Skip to main content
SpringerLink
Log in

From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Cybersecurity is a growing concern for maritime sector. Modern ships are practical realism of cyber physical systems that utilize both information technologies and operational technologies. Cybersecurity incidents on such systems require robust and explainable models that should provide deep insights about the nature of an attack. Many frameworks for modeling of cyber attacks exist, but they cover only the tiny part of modern multidimensional attack surfaces. MITRE ATT &CK is the most comprehensive cyber attack modeling framework that covers the multidimensional nature of modern cyber attacks. MITRE D3FEND is similar to ATT &CK knowledge base, but it represents cyber defense framework. In this paper, we aim to demonstrate the modeling with MITRE ATT &CK and MITRE D3FEND frameworks for maritime cybersecurity. An attack scenario against ballast water management system of the ship is considered and modeled with the help of ATT &CK. Moreover, two defensive mechanisms are suggested. First is created with the help of D3FEND framework and second leverages the strength offered by mitigation techniques of ATT &CK. We believe that the demonstration of MITRE ATT &CK and D3FEND frameworks for modeling of maritime cyber attacks and maritime defense, respectively, would pave the way for the development of future maritime cybersecurity solutions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Data availability

Date sharing is not applicable to this article as no datasets were generated or analyzed during the current study.

References

  1. Outcome of the regulatory scoping exercise for the use of maritime autonomous surface ships (mass). https://www.imo.org/en/MediaCentre/PressBriefings/pages/MASSRSE2021.aspx, Accessed on July 14 (2023)

  2. Zhou, X.Y., Liu, Z.J., Wang, F.W., Zhao Lin, W.: A system-theoretic approach to safety and security co-analysis of autonomous ships. Ocean Eng. 222, 108569 (2021)

    Article  Google Scholar 

  3. Initial sea trials successfully completed by wärtsilä & psa marine’s ground-breaking ‘intellitug’ project. https://www.wartsila.com/media/news/13-03-2020-initial-sea-trials-successfully-completed-by-wartsila-psa-marine-s-ground-breaking-intellitug-project-3290931. Accessed 14 July 2023

  4. Yara birkeland | yara international. https://www.yara.com/news-and-media/media-library/press-kits/yara-birkeland-press-kit/. Accessed 14 July 2023

  5. Autonomous systems | l3harris® fast. forward. https://www.l3harris.com/all-capabilities/autonomous-systems. Accessed 14 July 2023

  6. The nippon foundation meguri2040 fully autonomous ship program | the nippon foundation. https://www.nippon-foundation.or.jp/en/what/projects/meguri2040. Accessed 14 July 2023

  7. Uncrewed surface vessel (usv) cetus: university of plymouth. https://www.plymouth.ac.uk/research/esif-funded-projects/usv-cetus. Accessed 14 July 2023

  8. Autoferry - ntnu. https://www.ntnu.edu/autoferry. Accessed 14 July 2023

  9. Rajaram, P., Goh, M., Zhou, J.: Guidelines for cyber risk management in shipboard operational technology systems. J. Phys.: Conf. Ser. 2311, 012002 (2022)

    Google Scholar 

  10. Huang, B., Liu, Y.: A network vulnerability assessment method using general attack tree. In: 2022 5th International Conference on Data Science and Information Technology, DSIT 2022—Proceedings (2022)

  11. Morikawa, I., Yamaoka, Y.: Threat tree templates to ease difficulties in threat modeling. In: Proceedings: 2011 International Conference on Network-Based Information Systems, NBiS 2011, pp. 673–678 (2011)

  12. Khan, M.S., Siddiqui, S., Ferens, K.: A cognitive and concurrent cyber kill chain model. Comput. Netw. Secur. Essent. (2017). https://doi.org/10.1007/978-3-319-58424-9_34

    Article  Google Scholar 

  13. Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: Stride-based threat modeling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe, ISGT-Europe 2017—Proceedings, 2018-January:1–6, 7 (2017)

  14. Straub, J.: Modeling attack, defense and threat trees and the cyber kill chain, attck and stride frameworks as blackboard architecture networks. In: Proceedings: 2020 IEEE International Conference on Smart Cloud, SmartCloud 2020, pp. 148–153 (2020)

  15. Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: Proceedings: First International Conference on Availability, Reliability and Security, ARES 2006(2006), pp. 416–423 (2006)

  16. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack-defense trees. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 6561 LNCS, pp. 80–95 (2011)

  17. Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (act): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5, 929–943 (2012)

    Article  Google Scholar 

  18. Kaloroumakis, P.E., Smith, M.J.: Toward a knowledge graph of cybersecurity countermeasures. The MITRE Corporation, Case 20-2034 (2021)

  19. Mitre att &ck®. https://attack.mitre.org/. Accessed 14 July 2023

  20. Welcome to the cyber analytics repository | mitre cyber analytics repository. https://car.mitre.org/. Accessed 14 July 2023

