-sponsored, the most common have involved GPS jamming, rendering GPS useless, and GPS spoofing that causes the GPS to report an incorrect position for a ship at sea. This study examines the cyberattacks on the maritime industry that are asserted as state-sponsored as well as the parties involved in these attacks and the possible objectives of those parties.
Cybersecurity Risk Assessment for Tankers and Defence Methods
Abstract
Ships take significant place in the maritime transport, and technological developments are rapidly reflected on ships. A wide range of equipments, such as GPS ECDIS, AIS and ARPA-Radar is utilized in this field in order to ensure safe navigation on a ship. However, several studies have also been published that show cyber vulnerabilities in navigational equipments. Moreover, cyber attacks in the maritime industry also have led to gain importance of cybersecurity at sea. When compared to other vessel types, such as dry cargo vessels and RO-ROs, tankers are more likely to pollute the environment, to cause more people to be injured or died and more economic loss after an arising accident due to the cargo they carry. Due to this known fact, inspections on cybersecurity have been started firstly on tankers through vetting programmes of TMSA, SIRE and CDI. IMO requires all maritime companies to carry out a cyber risk assessment by 2021. In this study, the potential cyber risks of equipments in the bridge, engine room and cargo control room on a tanker underway were assessed. As a result of the assessment, a total of 31 risks are identified in nine categories, and 37 procedural and technical measures that could be taken against these risks are examined. The risks either before taking measure or after taking measures are evaluated by using the Fuzzy Fine-Kinney method. Thus, effectiveness of the suggested measures is approached.
Tanker Industry is More Ready against Cyber Threats
Abstract
Cyber security in the maritime industry became crucial due to both academic researches and incidents. There are academic studies that show vulnerabilities in various navigation equipments such as GPS, ECDIS, AIS and ARPA-Radar. Additionally, there are different cyber incidents around the world. Developments in technology, autonomous ship projects, academic studies and cyber incidents in the sector put in action IMO. As per ISM Code, all shipping companies are mandatory to add “Guidelines on Maritime Cyber Risk Management” manual to their SMS manuals until 01st January 2021. Both OCIMF and CDI failed to be indifferent to developments that are important for tanker operators as well as IMO. While OCIMF added cybersecurity-related questions to vetting programs called TMSA 3 and VIQ 7, CDI also added cybersecurity-related items in SIR 9.8.1 edition. On the other hand, RightShip provides significant vetting service for dry cargo ships. “Inspection and Assessment Report” is issued by RigthShip for dry cargo ships. Questions related with cybersecurity was added with Revision No: 11 dated on 11th May 2017 in “Inspection and Assessment Report”. In this study, cyber security related questions which are asked during TMSA, SIRE and CDI vettings which play a critical role for commercial life of tanker firms, were analyzed. Moreover, questions and efficiency of RightShip that offers vetting service for dry cargo ships, were assessed to maritime cyber security. Also, cybersecurity-related questions in vetting questionnaires were interpreted by the author. These comments rely on benchmarking meetings among tanker operators where the author personally attended, and interview with key persons. Noted observations during vettings may negatively impact both commercial life and reputation of the tanker operators. That’s why the firm names and interviewee names were kept confidential. In this study, it was seen that although IMO demanded verification of cyber security-related implementations for the ship operators until 01st January 2021, this process started earlier for tanker operators.