Cargando…
Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework
Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the b...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
MDPI
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9696195/ https://www.ncbi.nlm.nih.gov/pubmed/36433344 http://dx.doi.org/10.3390/s22228745 |
| _version_ | 1784838247693680640 |
|---|---|
| author | Oruc, Aybars Amro, Ahmed Gkioulos, Vasileios |
| author_facet | Oruc, Aybars Amro, Ahmed Gkioulos, Vasileios |
| author_sort | Oruc, Aybars |
| collection | PubMed |
| description | Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities. |
| format | Online Article Text |
| id | pubmed-9696195 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | MDPI |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-96961952022-11-26 Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework Oruc, Aybars Amro, Ahmed Gkioulos, Vasileios Sensors (Basel) Article Shipping performed by contemporary vessels is the backbone of global trade. Modern vessels are equipped with many computerized systems to enhance safety and operational efficiency. One such system developed is the integrated navigation system (INS), which combines information and functions for the bridge team onboard. An INS comprises many marine components involving cyber threats and vulnerabilities. This study aims to assess the cyber risks of such components. To this end, a methodology considering the MITRE ATT&CK framework, which provides adversarial tactics, techniques, and mitigation measures, was applied by modifying for cyber risks at sea. We assessed cyber risks of 25 components on the bridge by implementing the extended methodology in this study. As a result of the assessment, we found 1850 risks. We classified our results as 1805 low, 32 medium, 9 high, and 4 critical levels for 22 components. Three components did not include any cyber risks. Scientists, ship operators, and product developers could use the findings to protect navigation systems onboard from potential cyber threats and vulnerabilities. MDPI 2022-11-12 /pmc/articles/PMC9696195/ /pubmed/36433344 http://dx.doi.org/10.3390/s22228745 Text en © 2022 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
| spellingShingle | Article Oruc, Aybars Amro, Ahmed Gkioulos, Vasileios Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework |
| title | Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework |
| title_full | Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework |
| title_fullStr | Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework |
| title_full_unstemmed | Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework |
| title_short | Assessing Cyber Risks of an INS Using the MITRE ATT&CK Framework |
| title_sort | assessing cyber risks of an ins using the mitre att&ck framework |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9696195/ https://www.ncbi.nlm.nih.gov/pubmed/36433344 http://dx.doi.org/10.3390/s22228745 |
| work_keys_str_mv | AT orucaybars assessingcyberrisksofaninsusingthemitreattckframework AT amroahmed assessingcyberrisksofaninsusingthemitreattckframework AT gkioulosvasileios assessingcyberrisksofaninsusingthemitreattckframework |