Threats Management Throughout the Software Service Life-Cycle

Software services are inevitably exposed to a fluctuating threat picture. Unfortunately, not all threats can be handled only with preventive measures during design and development, but also require adaptive mitigations at runtime. In this paper we describe an approach where we model composite services and threats together, which allows us to create preventive measures at design-time. At runtime, our specification also allows the service runtime environment (SRE) to receive alerts about active threats that we have not handled, and react to these automatically through adaptation of the composite service. A goal-oriented security requirements modelling tool is used to model business-level threats and analyse how they may impact goals. A process flow modelling tool, utilising Business Process Model and Notation (BPMN) and standard error boundary events, allows us to define how threats should be responded to during service execution on a technical level. Throughout the software life-cycle, we maintain threats in a centralised threat repository. Re-use of these threats extends further into monitoring alerts being distributed through a cloud-based messaging service. To demonstrate our approach in practice, we have developed a proof-of-concept service for the Air Traffic Management (ATM) domain. In addition to the design-time activities, we show how this composite service duly adapts itself when a service component is exposed to a threat at runtime.Comment: In Proceedings GraMSec 2014, arXiv:1404.163

Structured Description of Autonomous Inland Waterway Barge Operations

Content from this work may be used under the terms of the Creative Commons Attribution 3.0 licence. Any further distribution of this work must maintain attribution to the author(s) and the title of the work, journal citation and DOI. Published under licence by IOP Publishing LtdAutonomous and unmanned shipping is revolutionizing the maritime industry by introducing a paradigm shift on how to design the vessels and supporting land-side infrastructure. Currently, there is a lack of formalisms on how to plan for such operations, determining the varying degrees of autonomy and human responsibility, whilst ensuring safety and security. This paper describes fundamental concepts of autonomy in the context of ships. These are then applied in a methodology used to create systematic and structured descriptions for the operation of autonomous ship systems. The examples we use are based on ongoing efforts related to a planned autonomous inland waterway (IWW) barge operation. Finally, we show how the descriptions can be used in conjunction with existing safety and security analysis techniques. Our experience with this methodology is that it allows for a smooth transition from the autonomous ship system design phase to the assessment of the same system using UML notations. We believe that the same methodology can be easily applied to the other use cases and similar systems elsewhere.publishedVersio

Keeping the human element to secure autonomous shipping operations

Autonomous shipping operations are becoming economically and technically feasible, but this development also requires new human roles and responsibilities onshore for managing cyber events. The goal of this paper is to present a methodology for describing autonomous shipping operations and risks caused by potential cyber-attacks, focusing on critical situations to the interplay between the automation and human operators. We have applied our methodology on a case study for planned autonomous operations in European waterways. Our results show that the reliance on new technologies such as sensors, computer vision and AI reasoning onboard the autonomous ships or cranes opens to new types of attacks that the industry has little experience with as of now. Unmanned systems should therefore be designed with assurance methods that can bring the human into the loop, providing situational awareness and control. At the same time, human resource exhaustion is a potential attack goal against remote operations. We could see from our threat likelihood estimation that attacks related to deny- and injure-motivations have the highest values in all mission phase patterns. This is in accordance with the general attack trends within the maritime domain and many other sectors, where financially motivated attackers will try to demand a ransom to stop business disruption.publishedVersio

On the Certificate Revocation Problem in the Maritime Sector

Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across international waters, as well as close to local shores and in ports. To this aid, there are ongoing standardization efforts for an international maritime Public Key Infrastructure, but the inherent properties of limited connectivity and bandwidth make certificate revocation a problematic affair compared to traditional Internet systems. The main contribution of this paper is an analysis of certificate revocation techniques based on how they fulfil fundamental maritime requirements and simulated usage over time. Our results identify CRLs (with Delta CRLs) and CRLite as the two most promising candidates. Finally, we outline the pros and cons with these two different solutions.publishedVersio

D4.3 Multi-modal communication - Securing future communication across different sectors and technologies

This document introduces the concept of multi-modal communication, using the coordination of a Search and Rescue (SAR) operation as an illustrating scenario, identifies challenges for secure information exchange and outlines the way forward. ISBN: 978-82-14-06462-9publishedVersio

D2.2 Updated cyber risk assessment for the maritime industry

This report presents an updated assessment of the cyberthreat landscape in the context of CySiMS-SE. It is based on the previous work from CySiMS “D1.1 Risk Model and Analysis” and the methodology from CySiMS-SE “D2.1 Expanded risk and CBA methodology”. The goal has been to show how we obtain required means and opportunities of attack vectors for the PKI and motivation factors for potential threat actors.978-82-14-06467-4publishedVersio

A Retrospective Analysis of Maritime Cyber Security Incidents

The maritime industry is undergoing a rapid evolution through the introduction of new technology and the digitization of existing services. At the same time, the digital attack surface is increasing, and incidents can lead to severe consequences. This study analyses and gives an overview of 46 maritime cyber security incidents from the last decade (2010-2020). We have collected information from open publications and reports, as well as anonymized data from insurance claims. Each incident is linked to a taxonomy of attack points related to onboard or off-ship systems, and the characteristics have been used to create a Top-10 list of maritime cyber threats. The results show that the maritime sector typically has incidents with low frequency and high impact, which makes them hard to predict and prepare for. We also infer that different types of attackers use a variety of attack points and techniques, hence there is no single solution to this problem.publishedVersio

When to Treat Security Risks with Cyber Insurance

Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.publishedVersio