Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations

Victor Bolbot, Sunil Basnet, Hanning Zhao, Osiris Valdez Banda, Bilhanan Silverajan

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsProfessional

179 Downloads (Pure)

Abstract

Remote pilotage constitutes a novel type of service aiming at reduction of operational costs and safety improvement. However, the increased inter-connectivity of remote pilotage renders it vulnerable to cyberattacks. In this paper, we investigate a novel approach to cybersecurity risk analysis, which integrates System-Theoretic Process Analysis method, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) method, SysML, MITRE ATT&CK, and ranking method. To integrate the methods, we apply a series of relevant adjustments and amendments. As a result, we are able to investigate multiple facets of cyber risk, identify the most critical issues and propose relevant risk control measures. For the remote pilotage, the most important STRIDE attacks involve Spoofing, Tampering, and Denial of Service attacks, whilst the most critical MITRE ATT&CK attack techniques are the use of default credentials, the exploitation of public-facing applications, and replication through removable media, if general hacker profile is considered for the attack.
Original languageEnglish
Title of host publicationProceedings of the MARESEC 2022
PublisherZenodo
Number of pages7
DOIs
Publication statusPublished - 4 Oct 2022
MoE publication typeD3 Professional conference proceedings
EventEuropean Workshop on Maritime Systems Resilience and Security - Bremerhaven, Germany
Duration: 20 Jun 202220 Jun 2022

Workshop

WorkshopEuropean Workshop on Maritime Systems Resilience and Security
Abbreviated titleMARESEC
Country/TerritoryGermany
CityBremerhaven
Period20/06/202220/06/2022

Keywords

  • remote pilotage
  • Cyberattack
  • STPA
  • STRIDE analysis
  • MITRE ATT&CK
  • SysML
  • CYRA-MS
  • Risk analysis

Fingerprint

Dive into the research topics of 'Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations'. Together they form a unique fingerprint.
  • Sea4Value: Sea4Value

    Valdez Banda, O. (Principal investigator), Basnet, S. (Project Member), Chaal, M. (Project Member) & Ziajka-Poznanska, E. (Project Member)

    01/02/202031/08/2023

    Project: Business Finland: Other research funding

Cite this