TY - JOUR
T1 - A novel application of the CORAS framework for ensuring cyber hygiene on shipboard RADAR
AU - Kayisoglu, Gizem
AU - Bolat, Pelin
AU - Tam, Kimberly
N1 - Publisher Copyright:
© 2023 Institute of Marine Engineering, Science & Technology.
PY - 2024
Y1 - 2024
N2 - Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship’s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.
AB - Radio Detection and Ranging (RADAR) equipment is a significant information and navigational system onboard vessels and a critical part of a ship’s cyber space. It is an electronic system used not only for detecting surrounding objects, to indicate their positions, and tracking targets using radio waves, but also providing safe navigation by receiving and displaying data from other navigational devices. Therefore, it is concerning to see that marine RADAR systems have various cyber vulnerabilities, including data deletion and data relocation. These systems can be manipulated and penetrated via malicious software, unauthorised remote access, human error, or sabotage by internal and external attackers. This is critical to the cyber hygiene of the ship, which affects its reliability and safety. This study performs a cyber risk assessment using the CORAS framework for RADAR cyber security by developing case-based RADAR cyber scenarios in terms of both its specific information technology subsystems and the cyber security control measures. The output of this study includes a holistic and visual assessment of RADAR's cyber security for both its cyber vulnerabilities and cyber hygiene to better protect shipboard RADAR in the future.
KW - CORAS risk assessment
KW - RADAR cyber security
KW - Shipboard RADAR
KW - cyber security risk assessment
KW - maritime cyber security
UR - http://www.scopus.com/inward/record.url?scp=85179752066&partnerID=8YFLogxK
U2 - 10.1080/20464177.2023.2292782
DO - 10.1080/20464177.2023.2292782
M3 - Article
AN - SCOPUS:85179752066
SN - 2046-4177
VL - 23
SP - 67
EP - 81
JO - Journal of Marine Engineering and Technology
JF - Journal of Marine Engineering and Technology
IS - 2
ER -