Aybars Oruç
Araştırma Görevlisi
Journal Article
Publication Types:
Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework
Abstract
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities.
Ethical Considerations in Maritime Cybersecurity Research
Abstract
Maritime transportation, an essential component of world trade, is performed by contemporary vessels. Despite the improvements that rapid advances in technology have brought to vessels’ operational efficiency and capability for safe navigation, the cyber risks associated with modern systems have increased apace. Widespread publicity regarding cyber incidents onboard ships has sparked extensive research on the part of universities, industry, and governmental organisations seeking to understand cyber risks. Consequently, researchers have discovered and disclosed an increasing number of threats and vulnerabilities in this context, providing information that in itself may pose a threat when accessed by the wrong parties. Thus, this paper aims to raise researchers’ awareness of ethical concerns and provide guidance for sound decision-making in areas where the research process must be handled carefully to avoid harm. To this end, this paper presents a literature review that explores the ethical issues involved in maritime cybersecurity research and provides specific examples to promote further understanding. Six ethical principles and four categories of ethical dilemmas are discussed. Finally, the paper offers recommendations that can guide researchers in dealing with any ethical conflicts that may arise while studying maritime cybersecurity.
Tools for Organizing an Effective Virtual Academic Conference
Abstract
Academic conferences are an indispensable component of contemporary science, giving researchers the opportunity to present the results of recent investigations, become familiar with other scholars’ studies, and build and expand a network for future collaborations. However, the impact of the COVID-19 pandemic has caused the format of academic conferences to shift, leading virtual conferences to become increasingly popular in the academic environment. Along the way, practical online tools used to organize a virtual academic conference have attained prominence. This study evaluates the various features that service providers currently offer, having thoroughly investigated many tools that are currently on the market. The discussion categorizes these online tools into three groups based on function: event management tools, submission management tools, and online conferencing tools. The study findings contribute to conference organizers’ ability to determine useful features for conducting a virtual academic conference. Moreover, the results reveal that the tools that support event and submission management can also benefit traditional scientific conferences, making this study valuable for those organizing all types of conferences, whether virtual or traditional.
Navigation Data Anomaly Analysis and Detection
Abstract
Several disruptive attacks against companies in the maritime industry have led experts to consider the increased risk imposed by cyber threats as a major obstacle to undergoing digitization. The industry is heading toward increased automation and connectivity, leading to reduced human involvement in the different navigational functions and increased reliance on sensor data and software for more autonomous modes of operations. To meet the objectives of increased automation under the threat of cyber attacks, the different software modules that are expected to be involved in different navigational functions need to be prepared to detect such attacks utilizing suitable detection techniques. Therefore, we propose a systematic approach for analyzing the navigational NMEA messages carrying the data of the different sensors, their possible anomalies, malicious causes of such anomalies as well as the appropriate detection algorithms. The proposed approach is evaluated through two use cases, traditional Integrated Navigation System (INS) and Autonomous Passenger Ship (APS). The results reflect the utility of specification and frequency-based detection in detecting the identified anomalies with high confidence. Furthermore, the analysis is found to facilitate the communication of threats through indicating the possible impact of the identified anomalies against the navigational operations. Moreover, we have developed a testing environment that facilitates conducting the analysis. The environment includes a developed tool, NMEA-Manipulator that enables the invocation of the identified anomalies through a group of cyber attacks on sensor data. Our work paves the way for future work in the analysis of NMEA anomalies toward the development of an NMEA intrusion detection system.
Towards a Cyber-Physical Range for the Integrated Navigation System (INS)
Abstract
The e-navigation concept was introduced by the IMO to enhance berth-to-berth navigation towards enhancing environmental protection, and safety and security at sea by leveraging technological advancements. Even though a number of e-navigation testbeds including some recognized by the IALA exist, they pertain to parts only of the Integrated Navigation System (INS) concept. Moreover, existing e-navigation and bridge testbeds do not have a cybersecurity testing functionality, therefore they cannot be used for assessing the cybersecurity posture of the INS. With cybersecurity concerns on the rise in the maritime domain, it is important to provide such capability. In this paper we review existing bridge testbeds, IMO regulations, and international standards, to first define a reference architecture for the INS and then to develop design specifications for an INS Cyber-Physical Range, i.e., an INS testbed with cybersecurity testing functionality.
Potential Cyber Threats, Vulnerabilities, and Protections of Unmanned Vehicles
Abstract
This study seeks to contribute to the literature by presenting a discussion of potential cyber risks and precautionary measures concerning unmanned vehicles as a whole. In this study, Global Navigation Satellite System (GNSS) spoofing, jamming, password cracking, denial-of-service (DoS), injecting malware, and modification of firmware are identified as potential cyberattack methods against unmanned vehicles. Potential deterrents against the aforementioned cyberattack methods are suggested as well. Illustrations of such safeguards include creating an architecture of the multi-agent system, using solid-state storage components, applying distributed programming tools and techniques, implementing sophisticated encryption techniques for data storage and transmission, deploying additional sensors and systems, and comparing the data received from different sensors.
Requirements for Productivity in the Academic Environment
Abstract
Modern life is improving as a result of the research that corporations, research centres, and universities, in particular, conduct. Moreover, besides their teaching function, the quantity and quality of universities’ research activities comprise an essential criterion for measuring the university’s quality. Today, universities around the world face global competition. Although one facet of the effort to attract productive researchers entails offering more and more, individual incentives are not enough. Universities must also create an attractive academic environment for researchers. This study sought answers to the following question: “What incentives and requirements are necessary to create a productive academic environment?” As the result of a literature review in pursuit of the study aim, the study findings include a total of 10 incentives for researchers and requirements for universities to build a productive research environment in academia.