35
1 INTRODUCTION
The vast majority of the world’s goods flow across the
oceans. The shipping industry is, therefore, a major
driver of the global economy. The impact of
temporary breakdowns in shipping routes and supply
chains is illustrated by the recent incident in the Suez
Canal, which was blocked for days by the Ever Given
golden-class container ship. Although not caused by
cyber attacks, a precisely timed execution of an attack
could specifically provoke such incidents.
Threateningly, incidents attributable to cyber crime
are proliferating. Increasingly sophisticated, domain-
specific, and targeted attacks on maritime systems are
being observed [1, 30], making adequate cyber defense
strategies for this sector urgently necessary. In
particular, attacks aimed at misleading ship
navigation not only pose a serious risk from an
economic perspective with massive monetary
consequences due to disrupted maritime value chains,
but can also cause dangerous collisions of vessels and
endanger the environment and human lives. This is
why the International Maritime Organization (IMO)
placed cyber security on its roadmap and required
shipowners to establish cyber risk management by the
beginning of 2021 [17]. An operative implementation
of cyber risk management for shippers is also
supported by industry guidelines [5, 6]. Nevertheless,
studies reflecting the current state-of-the-art in cyber
security technology for the maritime domain conclude
that maritime systems are still highly vulnerable to
cyber attacks [7]. This is confirmed by recent
incidences, cf. [1].
One reason for high cyber risks correlates with the
peculiarities of maritime technology. Maritime
systems have a long life cycle. Although they were
originally designed for local (air-gapped) networks,
they are incrementally interconnected with public
interfaces. It has long been known that maritime
BRAT: A BRidge Attack Tool for Cyber Security
Assessments of Maritime Systems
C. Hemminghaus
1,2
, J. Bauer
1
& E. Padilla
1
1
Fraunhofer Institute for Communication, Wachtberg, Germany
2
University of Bonn, Bonn, Germany
ABSTRACT: Today’s shipping industry is largely digitalized and networked, but by no means immune to cyber
attacks. As recent incidents show, attacks, particularly those targeting on the misleading of navigation, not only
pose a serious risk from an economic perspective when disrupting maritime value chains, but can also cause
collisions and endanger the environment and humans. However, cyber defense has not yet been an integral part
of maritime systems engineering, nor are there any automated tools to systematically assess their security level
as well-established in other domains. In this paper, we therefore present a holistic BRidge Attack Tool (BRAT)
that interactively offers various attack implementations targeting the communication of nautical data in
maritime systems. This provides system engineers with a tool for security assessments of integrated bridge
systems, enabling the identification of potential cyber vulnerabilities during the design phase. Moreover, it
facilitates the development and validation of an effective cyber defense.
http://www.transnav.eu
the International Journal
on Marine Navigation
and Safety of Sea Transportation
Volume 15
Number 1
March 2021
DOI: 10.12716/1001.15.01.02