000010734 001__ 10734
000010734 005__ 20240627123745.0
000010734 0247_ $$2doi$$a10.24868/10734
000010734 245__ $$aMaritime Cybersecurity
000010734 269__ $$a2022-09-17
000010734 336__ $$aConference Proceedings
000010734 520__ $$aPast decades Cyber Security gets increasingly more attention and impacts end-users, system administrators, system owners, and governments. Frequency in which a Cyber Security incidents/vulnerabilities reaches international media increases. Recently, the Log4J vulnerability kept (and still is keeping) the Cyber Security community in its grip. Despite available Cyber Security approaches to identify and evaluate risks, select security measures, and governance structures to keep in control (e.g. ISO-2700x), high impact incidents still occur. The majority of these Cyber Security frameworks are aimed at an (traditional) Information Technology (IT) environment, like typical business IT infrastructures and business users.
What about the maritime/naval platform infrastructures, where new technologies are interconnected with traditional maritime/naval (OT) infrastructures? These mixed infrastructures with (legacy) OT technology and new (IT) technology will be susceptible to (technological savvy) Cyber Security incidents. Threat actors like criminal organizations, and even state (sponsored) actors are increasingly interested in OT and maritime platforms. However, due to the specific OT characteristics, operational use of these maritime/naval platform, and the safety driven regulations, traditional approach are not usable. Specific regulations and standards arise (e.g. IMO, DNV and IEC-62443). However, operational use of the maritime/naval platform still rises challenges in selecting and implementing security measures, and secondly the governance of Cyber Security across the entire lifecycle (from cradle to grave) rises challenges.
This paper describes the approach that is followed by RH Marine to integrate and implement Cyber Security successfully within maritime/naval infrastructures and applications. Firstly, the paper explains the fundamental difference between IT and OT by means of the Confidentiality, Integrity, and Availability (CIA)-triad. The approach followed to balance Safety and Security is described. Furthermore, there is a plethora of standards and regulations enumerating security measures where applicable standards, regulations, and customer requirements will vary across different maritime/naval platforms.
The paper describes how these difference standards, regulations, and customer requirements can be supported with a Cyber Security architecture which defines security services supporting multiple security measures/standards. Based on the TOGAF-architecture approach the Cyber Security architecture consists of Architectural Building Blocks (ABB), supporting different standards and still is extensible to support new developments. Interrelations between e.g. network infrastructure, remote access, and big data are identified within the architecture. This approach, and the resulting Cyber Security architecture, enabled RH Marine lay down a strong fundament which is applied in current projects to thrive Cyber assurance to the next level. The paper presents the first results of applying the Cyber Security architecture within the definition, implementation, and evaluation of maritime/naval platforms.
000010734 542__ $$fCC-BY-NC-ND
000010734 6531_ $$aCybersecurity
000010734 6531_ $$aArchitecture
000010734 6531_ $$aIntegration
000010734 6531_ $$aMaritime Systems
000010734 6531_ $$aRegulation
000010734 6531_ $$aStandardization
000010734 7001_ $$aVerkoelen, C$$uRH Marine
000010734 773__ $$tConference Proceedings of iSCSS
000010734 773__ $$jiSCSS 2022
000010734 85641 $$uhttps://www.imarest.org/events/category/categories/imarest-event/international-ship-control-systems-symposium-2022$$yConference website
000010734 8564_ $$957ec11a2-ba0a-4082-b752-83c06c5de846$$s1309493$$uhttps://library.imarest.org/record/10734/files/10734.pdf
000010734 980__ $$aConference Proceedings