Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations

Thumbnail Image

Access rights

openAccess
publishedVersion

URL

Journal Title

Journal ISSN

Volume Title

A4 Artikkeli konferenssijulkaisussa
This publication is imported from Aalto University research portal.
View publication in the Research portal (opens in new window)
View/Open full text file from the Research portal (opens in new window)
Other link related to publication (opens in new window)

Authors

Date

2022-10-04

Department

Department of Energy and Mechanical Engineering

Major/Subject

Mcode

Degree programme

Language

en

Pages

7

Series

Proceedings of the MARESEC 2022

Abstract

Remote pilotage constitutes a novel type of service aiming at reduction of operational costs and safety improvement. However, the increased inter-connectivity of remote pilotage renders it vulnerable to cyberattacks. In this paper, we investigate a novel approach to cybersecurity risk analysis, which integrates System-Theoretic Process Analysis method, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) method, SysML, MITRE ATT&CK, and ranking method. To integrate the methods, we apply a series of relevant adjustments and amendments. As a result, we are able to investigate multiple facets of cyber risk, identify the most critical issues and propose relevant risk control measures. For the remote pilotage, the most important STRIDE attacks involve Spoofing, Tampering, and Denial of Service attacks, whilst the most critical MITRE ATT&CK attack techniques are the use of default credentials, the exploitation of public-facing applications, and replication through removable media, if general hacker profile is considered for the attack.

Description

Keywords

remote pilotage, Cyberattack, STPA, STRIDE analysis, MITRE ATT&CK, SysML, CYRA-MS, Risk analysis

Other note

DOI

10.5281/zenodo.7143998

Citation

Bolbot, V, Basnet, S, Zhao, H, Valdez Banda, O & Silverajan, B 2022, Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations . in Proceedings of the MARESEC 2022 . Zenodo, European Workshop on Maritime Systems Resilience and Security, Bremerhaven, Bremen, Germany, 20/06/2022 . https://doi.org/10.5281/zenodo.7143998

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-202211096485

Collections

[article-cris] Insinööritieteiden korkeakoulu / ENG