The use of cyber ranges in the maritime context: Assessing maritime-cyber risks, raising awareness, and providing training
Keywords:Cyber range, Training, Maritime, Risk assessment
A good defensive strategy against evolving cyber threats and cybercrimes is to raise awareness and use that awareness to prepare technical mitigation and human defense strategies. A prime way to do this is through training. While there are already many sectors employing this strategy (e.g., space, smart buildings, business IT), the maritime sector has yet to take advantage of the available cyber-range technology to assess cyber risks and create appropriate training to meet those risks. Cyber security training can come in 2 forms; the first is so security professionals can raise their awareness on the latest and most urgent issues and increase defense skill levels, and the second form is directed at non-security professionals (e.g., ship builders, crew) and the general public, who are just as affected by cyber threats, but may not have the necessary security background to deal with the issues. Conducting training programs for both requires dedicated computing infrastructure to simulate and execute effective scenarios for both sets of trainees. To this end, a cyber range (CR) provides an environment for just that. The purpose of this paper is to use studies on the concept of cyber ranges to provide evidence for why the maritime sector should embrace this technology for maritime-cyber training, and envision how they will provide maritime risk assessment and raise awareness to combat tomorrow’s threats.
Alves, T., Das, R., Werth, A., & Morris, T. (2018). Virtualization of SCADA testbeds for cybersecurity research: A modular approach. Computers & Security, 77, 531-546. doi:10.1016/j.cose.2018.05.002
Bailey, B. (2019). NASA IV&V's cyber range for space systems. NASA.
BBC. (2020). Ransomware-hit US gas pipeline shut for two days. Retrieved from https://www.bbc.co.uk/news/technology-51564905
Bertram, V. (2020). Technology trends for ships and shipping of tomorrow. Maritime Technology and Research, 2(1), 1-18. doi:10.33175/mtr.2020.190783
Bertram, V., & Plowman, T. (2020). Digital training solutions in the maritime context: Options and costs. Maritime Technology and Research, 2(2), 52-68. doi:10.33175/mtr.2020.190782
Beuran, R., Tang, D., Pham, C., Chinen, K. I., Tan, Y., & Shinoda, Y. (2018). Integrated framework for hands-on cybersecurity training: CyTrONE. Computers & Security, 78, 43-59. doi:10.1016/j.cose.2018.06.001
Brownie, A., Watson , S., & Williams, W. (2018). Development of an architecture for a cyber: Physical emulation test range for network security testing. IEEE Access, 6, 73273-73279. doi:10.1109/ACCESS.2018.2882410
Caliskan, E., Tatar, U., Bahsi, H., Ottis, R., & Vaarandi, R. (2017). Capability detection and evulation metrics of cyber security lab exerciese. In Proceedings of the 12th International Conference on Cyber Warfare and Security, Air Force Institute of Technology, Dayton, Ohio, USA,
Chiou, C. K., Hwang, G. J., & Tseng, J. (2009). An auto-scoring mechanism for evaluating problem-solving ability in a web-based learning environment. Computers & Education, 53(2), 261-272. doi:10.1016/j.compedu.2009.02.006
Chou, T. S., Baker, S., & Vega-Herrera, M. (2016). A comparison of network simulation and emulation virtualization tools. In Proceedings of the ASEE Conference & Exposition, New Orleans.
Cohen, F. (1999). Simulating cyber attacks, defences, and consequences. Computers & Security, 18(6). doi:10.1016/S0167-4048(99)80115-1
Cyber-MAR. (2020). Cyber-MAR: Cyber preparedness actions for a holistic approach and awareness raising in the Maritime logistics supply chain. Retrieved from https://www.cyber-mar.eu
Davis, J., & Magrath, S. (2013). A survey of cyber ranges and testbeds. Technical Report. Defence Science and Technology. Cyber and Electronic Warfare Division, Edinburgh, Australia.
Edgar, T., & Rice, T. (2017). Experiment as a service. In Proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security. Waltham, MA, USA. doi:10.1109/THS.2017.7943470
Ficco, M., & Palmieri, F. (2019). Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios. Journal of Systems Architecture, 97, 107-129. doi:10.1016/j.sysarc.2019.04.004
Furnell, S., Fischer, P., & Finch, A. (2017). Can't get the staff? The growing need for cyber-security skills. Computer Fraud & Security, 2017(2), 5-10. doi.org/10.1016/S1361-3723(17)30013-1
Giuliano, V., & Formicola, V. (2019). ICSrange: A simulation-based cyber range platform for industrial control systems. Retrieved from https://arxiv.org/abs/1909.01910
Haider, W., Hu, J., Slay, J., Turnbull, B., & Xie, Y. (2017). Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications, 87, 185-192. doi:10.1016/j.jnca.2017.03.018
Huang, Z., Shen, C. C., Doshi, S., Thomas, N., & Duong, H. (2015). Cognitive task analysis based training for cyber situation awareness. IFIP Advances in Information and Communication Technology, 453, 27-40. doi:10.1007/978-3-319-18500-2_3
Hwang, N., & Bush, K. (2015). Operational exercise integration recommendations for DoD cyber ranges. Technical Report 1187, Lincoln Laboratory, Massachusetts, USA.
