An In-Depth Security Assessment of Maritime Container Terminal Software Systems

06/22/2020
by   Joseph O. Eichenhofer, et al.
0

Attacks on software systems occur world-wide on a daily basis targeting individuals, corporations, and governments alike. The systems that facilitate maritime shipping are at risk of serious disruptions, and these disruptions can stem from vulnerabilities in the software and processes used in these systems. These vulnerabilities leave such systems open to cyber-attack. Assessments of the security of maritime shipping systems have focused on identifying risks but have not taken the critical (and expensive) next step of actually identifying vulnerabilities present in these systems. While such risk assessments are important, they have not provided the detailed identification of security issues in the systems that control these ports and their terminals. In response, we formed a key collaboration between an experienced academic cybersecurity team and a well-known commercial software provider that manages maritime shipping. We performed an analysis of the information flow involved in the maritime shipping process, and then executed an in-depth vulnerability assessment of the software that manages freight systems. In this paper, we show the flow of information involved in the freight shipping process and explain how we performed the in-depth assessment, summarizing our findings. Like every large software system, maritime shipping systems have vulnerabilities.

READ FULL TEXT

page 1

page 2

page 5

page 10

page 13

page 14

page 16

page 18

research
07/24/2022

Towards an Improved Understanding of Software Vulnerability Assessment Using Data-Driven Approaches

The thesis advances the field of software security by providing knowledg...
research
01/25/2021

Cyber-Physical Energy Systems Security: Threat Modeling, Risk Assessment, Resources, Metrics, and Case Studies

Cyber-physical systems (CPS) are interconnected architectures that emplo...
research
06/07/2023

Development of a Multi-purpose Fuzzer to Perform Assessment as Input to a Cybersecurity Risk Assessment and Analysis System

Fuzzing is utilized for testing software and systems for cybersecurity r...
research
12/28/2021

State Compression and Quantitative Assessment Model for Assessing Security Risks in the Oil and Gas Transmission Systems

The SCADA system is the foundation of the large-scale industrial control...
research
09/11/2022

Systems-theoretic Hazard Analysis of Digital Human-System Interface Relevant to Reactor Trip

Human-system interface is one of the key advanced design features applie...
research
06/14/2022

Snakes and Ladder Logic: PLC-VBS, a PLC Control Logic Vulnerability Discovery Tool

Cyber security risk assessments provide a pivotal starting point towards...
research
06/26/2019

Security Rating Metrics for Distributed Wireless Systems

The paper examines quantitative assessment of wireless distribution syst...

Please sign up or login with your details

Forgot password? Click here to reset