Multi-Purpose Cyber Environment for Maritime Sector

The cyber attack surface in a maritime environment is constantly growing. More current information and computer technologies are being used on cargo and passenger ships to save on operational costs and increase navigational safety. Along with the growing reliance on automation, the risk of a disruption to a vessel's critical systems by drawing on the wrong inputs from sensors to change the behaviour of the actuators has significantly increased. Traditional operational technological systems are much more complicated to update than the automatic software updates we see in information technology systems. To better understand existing cyber threats in the maritime sector and increase cybersecurity resilience, this paper aims to replicate the digital components of a ship's bridge to examine scenarios when the bridge system loses connectivity, receives the wrong inputs from sensors, or the internal system becomes compromised. The simulator differentiates fundamentally from traditional simulators or digital twins in the maritime sector that focus on training seafarers. This environment generates data streams that are similar to those on board a ship. Those data streams can be analysed, modified and spoofed to observe the effects. The effects can be technical but it is equally necessary to analyse how human beings would react in specific circumstances. Our work provides the opportunity to isolate the ship network traffic, conduct penetration testing, find cybersecurity vulnerabilities on devices, and execute cyber attacks without the dangers associated with running such scenarios on a vessel in the open sea.</jats:p

‘Responsibility to detect?’: autonomous threat detection and its implications for due diligence in cyberspace

Private and public organizations have long relied on intrusion detection systems to alert them of malicious activity in their digital networks. These systems were designed to detect threat signatures in static networks or infer anomalous activity based on their security ‘logs’. They are, however, of limited use to detect threats across heterogeneous, modern-day networks, where computing resources are distributed across cloud or routing services. Recent advancements in machine learning (ML) have led to the development of autonomous threat detection (ATD) applications that monitor, evaluate, and respond to malicious activity with minimal human intervention. The use of ‘intelligent’ and programmable algorithms for ATD will reduce incident response times and enhance the capacity of states to detect threats originating from any layer of their territorial information and communications technologies (ICT) infrastructure. This paper argues that ATD technologies will influence the evolution of a due diligence rule for cyberspace by raising the standard of care owed by states to prevent their networks from being used for malicious, transboundary ICT activities. This paper comprises five sections. Section 1 introduces the paper and its central argument. Section 2 outlines broad trends and operational factors pushing public and private entities towards the adoption of ATD. Section 3 offers an overview of a typical ATD application. Section 4 analyses the impact of ATD on the due diligence obligations of states. Section 5 presents the paper’s conclusions.</p