ICS. (2018). Review of maritime transport. In Proceedings of the International Chamber of Shipping, United Nations Conference on Trade and Development. Geneva, Switzerland.
IMO. (2013). ISM Code and Guidelines on Implementation of the ISM Code. Retrieved from http://www.imo.org/en/OurWork/HumanElement/SafetyManagement/Pages/ISMCode.aspx
IMO. (2017). International Maritime Organization (IMO-MSC) (2017) Maritime cyber risk management in safety management systems. Retrieved from http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Documents/Resolution MSC.428(98).pdf
John, S. (1989). Cognitive technology: Some procedures for facilitating learning and problem solving in mathematics and science. Journal of Educational Psychology, 81(4), 457-466. doi:10.1037/0022-06188.8.131.527
Kavallieratos , G., Katsikas, S., & Gkioulos, V. (2019). Towards a cyber-physical range. In Proceedings of the 5th on Cyber-Physical System Security Workshop. Auckland, New Zealand
Langer, R. (2011). Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 9(3), 49-51. doi:10.1109/MSP.2011.67
Lee, R., Assante, M., & Conway, T. (2016). Analysis of the cyber attack on the Ukrainian power grid. Washington DC: E-ISAC.
Maersk. (2017). A. P. Moller Maersk improves underlying profit and grows revenue in first half of the year. Retrieved from https://edit.maersk.com/en/the-maersk-group/press-room/press-release-archive/2017/8/a-p-moller-maersk-interim-report-q2-2017
Marine Board. (1996). Simulated voyages: Using simulation technology to train and license mariners. Washington DC: National Academic Press. doi.org/10.17226/5065.
NS-3. (2020). Network simulator. Retrieved from https://www.nsnam.org
Park, S., Lee, S., Park, S., & Park, S. (2019). AI-based physical and virtual platform with 5-layered architecture for sustainable smart energy city development. Sustainability, 11(16), 4479. doi:10.3390/su11164479
Pham, C., Tang, D., Chinen, K. I., & Beuran, R. (2016). CyRIS: A cyber range instantiation system for facilitating security training. In Proceedings of the 7th International Symposium on Information and Communication Technology (pp. 251-258). Ho Chi Minh City, Vietnam. doi:10.1145/3011077.3011087
Qassim, Q., Jamil, N., Abidin, Z. I., Rusli, E. M., Yussof, S., Ismail, R., Abdullah, F., Jaafar, N., Hasan, H. C., & Duad, M. (2017). A survey of SCADA testbed implementation. Journal of Science and Technology, 10(26), 1-8. doi:10.17485/ijst/2017/v10i26/116775
Ring, M., Wunderlich, S., Scheuring, D., Landas, D., & Hotho, A. (2019). A survey of network: Based intrusion detection data sets. Computers & Security, 86, 147-167. doi:10.1016/j.cose.2019.06.005
Siaterlis, C., & Masera, M. (2009). A review of available software for the creation of testbeds for internet security research. In Proceedings of the 1st International Conference on Advances in System Simulation. Porto, Portugal. doi:10.1109/SIMUL.2009.33
Subasu, G., Rosu, L., & Baboi, I. (2017). Modeling and simulation architecture for training in cyber defence education. In Proceedings of the 9th International Conference on Electronics, Computers and Artificial Intelligence doi:10.1109/ECAI.2017.8166396
Svilicic, B., Kamahara, J., Matthew, R., & Yoshiji, Y. (2019). Maritime cyber risk management: An experimental ship assessment. Journal of Navigation, 72(5), 1108-1120. doi:10.1017/S0373463318001157
Tam, K., & Jones, K. (2018). Maritime cybersecurity policy: The scope and impact of evolving technology on international shipping. Journal of Cyber Policy, 3(2), 147-164. doi:10.1080/23738871.2018.1513053
Tam, K., & Jones, K. D. (2019a). MaCRA: A mModel-based framework for maritime cyber-risk assessment. Technical Report. WMU Maritime Affairs.
Tam, K., & Jones, K. D. (2019b). Situational awareness: Examining factors that affect cyber-risks in the maritime sector. International Journal on Cyber Situational Awareness, 4(1), 40-68. doi:10.22619/IJCSA.2019.100125
Tam, K., Forshaw, K., & Jones, K. D. (2019). Cyber-SHIP: Developing next generation maritime cyber research capabilities. In Proceedings of the International Conference on Marine Engineering and Technology. Oman. doi:10.24868/icmet.oman.2019.005
Vykopal, J., Oslejsek, R., Celeda, P., Vizvary, M., & Tovarnak, D. (2017). KYPO cyber range: Design and use cases. In Proceedings of the 12th International Conference on Software Technologies. doi:10.5220/0006428203100321
Yamin, M. M., Katt, B., & Gkioulos, V. (2020). Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security, 88, 101636. doi:10.1016/j.cose.2019.101636
How to Cite
Copyright: CC BY-NC-ND 4.0