BridgeInsight: An asset profiler for penetration testing in a heterogeneous maritime bridge environment

Authors

  • Avanthika Vineetha Harish University of Plymouth, Drake Circus, Plymouth, United Kingdom
  • Kimberly Tam University of Plymouth, Drake Circus, Plymouth, United Kingdom
  • Kevin Jones University of Plymouth, Drake Circus, Plymouth, United Kingdom

DOI:

https://doi.org/10.33175/mtr.2024.266818

Keywords:

Maritime cyber security, Machine learning, Asset profiler, Automated audits, Pentesting

Abstract

A maritime bridge environment is a heterogeneous ecosystem of complex systems for various operations. As part of new requirements set by the International Association of Classification Societies, ship operators must now maintain an asset inventory aboard vessels specifically to improve their cyber security. This paper discusses the development of a ship-specific asset profiler that will not only identify and record the devices present automatically but also provide an in-depth analysis of their properties and characteristics in an intelligent and user-friendly manner. As cyberattacks increase in the maritime industry, proper testing of ship systems is essential, to ensure vessels remain secure and the risk of a cyberattack is minimized. An asset profiler for the bridge environment would serve as a tool for profiling the devices, helping personnel make faster and well-informed decisions, and could be a component of a wider audit framework. This paper presents a ship bridge profiler (i.e., BridgeInsight) used to identify all devices on the bridge of a vessel automatically and which provides information on them using a generated PDF report that consists of graphs and charts. To do this, it uses the Random Forest classifier algorithm, and the information it provides will enable the auditor or pen tester to perform manual testing or automate audits, while also providing comprehensive information that engineers and mariners can use to comply with regulations.

Highlights

  • As part of new requirements set by the International Association of Classification Societies, ship operators must now maintain asset inventory aboard vessels specifically to improve their cyber security.
  • This paper presents a ship bridge profiler (i.e., BridgeInsight) used to identify all devices on the bridge of a vessel automatically.
  • We envision automated asset detection and classification to have even more benefit in future cyber security work, as penetration testing.

References

Acord, J. (2017). Situational awareness and ICS Using GRASS MARLIN: Infosec. Retrieved from https://resources.infosecinstitute.com/topics/scada-ics-security/situational-awareness-ics-using-grass-marlin

Alharbi, M. (2010). Writing a penetration testing report. Retrieved from https://sansorg.egnyte.com/dl/yNfjHOQix8

Altexsoft. (2021). Preparing your dataset for machine learning: 10 steps - AltexSoft. Retrieved from https://www.altexsoft.com/blog/datascience/preparing-your-dataset-for-machine-learning-8-basic-techniques-that-make-your-data-better

Ammar, N., Noirie, L., & Tixeuil, S. (2019). Network-protocol-based IoT device identification (pp. 204-209). In Proceedings of the 4th International Conference on Fog and Mobile Edge Computing, Rome, Italy. https://doi.org/10.1109/FMEC.2019.8795318

Amro, A. (2021). Cyber-physical tracking of IoT devices: A maritime use case. Norwegian ICT conference for research and education. Retrieved from https://ojs.bibsys.no/index.php/NIK/article/view/961

Auvik. (2022). What is an ARP Ttable? Address Resolution Protocol 101-Auvik. Retrieved from https://www.auvik.com/franklyit/blog/what-is-an-arp-table

Auvik. (2023). Network mapping software: Auvik Networks. Retrieved from https://www.auvik.com/features/network-navigation

Bagur, J. (2023). GPS NMEA 0183 Messaging Protocol 101: Arduino Documentation. Retrieved from https://docs.arduino.cc/learn/communication/gps-nmea-data-101

Bolbot, V., Kulkarni, K., Brunou, P., Banda, O. V., & Musharraf, M. (2022). Developments and research directions in maritime cybersecurity: A systematic literature review and bibliometric analysis. International Journal of Critical Infrastructure Protection, 39, 100571. https://doi.org/10.1016/j.ijcip.2022.100571

Bothur, D., Zheng, G., & Valli, C. (2017). A critical analysis of security vulnerabilities and countermeasures in a smart ship system (pp. 81-87). In Proceedings of the 15th Australian Information Security Management Conference. Perth, Western Australia.

Censys. (2023). Exposure management and threat hunting solutions: Censys. Retrieved from https://censys.io

CVE Mitre. (2020). CVE-2020-12117. Retrieved from https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12117

FutureIoT. (2020). Surge in obsolete network devices pose cybersecurity risk: FutureIoT. Retrieved from https://futureiot.tech/surge-in-obsolete-network-devices-pose-cybersecurity-risk

Gehlenborg, N., & Wong, B. (2012). Heatmaps. Nat Methods, 9, 213. https://doi.org/10.1038/nmeth.1902

Hamad, S. A., Zhang, W. E., Sheng, Q. Z., & Nepal, S. (2019). IoT device identification via network-flow based fingerprinting and learning (pp. 103-111). In Proceedings of the Proceedings 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications and 13th IEEE International Conference on Big Data Science and Engineering. Rotorua, New Zealand. https://doi.org/10.1109/TrustCom/BigDataSE.2019.00023

IACS. (2022a). E26 - Cyber Resilience of Ships. London: International Association of Classification Societies. Retrieved from https://iacs.org.uk/download/14104

IACS. (2022b). E27 - Cyber Resilience of On-board Systems and Equipment. London: International Association of Classification Societies. Retrieved from https://iacs.org.uk/download/14105

