ISSN 2083-6473
ISSN 2083-6481 (electronic version)




Associate Editor
Prof. Tomasz Neumann

Published by
TransNav, Faculty of Navigation
Gdynia Maritime University
3, John Paul II Avenue
81-345 Gdynia, POLAND
www http://www.transnav.eu
e-mail transnav@umg.edu.pl
BRAT: A BRidge Attack Tool for Cyber Security Assessments of Maritime Systems
ABSTRACT: Today’s shipping industry is largely digitalized and networked, but by no means immune to cyber attacks. As recent incidents show, attacks, particularly those targeting on the misleading of navigation, not only pose a serious risk from an economic perspective when disrupting maritime value chains, but can also cause collisions and endanger the environment and humans. However, cyber defense has not yet been an integral part of maritime systems engineering, nor are there any automated tools to systematically assess their security level as well-established in other domains. In this paper, we therefore present a holistic BRidge Attack Tool (BRAT) that interactively offers various attack implementations targeting the communication of nautical data in maritime systems. This provides system engineers with a tool for security assessments of integrated bridge systems, enabling the identification of potential cyber vulnerabilities during the design phase. Moreover, it facilitates the development and validation of an effective cyber defense.
Awan, M.S., Al Ghamdi, M.A.: Understanding the Vulnerabilities in Digital Components of an Integrated Bridge System (IBS). Journal of Marine Science and Engineering. 7, 10, (2019). - doi:10.3390/jmse7100350
Aziz, A., Tedeschi, P., Sciancalepore, S., Pietro, R.D.: SecureAIS - Securing Pairwise Vessels Communications. In: 2020 IEEE Conference on Communications and Network Security (CNS). pp. 1–9 (2020). - doi:10.1109/CNS48642.2020.9162320
Balduzzi, M., Pasta, A., Wilhoit, K.: A Security Evaluation of AIS Automated Identification System. In: Proceedings of the 30th Annual Computer Security Applications Conference. pp. 436–445 Association for Computing Machinery, New York, NY, USA (2014). - doi:10.1145/2664243.2664257
Bhatti, J., Humphreys, T.E.: Hostile Control of Ships via False GPS Signals: Demonstration and Detection. Navigation. 64, 1, 51–66 (2017). - doi:10.1002/navi.183
Bimco: The Guidelines on Cyber Security Onboard Ships, https://www.bimco.org/about-us-and-our-members/publications/the-guidelines-on-cyber-security-onboard-ships, last accessed 2021/04/19.
BSI: IT-Grundschutz Profile for Shipping Companies - Minimum Protection for Ship Operations, https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/profiles/Profile_for_Shipping_Companies_Minimum_Protection_for_Ship_Operations.pdf, last accessed 2021/04/19.
ENISA: Cyber security aspects in the maritime sector, https://www.enisa.europa.eu/publications/cyber-security-aspects-in-the-maritime-sector-1, last accessed 2021/04/19.
Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Chapter One - Security Testing: A Survey. In: Memon, A. (ed.) Advances in Computers. pp. 1–51 Elsevier (2016). - doi:10.1016/bs.adcom.2015.11.003
Hassani, V., Crasta, N., Pascoal, A.M.: Cyber Security Issues in Navigation Systems of Marine Vessels From a Control Perspective. In: OMAE2017. , Volume 7B: Ocean Engineering (2017). - doi:10.1115/OMAE2017-61771
Heering, D., Maennel, O.M., Venables, O.M.: Shortcomings in cybersecurity education for seafarers. Presented at the 5th International Conference on Maritime Technology and Engineering , Lisbon, Portugal (2020).
Hemminghaus, C., Bauer, J., Wolsing, K.: SIGMAR: Ensuring Integrity and Authenticity of Maritime Systems using Digital Signatures. Presented at the ISNCC-TSP (2021).
Huang, T., Zhou, J., Bytes, A.: ATG: An Attack Traffic Generation Tool for Security Testing of In-Vehicle CAN Bus. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. Association for Computing Machinery, New York, NY, USA (2018). - doi:10.1145/3230833.3230843
