Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations

Simple item page
dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorBolbot, Victoren_US
dc.contributor.authorBasnet, Sunilen_US
dc.contributor.authorZhao, Hanningen_US
dc.contributor.authorValdez Banda, Osirisen_US
dc.contributor.authorSilverajan, Bilhananen_US
dc.contributor.departmentDepartment of Energy and Mechanical Engineeringen
dc.contributor.groupauthorMarine Technologyen
dc.contributor.organizationTampere Universityen_US
dc.date.accessioned2022-11-09T08:04:43Z
dc.date.available2022-11-09T08:04:43Z
dc.date.issued2022-10-04en_US
dc.description.abstractRemote pilotage constitutes a novel type of service aiming at reduction of operational costs and safety improvement. However, the increased inter-connectivity of remote pilotage renders it vulnerable to cyberattacks. In this paper, we investigate a novel approach to cybersecurity risk analysis, which integrates System-Theoretic Process Analysis method, Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) method, SysML, MITRE ATT&CK, and ranking method. To integrate the methods, we apply a series of relevant adjustments and amendments. As a result, we are able to investigate multiple facets of cyber risk, identify the most critical issues and propose relevant risk control measures. For the remote pilotage, the most important STRIDE attacks involve Spoofing, Tampering, and Denial of Service attacks, whilst the most critical MITRE ATT&CK attack techniques are the use of default credentials, the exploitation of public-facing applications, and replication through removable media, if general hacker profile is considered for the attack.en
dc.format.extent7
dc.format.mimetypeapplication/pdfen_US
dc.identifier.citationBolbot, V, Basnet, S, Zhao, H, Valdez Banda, O & Silverajan, B 2022, Investigating a novel approach for cybersecurity risk analysis with application to remote pilotage operations . in Proceedings of the MARESEC 2022 . Zenodo, European Workshop on Maritime Systems Resilience and Security, Bremerhaven, Bremen, Germany, 20/06/2022 . https://doi.org/10.5281/zenodo.7143998en
dc.identifier.doi10.5281/zenodo.7143998en_US
dc.identifier.otherPURE UUID: ee5cdfe4-b6eb-4c87-a584-33e026a93fe5en_US
dc.identifier.otherPURE ITEMURL: https://research.aalto.fi/en/publications/ee5cdfe4-b6eb-4c87-a584-33e026a93fe5en_US
dc.identifier.otherPURE LINK: https://zenodo.org/record/7143998#.Y2UnjXbP1aQen_US
dc.identifier.otherPURE FILEURL: https://research.aalto.fi/files/91337208/MARESEC_2022_14_final.pdfen_US
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/117714
dc.identifier.urnURN:NBN:fi:aalto-202211096485
dc.language.isoenen
dc.relation.ispartofEuropean Workshop on Maritime Systems Resilience and Securityen
dc.relation.ispartofseriesProceedings of the MARESEC 2022en
dc.rightsopenAccessen
dc.subject.keywordremote pilotageen_US
dc.subject.keywordCyberattacken_US
dc.subject.keywordSTPAen_US
dc.subject.keywordSTRIDE analysisen_US
dc.subject.keywordMITRE ATT&CKen_US
dc.subject.keywordSysMLen_US
dc.subject.keywordCYRA-MSen_US
dc.subject.keywordRisk analysisen_US
dc.titleInvestigating a novel approach for cybersecurity risk analysis with application to remote pilotage operationsen
dc.typeA4 Artikkeli konferenssijulkaisussafi
dc.type.versionpublishedVersion

Files

Collections

[article-cris] Insinööritieteiden korkeakoulu / ENG