The use of cyber ranges in the maritime context: Assessing maritime-cyber risks, raising awareness, and providing training

Authors

  • Kimberly Tam Faculty of Science and Engineering, University of Plymouth, UK
  • Kemedi Moara-Nkwe Faculty of Science and Engineering, University of Plymouth, UK
  • Kevin D Jones Faculty of Science and Engineering, University of Plymouth, UK

DOI:

https://doi.org/10.33175/mtr.2021.241410

Keywords:

Cyber range, Training, Maritime, Risk assessment

Abstract

A good defensive strategy against evolving cyber threats and cybercrimes is to raise awareness and use that awareness to prepare technical mitigation and human defense strategies. A prime way to do this is through training. While there are already many sectors employing this strategy (e.g., space, smart buildings, business IT), the maritime sector has yet to take advantage of the available cyber-range technology to assess cyber risks and create appropriate training to meet those risks. Cyber security training can come in 2 forms; the first is so security professionals can raise their awareness on the latest and most urgent issues and increase defense skill levels, and the second form is directed at non-security professionals (e.g., ship builders, crew) and the general public, who are just as affected by cyber threats, but may not have the necessary security background to deal with the issues. Conducting training programs for both requires dedicated computing infrastructure to simulate and execute effective scenarios for both sets of trainees. To this end, a cyber range (CR) provides an environment for just that. The purpose of this paper is to use studies on the concept of cyber ranges to provide evidence for why the maritime sector should embrace this technology for maritime-cyber training, and envision how they will provide maritime risk assessment and raise awareness to combat tomorrow’s threats.

References

Alves, T., Das, R., Werth, A., & Morris, T. (2018). Virtualization of SCADA testbeds for cybersecurity research: A modular approach. Computers & Security, 77, 531-546. doi:10.1016/j.cose.2018.05.002

Bailey, B. (2019). NASA IV&V's cyber range for space systems. NASA.

BBC. (2020). Ransomware-hit US gas pipeline shut for two days. Retrieved from https://www.bbc.co.uk/news/technology-51564905

Bertram, V. (2020). Technology trends for ships and shipping of tomorrow. Maritime Technology and Research, 2(1), 1-18. doi:10.33175/mtr.2020.190783

Bertram, V., & Plowman, T. (2020). Digital training solutions in the maritime context: Options and costs. Maritime Technology and Research, 2(2), 52-68. doi:10.33175/mtr.2020.190782

Beuran, R., Tang, D., Pham, C., Chinen, K. I., Tan, Y., & Shinoda, Y. (2018). Integrated framework for hands-on cybersecurity training: CyTrONE. Computers & Security, 78, 43-59. doi:10.1016/j.cose.2018.06.001

Brownie, A., Watson , S., & Williams, W. (2018). Development of an architecture for a cyber: Physical emulation test range for network security testing. IEEE Access, 6, 73273-73279. doi:10.1109/ACCESS.2018.2882410

Caliskan, E., Tatar, U., Bahsi, H., Ottis, R., & Vaarandi, R. (2017). Capability detection and evulation metrics of cyber security lab exerciese. In Proceedings of the 12th International Conference on Cyber Warfare and Security, Air Force Institute of Technology, Dayton, Ohio, USA,

Chiou, C. K., Hwang, G. J., & Tseng, J. (2009). An auto-scoring mechanism for evaluating problem-solving ability in a web-based learning environment. Computers & Education, 53(2), 261-272. doi:10.1016/j.compedu.2009.02.006

Chou, T. S., Baker, S., & Vega-Herrera, M. (2016). A comparison of network simulation and emulation virtualization tools. In Proceedings of the ASEE Conference & Exposition, New Orleans.

Cohen, F. (1999). Simulating cyber attacks, defences, and consequences. Computers & Security, 18(6). doi:10.1016/S0167-4048(99)80115-1

Cyber-MAR. (2020). Cyber-MAR: Cyber preparedness actions for a holistic approach and awareness raising in the Maritime logistics supply chain. Retrieved from https://www.cyber-mar.eu

Davis, J., & Magrath, S. (2013). A survey of cyber ranges and testbeds. Technical Report. Defence Science and Technology. Cyber and Electronic Warfare Division, Edinburgh, Australia.

Edgar, T., & Rice, T. (2017). Experiment as a service. In Proceedings of the 2017 IEEE International Symposium on Technologies for Homeland Security. Waltham, MA, USA. doi:10.1109/THS.2017.7943470

Ficco, M., & Palmieri, F. (2019). Leaf: An open-source cybersecurity training platform for realistic edge-IoT scenarios. Journal of Systems Architecture, 97, 107-129. doi:10.1016/j.sysarc.2019.04.004

Furnell, S., Fischer, P., & Finch, A. (2017). Can't get the staff? The growing need for cyber-security skills. Computer Fraud & Security, 2017(2), 5-10. doi.org/10.1016/S1361-3723(17)30013-1

Giuliano, V., & Formicola, V. (2019). ICSrange: A simulation-based cyber range platform for industrial control systems. Retrieved from https://arxiv.org/abs/1909.01910

Haider, W., Hu, J., Slay, J., Turnbull, B., & Xie, Y. (2017). Generating realistic intrusion detection system dataset based on fuzzy qualitative modeling. Journal of Network and Computer Applications, 87, 185-192. doi:10.1016/j.jnca.2017.03.018

Huang, Z., Shen, C. C., Doshi, S., Thomas, N., & Duong, H. (2015). Cognitive task analysis based training for cyber situation awareness. IFIP Advances in Information and Communication Technology, 453, 27-40. doi:10.1007/978-3-319-18500-2_3

Hwang, N., & Bush, K. (2015). Operational exercise integration recommendations for DoD cyber ranges. Technical Report 1187, Lincoln Laboratory, Massachusetts, USA.

