Abstract
Cybersecurity is a growing concern for maritime sector. Modern ships are practical realism of cyber physical systems that utilize both information technologies and operational technologies. Cybersecurity incidents on such systems require robust and explainable models that should provide deep insights about the nature of an attack. Many frameworks for modeling of cyber attacks exist, but they cover only the tiny part of modern multidimensional attack surfaces. MITRE ATT &CK is the most comprehensive cyber attack modeling framework that covers the multidimensional nature of modern cyber attacks. MITRE D3FEND is similar to ATT &CK knowledge base, but it represents cyber defense framework. In this paper, we aim to demonstrate the modeling with MITRE ATT &CK and MITRE D3FEND frameworks for maritime cybersecurity. An attack scenario against ballast water management system of the ship is considered and modeled with the help of ATT &CK. Moreover, two defensive mechanisms are suggested. First is created with the help of D3FEND framework and second leverages the strength offered by mitigation techniques of ATT &CK. We believe that the demonstration of MITRE ATT &CK and D3FEND frameworks for modeling of maritime cyber attacks and maritime defense, respectively, would pave the way for the development of future maritime cybersecurity solutions.
Similar content being viewed by others
Data availability
Date sharing is not applicable to this article as no datasets were generated or analyzed during the current study.
References
Outcome of the regulatory scoping exercise for the use of maritime autonomous surface ships (mass). https://www.imo.org/en/MediaCentre/PressBriefings/pages/MASSRSE2021.aspx, Accessed on July 14 (2023)
Zhou, X.Y., Liu, Z.J., Wang, F.W., Zhao Lin, W.: A system-theoretic approach to safety and security co-analysis of autonomous ships. Ocean Eng. 222, 108569 (2021)
Initial sea trials successfully completed by wärtsilä & psa marine’s ground-breaking ‘intellitug’ project. https://www.wartsila.com/media/news/13-03-2020-initial-sea-trials-successfully-completed-by-wartsila-psa-marine-s-ground-breaking-intellitug-project-3290931. Accessed 14 July 2023
Yara birkeland | yara international. https://www.yara.com/news-and-media/media-library/press-kits/yara-birkeland-press-kit/. Accessed 14 July 2023
Autonomous systems | l3harris® fast. forward. https://www.l3harris.com/all-capabilities/autonomous-systems. Accessed 14 July 2023
The nippon foundation meguri2040 fully autonomous ship program | the nippon foundation. https://www.nippon-foundation.or.jp/en/what/projects/meguri2040. Accessed 14 July 2023
Uncrewed surface vessel (usv) cetus: university of plymouth. https://www.plymouth.ac.uk/research/esif-funded-projects/usv-cetus. Accessed 14 July 2023
Autoferry - ntnu. https://www.ntnu.edu/autoferry. Accessed 14 July 2023
Rajaram, P., Goh, M., Zhou, J.: Guidelines for cyber risk management in shipboard operational technology systems. J. Phys.: Conf. Ser. 2311, 012002 (2022)
Huang, B., Liu, Y.: A network vulnerability assessment method using general attack tree. In: 2022 5th International Conference on Data Science and Information Technology, DSIT 2022—Proceedings (2022)
Morikawa, I., Yamaoka, Y.: Threat tree templates to ease difficulties in threat modeling. In: Proceedings: 2011 International Conference on Network-Based Information Systems, NBiS 2011, pp. 673–678 (2011)
Khan, M.S., Siddiqui, S., Ferens, K.: A cognitive and concurrent cyber kill chain model. Comput. Netw. Secur. Essent. (2017). https://doi.org/10.1007/978-3-319-58424-9_34
Khan, R., McLaughlin, K., Laverty, D., Sezer, S.: Stride-based threat modeling for cyber-physical systems. In: 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe, ISGT-Europe 2017—Proceedings, 2018-January:1–6, 7 (2017)
Straub, J.: Modeling attack, defense and threat trees and the cyber kill chain, attck and stride frameworks as blackboard architecture networks. In: Proceedings: 2020 IEEE International Conference on Smart Cloud, SmartCloud 2020, pp. 148–153 (2020)
Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: Proceedings: First International Conference on Availability, Reliability and Security, ARES 2006(2006), pp. 416–423 (2006)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack-defense trees. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 6561 LNCS, pp. 80–95 (2011)
Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (act): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5, 929–943 (2012)
Kaloroumakis, P.E., Smith, M.J.: Toward a knowledge graph of cybersecurity countermeasures. The MITRE Corporation, Case 20-2034 (2021)
Mitre att &ck®. https://attack.mitre.org/. Accessed 14 July 2023
Welcome to the cyber analytics repository | mitre cyber analytics repository. https://car.mitre.org/. Accessed 14 July 2023
Introduction to stix. https://oasis-open.github.io/cti-documentation/stix/intro.html. Accessed 14 July 2023
D3fend matrix | mitre d3fend\(^{{\rm TM}}\). https://d3fend.mitre.org/. Accessed 14 July 2023
Karim, M.S.: Maritime cybersecurity and the imo legal instruments: Sluggish response to an escalating threat? Mar. Policy 143, 105138, 9 (2022)
Imo international convention for the safety of life at sea (solas) 1974. UN Treaty Series 1974, MSC.519(106), 11 (2022)
Msc 98-23-add.1 - report of the maritime safety committee on its ninety-eighth session (secretariat). https://www.imo.org. Accessed 14 July 2023
Iacs adopts new requirements on cyber safety - e26 and e27. https://iacs.org.uk/news/iacs-adopts-new-requirements-on-cyber-safety/. Accessed 14 July 2023
Luh, R., Eresheim, S., Grosbacher, S., Petelin, T., Mayr, F., Tavolato, P., Schrittwieser, S.: Penquest reloaded: A digital cyber defense game for technical education. IEEE Global Engineering Education Conference, EDUCON, 2022-March:906–914 (2022)
Kaiser, F.K., Andris, L.J., Tennig, T.F., Iser, J.M., Wiens, M., Schultmann, F.: Cyber threat intelligence enabled automated attack incident response. In: Proceedings: 3rd International Conference on Next Generation Computing Applications, NextComp 2022 (2022)
Aghamohammadpour, A., Mahdipour, E., Attarzadeh, I.: Architecting threat hunting system based on the DODAF framework. J. Supercomput. 79, 4215–4242, 3 (2023)
Benedetti, G., Verderame, L., Merlo, A.: Alice in (software supply) chains: risk identification and evaluation. Commun. Comput. Inf. Sci. 1621 CCIS, 281–295 (2022)
Sikos, L.F.: Cybersecurity knowledge graphs. Knowledge and Information Systems, pp. 1–21 (2023)
Lund, M.S., Hareide, O.S., Jøsok, Ø.: An attack on an integrated navigation system. Necesse 3(2), 149–163 (2018)
Lund, M.S., Gulland, J.E., Hareide, O.S., Josok, E., Weum, K.O.C.: Integrity of integrated navigation systems. In: 2018 IEEE Conference on Communications and Network Security, CNS 2018, 8 (2018)
Svilicic, B., Brčić, D., Žuškin, S., Kalebić, D.: Raising awareness on cyber security of ECDIS. Int. J. Mar. Navig. Saf. Sea Transp. 13(1), 231–236 (2019)
Svilicic, B., Rudan, I., Frančić, V., Doričić, M.: Shipboard ECDIS cyber security: third-party component threats. Pomorstvo 33(2), 176–180 (2019)
Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A study on cyber security threats in a shipboard integrated navigational system. J. Mar. Sci. Eng. 7, 364 (2019)
Nessus: vulnerability scanning tool. https://www.tenable.com/. Accessed 14 July 14 2023
Amro, A., Gkioulos, V.: From click to sink: Utilizing ais for command and control in maritime cyber attacks. In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) 13556 LNCS, pp. 535–553 (2022)
Svilicic, B., Kamahara, J., Rooks, M., Yano, Y.: Maritime cyber risk management: an experimental ship assessment. J. Navig. 72, 1108–1120 (2019)
Cwe: common weakness enumeration. https://cwe.mitre.org/. Accessed 14 July 2023
Cve: common vulnerabilities and exposures. https://cve.mitre.org. Accessed 14 July 2023
Ahmed, A., Vasileios, G., Sokratis, K.: Assessing cyber risk in cyber-physical systems using the att &ck framework. ACM Trans. Priv. Secur. 26(2), 1–33 (2021)
Iec 60812 ed. 3.0 b:2018—failure modes and effects analysis (fmea and fmeca). https://webstore.ansi.org/standards/iec/iec60812ed2018?gclid=EAIaIQobChMIg9PTzIyS_gIVYZlmAh3APQdPEAAYASAAEgILdvD_BwE. Accessed 14 July 2023
Oruc, A., Amro, A., Gkioulos, V.: Assessing cyber risks of an ins using the mitre att &ck framework. Sensors 22, 8745 (2022)
Longo, G., Russo, E., Armando, A., Merlo, A.: Attacking (and defending) the maritime radar system. IEEE Trans. Inf. Forens. Secur. 18, 3575–3589 (2023)
Longo, G., Merlo, A., Armando, A., Russo, E.: Electronic attacks as a cyber false flag against maritime radars systems. In: IEEE Proceedings—48th Conference on Local Computer Networks, LCN 2023, pp. 1–6 (2023)