IEC 61162-450:2018: Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 450: Multiple talkers and multiple listeners – Ethernet interconnection. (2018).
IEC 61162-460:2018: Maritime navigation and radiocommunication equipment and systems – Digital interfaces – Part 460: Multiple talkers and multiple listeners – Ethernet interconnection – Safety and Security. (2018).
International Maritime Organization: Guidelines on Maritime Cyber Risk Management MSC-FAL.1/Circ.3., https://www.imo.org/en/OurWork/Security/Pages/Cyber-security.aspx, last accessed 2021/04/19.
Lund, M.S., Gulland, J.E., Hareide, O.S., Jøsok, ∅., Weum, K.O.C.: Integrity of Integrated Navigation Systems. In: 2018 IEEE Conference on Communications and Network Security (CNS). pp. 1–5 (2018). - doi:10.1109/CNS.2018.8433151
Lund, M.S., Hareide, O.S., Jøsok, Ø.: An Attack on an Integrated Navigation System. Necesse. 3, 2, 149–163 (2018). - doi:10.21339/2464-353x.3.2.149
Michalas, A., Murray, R.: Keep Pies Away from Kids: A Raspberry Pi Attacking Tool. In: Proceedings of the 2017 Workshop on Internet of Things Security and Privacy. pp. 61–62 Association for Computing Machinery, New York, NY, USA (2017). - doi:10.1145/3139937.3139953
Pavur, J., Moser, D., Strohmeier, M., Lenders, V., Martinovic, I.: A Tale of Sea and Sky On the Security of Maritime VSAT Communications. In: 2020 IEEE Symposium on Security and Privacy (SP). pp. 1384–1400 (2020). - doi:10.1109/SP40000.2020.00056
Pfrang, S., Borcherding, A., Meier, D., Beyerer, J.: Automated security testing for web applications on industrial automation and control systems. Automatisierungstechnik. 67, 5, 383–401 (2019). - doi:10.1515/auto-2019-0021
Psiaki, M.L., Humphreys, T.E., Stauffer, B.: Attackers can spoof navigation signals without our knowledge. Here’s how to fight back GPS lies. IEEE Spectrum. 53, 8, 26–53 (2016). - doi:10.1109/MSPEC.2016.7524168
Santamarta, R.: White paper: Last Call for SATCOM Security, https://ioactive.com/wp-content/uploads/2018/08/us-18-Santamarta-Last-Call-For-Satcom-Security-wp.pdf, last accessed 2021/04/19.
Stripydog: NMEA-0183 over- IP: The unwritten rules for programmers, https://stripydog.blogspot.com/2015/03/nmea-0183-over-ip-unwritten-rules-for.html.
Svilicic, B., Kristić, M., Žuškin, S., Brčić, D.: Paperless ship navigation: cyber security weaknesses. Journal of Transportation Security. 13, 3, 203–214 (2020). - doi:10.1007/s12198-020-00222-2
Svilicic, B., Rudan, I., Frančić, V., Mohović, D.: Towards a Cyber Secure Shipboard Radar. Journal of Navigation. 73, 3, 547–558 (2020). - doi:10.1017/S0373463319000808
Svilicic, B., Rudan, I., Jugović, A., Zec, D.: A Study on Cyber Security Threats in a Shipboard Integrated Navigational System. Journal of Marine Science and Engineering. 7, 10, (2019). - doi:10.3390/jmse7100364
Tam, K., Jones, K.: MaCRA: a model-based framework for maritime cyber-risk assessment. WMU Journal of Maritime Affairs. 18, 1, 129–163 (2019). - doi:10.1007/s13437-019-00162-2
Citation note:
Hemminghaus C., Bauer J., Padilla E.: BRAT: A BRidge Attack Tool for Cyber Security Assessments of Maritime Systems. TransNav, the International Journal on Marine Navigation and Safety of Sea Transportation, Vol. 15, No. 1, doi:10.12716/1001.15.01.02, pp. 35-44, 2021

File downloaded 240 times

Important: TransNav.eu cookie usage
The TransNav.eu website uses certain cookies. A cookie is a text-only string of information that the TransNav.EU website transfers to the cookie file of the browser on your computer. Cookies allow the TransNav.eu website to perform properly and remember your browsing history. Cookies also help a website to arrange content to match your preferred interests more quickly. Cookies alone cannot be used to identify you.
Akceptuję pliki cookies z tej strony