ICS. (2018). Review of maritime transport. In Proceedings of the International Chamber of Shipping, United Nations Conference on Trade and Development. Geneva, Switzerland.

IMO. (2013). ISM Code and Guidelines on Implementation of the ISM Code. Retrieved from http://www.imo.org/en/OurWork/HumanElement/SafetyManagement/Pages/ISMCode.aspx

IMO. (2017). International Maritime Organization (IMO-MSC) (2017) Maritime cyber risk management in safety management systems. Retrieved from http://www.imo.org/en/OurWork/Security/Guide_to_Maritime_Security/Documents/Resolution MSC.428(98).pdf

John, S. (1989). Cognitive technology: Some procedures for facilitating learning and problem solving in mathematics and science. Journal of Educational Psychology, 81(4), 457-466. doi:10.1037/0022-0663.81.4.457

Kavallieratos , G., Katsikas, S., & Gkioulos, V. (2019). Towards a cyber-physical range. In Proceedings of the 5th on Cyber-Physical System Security Workshop. Auckland, New Zealand

Langer, R. (2011). Stuxnet: Dissecting a cyberwarfare weapon. IEEE Security & Privacy, 9(3), 49-51. doi:10.1109/MSP.2011.67

Lee, R., Assante, M., & Conway, T. (2016). Analysis of the cyber attack on the Ukrainian power grid. Washington DC: E-ISAC.

Maersk. (2017). A. P. Moller Maersk improves underlying profit and grows revenue in first half of the year. Retrieved from https://edit.maersk.com/en/the-maersk-group/press-room/press-release-archive/2017/8/a-p-moller-maersk-interim-report-q2-2017

Marine Board. (1996). Simulated voyages: Using simulation technology to train and license mariners. Washington DC: National Academic Press. doi.org/10.17226/5065.

NS-3. (2020). Network simulator. Retrieved from https://www.nsnam.org

Park, S., Lee, S., Park, S., & Park, S. (2019). AI-based physical and virtual platform with 5-layered architecture for sustainable smart energy city development. Sustainability, 11(16), 4479. doi:10.3390/su11164479

Pham, C., Tang, D., Chinen, K. I., & Beuran, R. (2016). CyRIS: A cyber range instantiation system for facilitating security training. In Proceedings of the 7th International Symposium on Information and Communication Technology (pp. 251-258). Ho Chi Minh City, Vietnam. doi:10.1145/3011077.3011087

Qassim, Q., Jamil, N., Abidin, Z. I., Rusli, E. M., Yussof, S., Ismail, R., Abdullah, F., Jaafar, N., Hasan, H. C., & Duad, M. (2017). A survey of SCADA testbed implementation. Journal of Science and Technology, 10(26), 1-8. doi:10.17485/ijst/2017/v10i26/116775

Ring, M., Wunderlich, S., Scheuring, D., Landas, D., & Hotho, A. (2019). A survey of network: Based intrusion detection data sets. Computers & Security, 86, 147-167. doi:10.1016/j.cose.2019.06.005

Siaterlis, C., & Masera, M. (2009). A review of available software for the creation of testbeds for internet security research. In Proceedings of the 1st International Conference on Advances in System Simulation. Porto, Portugal. doi:10.1109/SIMUL.2009.33

Subasu, G., Rosu, L., & Baboi, I. (2017). Modeling and simulation architecture for training in cyber defence education. In Proceedings of the 9th International Conference on Electronics, Computers and Artificial Intelligence doi:10.1109/ECAI.2017.8166396

Svilicic, B., Kamahara, J., Matthew, R., & Yoshiji, Y. (2019). Maritime cyber risk management: An experimental ship assessment. Journal of Navigation, 72(5), 1108-1120. doi:10.1017/S0373463318001157

Tam, K., & Jones, K. (2018). Maritime cybersecurity policy: The scope and impact of evolving technology on international shipping. Journal of Cyber Policy, 3(2), 147-164. doi:10.1080/23738871.2018.1513053

Tam, K., & Jones, K. D. (2019a). MaCRA: A mModel-based framework for maritime cyber-risk assessment. Technical Report. WMU Maritime Affairs.

Tam, K., & Jones, K. D. (2019b). Situational awareness: Examining factors that affect cyber-risks in the maritime sector. International Journal on Cyber Situational Awareness, 4(1), 40-68. doi:10.22619/IJCSA.2019.100125

Tam, K., Forshaw, K., & Jones, K. D. (2019). Cyber-SHIP: Developing next generation maritime cyber research capabilities. In Proceedings of the International Conference on Marine Engineering and Technology. Oman. doi:10.24868/icmet.oman.2019.005

Vykopal, J., Oslejsek, R., Celeda, P., Vizvary, M., & Tovarnak, D. (2017). KYPO cyber range: Design and use cases. In Proceedings of the 12th International Conference on Software Technologies. doi:10.5220/0006428203100321

Yamin, M. M., Katt, B., & Gkioulos, V. (2020). Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security, 88, 101636. doi:10.1016/j.cose.2019.101636

Downloads

Published

2021-01-01

How to Cite

Tam, K. ., Moara-Nkwe, K. ., & Jones, K. D. . (2021). The use of cyber ranges in the maritime context: Assessing maritime-cyber risks, raising awareness, and providing training. Maritime Technology and Research, 3(1), 16–30. https://doi.org/10.33175/mtr.2021.241410