  21. Introduction to stix. https://oasis-open.github.io/cti-documentation/stix/intro.html. Accessed 14 July 2023

  22. D3fend matrix | mitre d3fend\(^{{\rm TM}}\). https://d3fend.mitre.org/. Accessed 14 July 2023

  23. Karim, M.S.: Maritime cybersecurity and the imo legal instruments: Sluggish response to an escalating threat? Mar. Policy 143, 105138, 9 (2022)

    Article  Google Scholar 

  24. Imo international convention for the safety of life at sea (solas) 1974. UN Treaty Series 1974, MSC.519(106), 11 (2022)

  25. Msc 98-23-add.1 - report of the maritime safety committee on its ninety-eighth session (secretariat). https://www.imo.org. Accessed 14 July 2023

  26. Iacs adopts new requirements on cyber safety - e26 and e27. https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/. Accessed 14 July 2023

  27. Luh, R., Eresheim, S., Grosbacher, S., Petelin, T., Mayr, F., Tavolato, P., Schrittwieser, S.: Penquest reloaded: A digital cyber defense game for technical education. IEEE Global Engineering Education Conference, EDUCON, 2022-March:906–914 (2022)

  28. Kaiser, F.K., Andris, L.J., Tennig, T.F., Iser, J.M., Wiens, M., Schultmann, F.: Cyber threat intelligence enabled automated attack incident response. In: Proceedings: 3rd International Conference on Next Generation Computing Applications, NextComp 2022 (2022)

  29. Aghamohammadpour, A., Mahdipour, E., Attarzadeh, I.: Architecting threat hunting system based on the DODAF framework. J. Supercomput. 79, 4215–4242, 3 (2023)

    Article  Google Scholar 

  30. Benedetti, G., Verderame, L., Merlo, A.: Alice in (software supply) chains: risk identification and evaluation. Commun. Comput. Inf. Sci. 1621 CCIS, 281–295 (2022)

    Google Scholar 

  31. Sikos, L.F.: Cybersecurity knowledge graphs. Knowledge and Information Systems, pp. 1–21 (2023)

  32. Lund, M.S., Hareide, O.S., Jøsok, Ø.: An attack on an integrated navigation system. Necesse 3(2), 149–163 (2018)

    Google Scholar 

  33. Lund, M.S., Gulland, J.E., Hareide, O.S., Josok, E., Weum, K.O.C.: Integrity of integrated navigation systems. In: 2018 IEEE Conference on Communications and Network Security, CNS 2018, 8 (2018)

  34. Svilicic, B., Brčić, D., Žuškin, S., Kalebić, D.: Raising awareness on cyber security of ECDIS. Int. J. Mar. Navig. Saf. Sea Transp. 13(1), 231–236 (2019)

    Google Scholar 

  35. Svilicic, B., Rudan, I., Frančić, V., Doričić, M.: Shipboard ECDIS cyber security: third-party component threats. Pomorstvo 33(2), 176–180 (2019)

    Article  Google Scholar 

  36. Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A study on cyber security threats in a shipboard integrated navigational system. J. Mar. Sci. Eng. 7, 364 (2019)

    Article  Google Scholar 

  37. Nessus: vulnerability scanning tool. https://www.tenable.com/. Accessed 14 July 14 2023

  38. Amro, A., Gkioulos, V.: From click to sink: Utilizing ais for command and control in maritime cyber attacks. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 13556 LNCS, pp. 535–553 (2022)

  39. Svilicic, B., Kamahara, J., Rooks, M., Yano, Y.: Maritime cyber risk management: an experimental ship assessment. J. Navig. 72, 1108–1120 (2019)

    Article  Google Scholar 

  40. Cwe: common weakness enumeration. https://cwe.mitre.org/. Accessed 14 July 2023

  41. Cve: common vulnerabilities and exposures. https://cve.mitre.org. Accessed 14 July 2023

  42. Ahmed, A., Vasileios, G., Sokratis, K.: Assessing cyber risk in cyber-physical systems using the att &ck framework. ACM Trans. Priv. Secur. 26(2), 1–33 (2021)

    Article  Google Scholar 

  43. Iec 60812 ed. 3.0 b:2018—failure modes and effects analysis (fmea and fmeca). https://webstore.ansi.org/standards/iec/iec60812ed2018?gclid=EAIaIQobChMIg9PTzIyS_gIVYZlmAh3APQdPEAAYASAAEgILdvD_BwE. Accessed 14 July 2023

  44. Oruc, A., Amro, A., Gkioulos, V.: Assessing cyber risks of an ins using the mitre att &ck framework. Sensors 22, 8745 (2022)

    Article  Google Scholar 

  45. Longo, G., Russo, E., Armando, A., Merlo, A.: Attacking (and defending) the maritime radar system. IEEE Trans. Inf. Forens. Secur. 18, 3575–3589 (2023)

  46. Longo, G., Merlo, A., Armando, A., Russo, E.: Electronic attacks as a cyber false flag against maritime radars systems. In: IEEE Proceedings—48th Conference on Local Computer Networks, LCN 2023, pp. 1–6 (2023)

