Abstract
Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems open to cyber-attack. Assessments of the security of maritime shipping systems have focused on identifying risks but have not taken the critical (and expensive) next step of actually identifying vulnerabilities present in these systems. While such risk assessments are important, they have not provided the detailed identification of security issues in the systems that control these ports and their terminals. In response, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping. We performed an analysis of the information flow involved in the maritime shipping process, and then executed an in-depth vulnerability assessment of the software that manages freight systems. In this paper, we show the flow of information involved in the freight shipping process and explain how we performed the in-depth assessment, summarizing our findings. Like every large software system, maritime shipping systems have vulnerabilities.
Highlights
The maritime sector is crucial to the world economy, and the computer technology that manages it is critical to its successful operation
First Principles Vulnerability Assessment (FPVA) VULNERABILITY ASSESSMENT RESULTS we summarize the results of performing an in-depth vulnerability assessment on some modules of a Terminal Operating System (TOS) and Port Community System (PCS) from a well-known software provider in the domain of maritime freight shipping
For this project, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping
Summary
The maritime sector is crucial to the world economy, and the computer technology that manages it is critical to its successful operation. ICT makes the essential operations manageable and cost effective This technology is involved in many areas, from traffic control communications to container freight tracking to the actual movement of containers. There is an increased dependency on electronic communication and processes with little human interaction In addition to these benefits, the freight ICT systems introduce the risks of being extremely vulnerable to cyber-attack. Freight ICT systems are large and complex, having many components used by different principals involved in the supply chain Some of these components are used by the general customers, for example the Port Community System (PCS), to book and track shipments and exchange documents and information between public and stakeholders.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