Silverajan, B., Ocak, M., Nagel, B.: Cybersecurity attacks and defences for unmanned smart ships. pp. 15–20 (2018)
Secret files show alleged iranian plans to sink ships using cyberattacks | the times of israel. https://www.timesofisrael.com/secret-files-show-alleged-iranian-plans-to-sink-ships-using-cyberattacks/. Accessed 14 July 2023
International convention for the control and management of ships’ ballast water and sediments (bwm). https://www.imo.org/en/About/Conventions/Pages/International-Convention-for-the-Control-and-Management-of-Ships%27-Ballast-Water-and-Sediments-(BWM).aspx. Accessed 14 July 2023
Jo, Y., Choi, O., You, J., Cha, Y., Lee, D.H.: Cyberattack models for ship equipment based on the mitre att &ck framework. Sensors 22, 1860 (2022)
What is persistent xss | acunetix. https://www.acunetix.com/blog/articles/persistent-xss/. Accessed 14 July 2023
Timm, C., Perez, R.: Seven deadliest social network attacks. Seven Deadliest Social Network Attacks (2010)
York, D.: Seven deadliest unified communications attacks. Seven Deadliest Unified Communications Attacks (2010)
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., Hahn, A.: Nist special publication 800-82 revision 2 guide to industrial control systems (ics) security supervisory control and data acquisition (scada) systems, distributed control systems (dcs), and other control system configurations such as programmable logic controllers (plc)
Att &ck mitigations to d3fend mappings | mitre d3fend\(^{{\rm TM}}\). https://d3fend.mitre.org/mappings/attack-mitigations/. Accessed 14 July 2023
Digital artifact ontology | mitre d3fend\(^{{\rm TM}}\). https://d3fend.mitre.org/dao/. Accessed 14 July 2023
Ray, K.D.: Intrusion detection using a heartbeat, 4 (2023)
Kornaros, G., Harteros, K., Christoforakis, I., Astrinaki, M.: I/o virtualization utilizing an efficient hardware system-level memory management unit. 2014 International Symposium on System-on-Chip, SoC 2014, 12 (2014)
BIMCO and ICS Witherbys. Cyber Security Workbook for On Board Ship Use - 4th Edition, 2023 - Witherbys. 4th edition, 10 (2022)
Williams, T.J.: The purdue enterprise reference architecture. IFAC Proc. Vol. 26, 559–564, 7 (1993)
Yousaf, A., Loan, A., Babiceanu, R.F., Maglaras, L., Yousaf, O.: Convergence of detection probability, computational gains, and asymptotic analysis of an algorithm for physical-layer intrusion detection system. Trans. Emerg. Telecommun Technol. 29(8), e3430 (2018)
Li, D., Guo, H., Zhou, J., Zhou, L., Wong, J.W.: Scadawall: a cpi-enabled firewall model for scada security. Comput. Secur. 80, 134–154, 1 (2019)
Bothur, D., Zheng, G., Valli, C.: A critical analysis of security vulnerabilities and countermeasures in a smart ship system. In: 15th Australian Information Security Management Conference, pp. 81–87 (2017)
Zăgan, R., Raicu, G.: Understanding of the cyber risk on board ship and ship stability. Annals of “Dunarea de Jos’’ University of Galati. Fascicle XI Shipbuild. 42, 81–90, 11 (2019)
Kavallieratos, G., Spathoulas, G., Katsikas, S.: Cyber risk propagation and optimal selection of cybersecurity controls for complex cyberphysical systems. Sensors 21, 1691 (2021)
Kavallieratos, G., Katsikas, S.: Managing cyber security risks of the cyber-enabled ship. J. Mar. Sci. Eng. 8, 768 (2020)
Bhatti, J., Humphreys, T.E.: Hostile control of ships via false gps signals: demonstration and detection. Navigation 64, 51–66, 3 (2017)
Kozak, P., Klaban, I., Slajs, T.: Industroyer cyber-attacks on ukraine’s critical infrastructure. In: 2023 9th International Conference on Military Technologies, ICMT 2023—Proceedings (2023)
Mitre | atlas\(^{{\rm TM}}\). https://atlas.mitre.org. Accessed 22 Oct 2023
Funding
This research is supported by the National Research Foundation, Singapore (NRF) and Maritime and Port Authority of Singapore (MPA) under its Maritime Transformation Programme (Project No. SMI-2022-MTP-04). Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not reflect the views of NRF and MPA.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no competing interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Yousaf, A., Zhou, J. From sinking to saving: MITRE ATT &CK and D3FEND frameworks for maritime cybersecurity. Int. J. Inf. Secur. (2024). https://doi.org/10.1007/s10207-024-00812-4
Published:
DOI: https://doi.org/10.1007/s10207-024-00812-4