  47. Silverajan, B., Ocak, M., Nagel, B.: Cybersecurity attacks and defences for unmanned smart ships. pp. 15–20 (2018)

  48. Secret files show alleged iranian plans to sink ships using cyberattacks | the times of israel. https://www.timesofisrael.com/secret-files-show-alleged-iranian-plans-to-sink-ships-using-cyberattacks/. Accessed 14 July 2023

  49. International convention for the control and management of ships’ ballast water and sediments (bwm). https://www.imo.org/en/About/Conventions/Pages/International-Convention-for-the-Control-and-Management-of-Ships%27-Ballast-Water-and-Sediments-(BWM).aspx. Accessed 14 July 2023

  50. Jo, Y., Choi, O., You, J., Cha, Y., Lee, D.H.: Cyberattack models for ship equipment based on the mitre att &ck framework. Sensors 22, 1860 (2022)

    Article  Google Scholar 

  51. What is persistent xss | acunetix. https://www.acunetix.com/blog/articles/persistent-xss/. Accessed 14 July 2023

  52. Timm, C., Perez, R.: Seven deadliest social network attacks. Seven Deadliest Social Network Attacks (2010)

  53. York, D.: Seven deadliest unified communications attacks. Seven Deadliest Unified Communications Attacks (2010)

  54. Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: Nist special publication 800-82 revision 2 guide to industrial control systems (ics) security supervisory control and data acquisition (scada) systems, distributed control systems (dcs), and other control system configurations such as programmable logic controllers (plc)

  55. Att &ck mitigations to d3fend mappings | mitre d3fend\(^{{\rm TM}}\). https://d3fend.mitre.org/mappings/attack-mitigations/. Accessed 14 July 2023

  56. Digital artifact ontology | mitre d3fend\(^{{\rm TM}}\). https://d3fend.mitre.org/dao/. Accessed 14 July 2023

  57. Ray, K.D.: Intrusion detection using a heartbeat, 4 (2023)

  58. Kornaros, G., Harteros, K., Christoforakis, I., Astrinaki, M.: I/o virtualization utilizing an efficient hardware system-level memory management unit. 2014 International Symposium on System-on-Chip, SoC 2014, 12 (2014)

  59. BIMCO and ICS Witherbys. Cyber Security Workbook for On Board Ship Use - 4th Edition, 2023 - Witherbys. 4th edition, 10 (2022)

  60. Williams, T.J.: The purdue enterprise reference architecture. IFAC Proc. Vol. 26, 559–564, 7 (1993)

    Article  Google Scholar 

  61. Yousaf, A., Loan, A., Babiceanu, R.F., Maglaras, L., Yousaf, O.: Convergence of detection probability, computational gains, and asymptotic analysis of an algorithm for physical-layer intrusion detection system. Trans. Emerg. Telecommun Technol. 29(8), e3430 (2018)

  62. Li, D., Guo, H., Zhou, J., Zhou, L., Wong, J.W.: Scadawall: a cpi-enabled firewall model for scada security. Comput. Secur. 80, 134–154, 1 (2019)

    Article  Google Scholar 

  63. Bothur, D., Zheng, G., Valli, C.: A critical analysis of security vulnerabilities and countermeasures in a smart ship system. In: 15th Australian Information Security Management Conference, pp. 81–87 (2017)

  64. Zăgan, R., Raicu, G.: Understanding of the cyber risk on board ship and ship stability. Annals of “Dunarea de Jos’’ University of Galati. Fascicle XI Shipbuild. 42, 81–90, 11 (2019)

    Google Scholar 

  65. Kavallieratos, G., Spathoulas, G., Katsikas, S.: Cyber risk propagation and optimal selection of cybersecurity controls for complex cyberphysical systems. Sensors 21, 1691 (2021)

  66. Kavallieratos, G., Katsikas, S.: Managing cyber security risks of the cyber-enabled ship. J. Mar. Sci. Eng. 8, 768 (2020)

    Article  Google Scholar 

  67. Bhatti, J., Humphreys, T.E.: Hostile control of ships via false gps signals: demonstration and detection. Navigation 64, 51–66, 3 (2017)

    Article  Google Scholar 

  68. Kozak, P., Klaban, I., Slajs, T.: Industroyer cyber-attacks on ukraine’s critical infrastructure. In: 2023 9th International Conference on Military Technologies, ICMT 2023—Proceedings (2023)

  69. Mitre | atlas\(^{{\rm TM}}\). https://atlas.mitre.org. Accessed 22 Oct 2023

Download references

Funding

This research is supported by the National Research Foundation, Singapore (NRF) and Maritime and Port Authority of Singapore (MPA) under its Maritime Transformation Programme (Project No. SMI-2022-MTP-04). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of NRF and MPA.

Author information

Authors and Affiliations

  1. iTrust, Centre for Research in Cyber Security, Singapore University of Technology and Design (SUTD), Singapore, Singapore

    Awais Yousaf & Jianying Zhou

Authors
  1. Awais Yousaf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jianying Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Awais Yousaf.

Ethics declarations

Conflict of interest

The authors declare that they have no competing interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yousaf, A., Zhou, J. From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-024-00812-4

Download citation

  • Published:

  • DOI: https://doi.org/10.1007/s10207-024-00812-4

Keywords

Search

Navigation