A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR

Gizem Kayisoglu; Pelin Bolat; Kimberly Tam

doi:10.1080/20464177.2023.2292782

A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR

Gizem Kayisoglu^*, Pelin Bolat, Kimberly Tam

^*Corresponding author for this work

University of Plymouth

Research output: Contribution to journal › Article › peer-review

4 Citations (Scopus)

Abstract

Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship’s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.

Original language	English
Pages (from-to)	67-81
Number of pages	15
Journal	Journal of Marine Engineering and Technology
Volume	23
Issue number	2
DOIs	https://doi.org/10.1080/20464177.2023.2292782
Publication status	Published - 2024

Bibliographical note

Publisher Copyright:
© 2023 Institute of Marine Engineering, Science & Technology.

Funding

This study is funded by the IAMU Young Staff Research Project 2022 as titled of ‘Determining Maritime Cyber Security Dynamics and Development of Maritime Cyber Risk Check List for Ships’ [Research project number: YAS20220301]. The materials and data in this publication have been obtained through the support of the International Association of Maritime Universities (IAMU) and The Nippon Foundation in Japan.

Funders	Funder number
Nippon Foundation in Japan
International Association of Maritime Universities

Keywords

CORAS risk assessment
RADAR cyber security
Shipboard RADAR
cyber security risk assessment
maritime cyber security

Access to Document

10.1080/20464177.2023.2292782

Cite this

@article{1d8aeb41320f4d75903153cc6f25b79e,

title = "A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR",

abstract = "Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship{\textquoteright}s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.",

keywords = "CORAS risk assessment, RADAR cyber security, Shipboard RADAR, cyber security risk assessment, maritime cyber security",

author = "Gizem Kayisoglu and Pelin Bolat and Kimberly Tam",

note = "Publisher Copyright: {\textcopyright} 2023 Institute of Marine Engineering, Science & Technology.",

year = "2024",

doi = "10.1080/20464177.2023.2292782",

language = "English",

volume = "23",

pages = "67--81",

journal = "Journal of Marine Engineering and Technology",

issn = "2046-4177",

publisher = "Taylor and Francis Ltd.",

number = "2",

}

TY - JOUR

T1 - A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR

AU - Kayisoglu, Gizem

AU - Bolat, Pelin

AU - Tam, Kimberly

PY - 2024

Y1 - 2024

N2 - Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship’s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.

AB - Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship’s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.

KW - CORAS risk assessment

KW - RADAR cyber security

KW - Shipboard RADAR

KW - cyber security risk assessment

KW - maritime cyber security

UR - http://www.scopus.com/inward/record.url?scp=85179752066&partnerID=8YFLogxK

U2 - 10.1080/20464177.2023.2292782

DO - 10.1080/20464177.2023.2292782

M3 - Article

AN - SCOPUS:85179752066

SN - 2046-4177

VL - 23

SP - 67

EP - 81

JO - Journal of Marine Engineering and Technology

JF - Journal of Marine Engineering and Technology

IS - 2

ER -

A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR

Abstract

Bibliographical note

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this