Advertisement

Exploring Cyber-Security Issues in Vessel Traffic Services

  • Eleni Maria Kalogeraki
  • Spyridon Papastergiou
  • Nineta Polemi
  • Christos Douligeris
  • Themis Panayiotopoulos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11061)

Abstract

In recent digital evolution years, cyber-terrorist activity is increasingly rising all over the world deploying new methods, using advanced technologies and sophisticated weapons. A potential terrorist attack on a large commercial Port could lead to dramatic losses. This work aims to illustrate methods for recognizing cyber-threats and security weaknesses on the ports’ Critical Infrastructures and explores how these issues can be systematically exploited to harm ports and their vicinity. To this end, we follow an asset-centric approach, which employs knowledge representation techniques, to detect vulnerability chains and possible attack-paths on ports’ assets. Considering the results, a realistic coordinated cyber-attack scenario on the application case of the Cruise Vessel Traffic Service is presented to show how cyber-attacks can be realized by terrorists on commercial ports.

Keywords

Attack paths Cruise vessel traffic Vulnerability chain 

Notes

Acknowledgements

This work has been partially supported by the University of Piraeus Research Centre and the European Union’s Horizon 2020 project “SAURON” under grant agreement No 740477 addressing the topic CIP-01-2016-2017. The authors would like to thank all project members for their valuable insights. Finally, special thanks to the University of Piraeus, Research Centre for its continuous support.

