A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR

Abstract

Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship’s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.