IACS. (2022c). Unified Requirements. Retrieved from https://iacs.org.uk/publications/unified-requirements

IASME. (2021a). IASME launches cyber security scheme for the maritime industry. Retrieved from https://iasme.co.uk/cyber-blog/iasme-launches-cyber-security-scheme-for-the-maritime-industry

IASME. (2021b). Maritime Cyber Baseline Self-Assessment Questions. Retrieved from https://iasme.co.uk/wp-content/uploads/2022/11/Maritime-Question-Booklet_V1.1.pdf

Jeon, D. K., & Lee, Y. (2014). A ship area network with WiMedia wireless gateway applying a cooperative transmission. Contemporary Engineering Sciences, 7(23), 1235-1243. http://dx.doi.org/10.12988/ces.2014.49153

Keary, T. (2022). PCAP: Packet Capture, what it is what you need to know. Retrieved from https://www.comparitech.com/net-admin/pcap-guide

Kretschmann, L., Zacharias, M., Klover, S., & Hensel, T. (2022). Machine Learning in Maritime Logistics. Retrieved from https://shipzero.com/wp-content/uploads/2022/12/10015_compressed.pdf

Liu, Y., Wang, J., Li, J., Niu, S., & Song, H. (2022). Machine learning for the detection and identification of internet of things devices: A survey. IEEE Internet of Things Journal, 9(1), 298-320. https://doi.org/10.1109/JIOT.2021.3099028

Loomis, W., Singh, V., Kessler, G. C., & Bellekens, X. (2021). Raising the colors: Signaling for cooperation on maritime cybersecurity. Retrieved from https://www.atlanticcouncil.org/wp-content/uploads/2021/10/Raising-the-colors-Signaling-for-cooperation-on-maritime-cybersecurity.pdf

Moxa. (2023). Which are the most common TCP and UDP ports used by serial-to-Ethernet device servers? Retrieved from https://www.moxa.com/en/support/product-support/product-faq/most-common-tcp-udp-ports-used-by-serial-to-ethernet-device-servers

Nagesh Singh Chauhan. (2020). Decision Tree Algorithm, Explained: KDnuggets. Retrieved from https://www.kdnuggets.com/2020/01/decision-tree-algorithm-explained.html

Networkx. (2023). NetworkX documentation. Retrieved from https://networkx.org

NIST. (2022). National Vulnerability Database (NVD). Retrieved from https://www.nist.gov/programs-projects/national-vulnerability-database-nvd

Nmap. (2023a). Chapter 4. Port Scanning Overview: Nmap Network Scanning. Retrieved from https://nmap.org/book/port-scanning.html#most-popular-ports

Nmap. (2023b). Nmap: The Network Mapper - Free Security Scanner. Retrieved from https://nmap.org

NSA. (2017). GRASSMARLIN user guide. Retrieved from https://github.com/iadgov/GRASSMARLIN/blob/master/GRASSMARLINUserGuide.pdf

Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., Grisel, O., Blondel, M., Müller, A., Nothman, J., Louppe, G., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M., & Duchesnay, É. (2011). Scikit-learn: Machine Learning in Python. Journal of Machine Learning Research, 12, 2825-2830.

Rapid7. (2023). Metasploit Framework: Metasploit Documentation. Retrieved from https://docs.rapid7.com/metasploit/msf-overview

Shodan. (2023). Shodan Search Engine. Retrieved from https://www.shodan.io

Sivanathan, A., Gharakheili, H. H., & Sivaraman, V. (2018). Can we classify an IoT device using TCP port scan? In Proceedings of the IEEE 9th International Conference on Information and Automation for Sustainability. Colombo, Sri Lanka. https://doi.org/10.1109/ICIAFS.2018.8913346

Sivanathan, A., Sherratt, D., Gharakheili, H. H., Radford, A., Wijenayake, C., Vishwanath, A., & Sivaraman, V. (2017). Characterizing and classifying IoT traffic in smart cities and campuses (pp. 559-564). In Proceedings of the 2017 IEEE Conference on Computer Communications Workshops. Atlanta, USA. https://doi.org/10.1109/INFCOMW.2017.8116438

SolarWinds. (2023). Network Topology Mapper - Network Mapping Software. Retrieved from https://www.solarwinds.com/network-topology-mapper

Tam, K., & Jones, K. (2019). MaCRA: A model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs, 18(1), 129-163. http://dx.doi.org/10.1007/s13437-019-00162-2

Tam, K., Forshaw, K., & Jones, K. (2019). Cyber-SHIP: Developing next generation maritime cyber research capabilities. In Proceedings of the International Conference on Marine Engineering and Technology Oman 2019. Muscat, Oman. https://doi.org/10.24868/icmet.oman.2019.005

US Coast Guard. (2021). Cyber Strategic Outlook AUG 2021. Retrieved from https://www.uscg.mil/Portals/0/Images/cyber/2021-Cyber-Strategic-Outlook.pdf

Vineetha, H. A., Tam, K., & Jones, K. (2022). Investigating the security and accessibility of voyage data recorder data using a USB attack (pp. 74-80). In Proceedings of the 7th International Conference on Cyber-Technologies and Cyber-Systems. Valencia, Spain.

Downloads

Published

2023-09-21

Issue

Vol. 6 No. 1 (2024): January - March

Section

Article

Categories

License

Copyright (c) 2023 Maritime Technology and Research

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Copyright: CC BY-NC-ND 4.0