References

  1. 1.
    The Risk of Cyber-Attack to the Maritime Sector. http://www.ahcusa.org/uploads/2/1/9/8/21985670/the_risk_of_cyber-attack_to_the_maritime_sector-07-2014.pdf. Accessed 11 Apr 2018
  2. 2.
    Roell, P.: Maritime Terrorism. A threat to world trade? https://www.files.ethz.ch/isn/110282/MaritimeTerrorism.pdf. Accessed 11 Apr 2018
  3. 3.
    Bowen, C., Fidgeon, P., Page, S.J.: Maritime tourism and terrorism: customer perceptions of the potential terrorist threat to cruise shipping. CI in Tourism 17(7), 610–639 (2014)Google Scholar
  4. 4.
    Shahir, H.Y., Glasser, U., Shahir, A.Y., Wehn, H.: Maritime situation analysis framework: vessel interaction classification and anomaly detection. In: 2015 IEEE International Conference on Big Data, Santa Clara, CA, pp. 1279–1289 (2015).  https://doi.org/10.1109/BigData.2015.7363883
  5. 5.
    Bueger, C.: What is maritime security? Mar. Policy 53, 159–164 (2015)CrossRefGoogle Scholar
  6. 6.
    Kalogeraki, E.-M., Apostolou, D., Polemi, N., Papastergiou, S.: Knowledge management methodology for identifying threats in maritime/logistics supply chains. In: Durtst, S., Evangelista, P. (eds.) (SI) “Logistics Knowledge Management: State of the Art and Future Perspectives”, Knowledge Management Research and Practice Journal. Taylor and Francis (2018). ISSN: 1477-8238 (Print). ISSN: 1477-8246.  https://doi.org/10.1080/14778238.2018.1486789
  7. 7.
    Papastergiou, S., Polemi, N.: MITIGATE: a dynamic supply chain cyber risk assessment methodology. In: Yang, X.-S., Nagar, A.K., Joshi, A. (eds.) Smart Trends in Systems, Security and Sustainability. LNNS, vol. 18, pp. 1–9. Springer, Singapore (2018).  https://doi.org/10.1007/978-981-10-6916-1_1CrossRefGoogle Scholar
  8. 8.
    Polatidis, N., Pimenidis, E., Pavlidis, M., Papastergiou, S., Mouratidis, H.: From product recommendation to cyber-attack prediction: generating attack graphs and predicting future attacks. Evol. Syst., 1–12 (2018). Springer-Verlag GmbH, Germany. ISSN: 1868-6478.  https://doi.org/10.1007/s12530-018-9234-z
  9. 9.
    SAURON Homepage. https://www.sauronproject.eu/. Accessed 11 Apr 2018
  10. 10.
    Patterson, M.R., Patterson, S.J.: Unmanned systems: an emerging threat to waterside security: bad robots are coming. In: 2010 International WaterSide Security Conference, Carrara, pp. 1–7 (2010).  https://doi.org/10.1109/WSSC.2010.5730271
  11. 11.
    Wagner, S.M., Neshat, N.: Assessing the vulnerability of supply chains using graph theory. Int. J. Prod. Econ. 126(1), 121–129 (2010)CrossRefGoogle Scholar
  12. 12.
    Liu, H., Tian, Z., Huang, A., Yang, Z.: Analysis of vulnerabilities in maritime supply chains. Reliab. Eng. Syst. Saf. 169, 475–484 (2018)CrossRefGoogle Scholar
  13. 13.
    Ou, X., Singhal, A.: Attack graph techniques. In: Ou, X., Singhal, A. (eds.) Quantitative Security Risk Assessment of Enterprise Networks. SpringerBriefs in Computer Science, pp. 5–8. Springer, New York (2012).  https://doi.org/10.1007/978-1-4614-1860-3_2CrossRefGoogle Scholar
  14. 14.
    Bou-Harb, E., Kaisar, E.I., Austin, M.: On the impact of empirical attack models targeting marine transportation. In: Proceedings of the 5th IEEE International Conference on Models and Technologies for Intelligent Transportation Systems, MT-ITS 2017, Naples, pp. 200–205 (2017).  https://doi.org/10.1109/MTITS.2017.8005665
  15. 15.
    Gao, N., He, Y., Ling, B.: Exploring attack graphs for security risk assessment: a probabilistic approach. Wuhan Univ. J. Nat. Sci. 23(2), 171–177 (2018)CrossRefGoogle Scholar
  16. 16.
    Kaynar, K., Sivrikaya, F.: Distributed attack graph generation. IEEE Trans. Dependable Secure Comput. 13(5), 519–532 (2016)CrossRefGoogle Scholar
  17. 17.
    Almohri, H.M.J., Watson, L.T., Yao, D., Ou, X.: Security optimization of dynamic networks with probabilistic graph modeling and linear programming. IEEE Trans. Dependable Secure Comput. 13(4), 474–487 (2016)CrossRefGoogle Scholar
  18. 18.
    Bi, K., Han, D., Wang, J.: K maximum probability attack paths dynamic generation algorithm. Comput. Sci. Inf. Syst. 13(2), 677–689 (2016)CrossRefGoogle Scholar
  19. 19.
    Ghiran, A.-M., Buchmann, R.A., Osman, C.-C.: Security requirements elicitation from engineering governance, risk management and compliance. In: Kamsties, E., Horkoff, J., Dalpiaz, F. (eds.) REFSQ 2018. LNCS, vol. 10753, pp. 283–289. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-77243-1_17CrossRefGoogle Scholar
  20. 20.
    ISO/IEC 27001:2013: Information technology – Security techniques – Information security management systems – Requirements, ISO/IECGoogle Scholar
  21. 21.
    ISO 28000:2007: Specification for security management systems for the supply chain, Geneva, Switzerland: ISO/IECGoogle Scholar
  22. 22.
    National Institute of Standards and Technology. https://nvd.nist.gov/. Accessed 11 Apr 2018
  23. 23.
    Common Vulnerabilities and Exposures. https://cve.mitre.org/. Accessed 11 Apr 2018

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  • Eleni Maria Kalogeraki
    • 1
  • Spyridon Papastergiou
    • 1
  • Nineta Polemi
    • 1
  • Christos Douligeris
    • 1
  • Themis Panayiotopoulos
    • 1
  1. 1.University of PiraeusPiraeusGreece

Personalised recommendations