Abstract
The increased connectivity of critical maritime infrastructure (CMI) systems to digital networks have raised concerns of their vulnerability to cyber attacks. As less emphasis has been placed, to-date, on ensuring security of cyber-physical maritime systems, mitigating these cyber attacks will require the design and engineering of secure maritime infrastructure systems. Systems theory has been shown to provide the foundation for a disciplined approach to engineering secure cyber-physical systems. In this paper, we use systems theory, and concepts adapted from safety analysis, to develop a systematic mechanism for analysing the security functionalities of assets’ interactions in the maritime domain. We use the theory to guide us to discern the system’s requirement, likely system losses, potential threats, and to construct system constraints needed to inhibit or mitigate these threats. Our analyses can be used as springboards to a set of principles to help enunciate the assumptions and system-level security requirements useful as the bases for systems’ security validation and verification.
This work has been conducted within the ENABLE-S3 project that has received funding from the ECSEL Joint Undertaking under Grant Agreement no. 692455.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
United States Navy Biography. http://www.navy.mil/navydata/leadership/quotes.asp?q=253&c=6. Accessed 28 Nov 2018
UK Cabinet Office: National Cyber Security Strategy 2016 to 2021. UK Cabinet Office, November 2016
Leveson, N.G., Thomas, J.P.: STPA Handbook (2018)
Howard, G., Butler, M., Colley, J., Sassone, V.: Formal analysis of safety and security requirements of critical systems supported by an extended STPA methodology. In: 2nd Workshop on Safety & Security aSSurance (2017). https://doi.org/10.1109/EuroSPW.2017.68
Abrial, J.-R.: Modeling in Event-B: System and Software Engineering. Cambridge University Press, Cambridge (2010)
Dürrwang, J., Beckers, K., Kriesten, R.: A lightweight threat analysis approach intertwining safety and security for the automotive domain. In: Tonetta, S., Schoitsch, E., Bitsch, F. (eds.) SAFECOMP 2017. LNCS, vol. 10488, pp. 305–319. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66266-4_20
Potter, B.: Microsoft SDL threat modelling tool. In: Network Security, vol. 1, pp. 15–18 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Omitola, T., Rezazadeh, A., Butler, M. (2019). Making (Implicit) Security Requirements Explicit for Cyber-Physical Systems: A Maritime Use Case Security Analysis. In: Anderst-Kotsis, G., et al. Database and Expert Systems Applications. DEXA 2019. Communications in Computer and Information Science, vol 1062. Springer, Cham. https://doi.org/10.1007/978-3-030-27684-3_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-27684-3_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27683-6
Online ISBN: 978-3-030-27684-3
eBook Packages: Computer ScienceComputer Science (R0)