Abstract
Maritime processes involve actors and systems that continuously change their underlying environment, location and threat exposure. Thus, risk mitigation requires a dynamic risk assessment process, coupled with an adaptive, event driven security enforcement mechanism, to efficiently deal with dynamically evolving risks in a cost efficient manner. In this paper, we propose an adaptive security framework that covers both situational risk assessment and situational driven security policy deployment. We extend MITIGATE, a maritime-specific risk assessment methodology, to capture situations in the risk assessment process and thus produce fine-grained and situation-specific, dynamic risk estimations. Then, we integrate DynSMAUG, a situation-driven security management system, to enforce adaptive security policies that dynamically implement security controls specific to each situation. To validate the proposed framework, we test it based on maritime cargo transfer service. We utilize various maritime specific and generic systems employed during cargo transfer, to produce dynamic risks for various situations. Our results show that the proposed framework can effectively assess dynamic risks per situation and automate the enforcement of adaptive security controls per situation. This is an important improvement in contrast to static and situation-agnostic risk assessment frameworks, where security controls always default to worst-case risks, with a consequent impact on the cost and the applicability of proper security controls.
Highlights
Received: 15 November 2021Maritime transport is a complex environment involving various actors with different objectives, cyber and physical components and interconnected systems
Typical ship side systems include: the Automatic Identification System (AIS), a tracking system transmitting information related with the course, speed or type of cargo, which is mainly used for collision avoidance; the Vessel Traffic Service (VTS), which is mainly for marine traffic monitoring; and the Electronic Chart Display Information System (ECDIS), a navigational chart display that receives data by other control systems, to assist ship crew in ship navigation
Based on the situations defined in the previous phase, all the risk assessment tasks defined in the MITIGATE methodology such as asset modeling, threat, vulnerability and impact assessment are properly adjusted to each situation, to output a fine-grained, situational risk assessment
Summary
Maritime transport is a complex environment involving various actors with different objectives, cyber and physical components and interconnected systems. We will utilize a typical maritime transport service, mainly cargo transfer, to demonstrate how environment changes affect the underlying risks of systems and the need for an adaptive security framework. A simple solution, followed by existing methodologies is to default to the worstcase scenario by applying the ‘strongest’ security controls, in order to assure the highest level of authenticity, integrity, availability, confidentiality, non-repudiation and resilience at all situations. This policy seems as “being on the safe side”, it affects the operation cost and the actual enforcement of security controls.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
